This commit was generated by cvs2svn to compensate for changes in r51415,

which included commits to RCS files with non-trunk default branches.

481 files changed, 67276 insertions, 12270 deletions

diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT
index 1ec6394..9a327a8 100644
--- a/crypto/kerberosIV/COPYRIGHT
+++ b/crypto/kerberosIV/COPYRIGHT
@@ -1,4 +1,4 @@
-Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan 
+Copyright (c) 1995-1999 Kungliga Tekniska Högskolan 
 (Royal Institute of Technology, Stockholm, Sweden).
 All rights reserved.
 
diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog
index 1467488..64ca7ac 100644
--- a/crypto/kerberosIV/ChangeLog
+++ b/crypto/kerberosIV/ChangeLog
@@ -1,3 +1,1495 @@
+1999-08-22
+
+	* release 0.10
+
+	* configure.in (VERSION): bump to 0.10
+
+1999-08-19
+
+	* release 0.10pre5
+
+	* configure.in (VERSION): bump to 0.10pre5
+
+1999-08-18
+
+	* release 0.10pre4
+
+	* configure.in (VERSION): bump to 0.10pre4
+
+1999-08-16
+
+	* release 0.10pre3
+
+	* configure.in (VERSION): bump to 0.10pre3
+
+1999-07-22
+
+	* release 0.10pre2
+
+	* configure.in (VERSION): bump to 0.10pre2
+
+
+	* acconfig.h (SunOS): remove definition
+
+	* configure.in: define SunOS to xy for SunOS x.y
+
+1999-07-08
+
+	* Release 0.10pre1.
+
+	* configure.in (VERSION): bump to 0.10pre1
+
+1999-07-07
+
+	* kadmin/admin_server.c (main): call krb_get_lrealm correctly
+
+	* appl/bsd/rlogind.c (lowtmp): fill in ut_id
+
+1999-07-06
+
+	* include/bits.c: move around __attribute__ to make it work with
+ 	old gcc
+
+	* appl/bsd/rcp.c (rsource): remove trailing slashes which
+ 	otherwise makes us fail
+
+1999-07-04
+
+	* appl/afsutil/aklog.c (epxand_cell_name): terminate on #
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_cli_send): free the right memory
+ 	(none) when kadm_cli_out fails.  based on a patch by Buck Huppmann
+ 	<Charles-Huppmann@UIowa.edu>
+
+1999-06-24
+
+	* configure.in: check for sgi capability stuff
+
+	* appl/bsd/login.c: add some kind of sgi capability capability
+
+1999-06-23
+
+	* acconfig.h (HAVE_KRB_DISABLE_DEBUG): always define.  this makes
+ 	the telnet code easier when building heimdal with an older krb4
+
+	* lib/krb/kuserok.c (krb_kuserok): add support for multiple local
+ 	realms and de-support entries without realm in ~/.klogin
+
+1999-06-19
+
+	* lib/krb/send_to_kdc.c: and a new variable `timeout' in krb.extra
+ 	instead of always having a timeout of four seconds.  based on a
+ 	patch by Mattias Amnefelt <mattiasa@stacken.kth.se>
+
+1999-06-17
+
+	* appl/bsd/rshd.c: use DES_RW_MAXWRITE instead of BUFSIZ (for
+ 	consistency)
+
+	* appl/bsd/rsh.c: use DES_RW_MAXWRITE instead of BUFSIZ.
+  	Otherwise, des_enc_read might be buffering data to us and it can
+ 	get returned on a des_enc_read to another fd that the original one
+ 	:-(
+
+	* appl/bsd/bsd_locl.h: DES_RW_{MAXWRITE,BSIZE}
+
+	* appl/bsd/encrypt.c: move MAXWRITE and BSIZE to bsd_locl.h and
+ 	rename them to DES_RW_\1
+
+1999-06-16
+
+	* kuser/kdestroy.c: make unlog and tickets function correctly
+
+	* configure.in: correct variables used for socks includes and libs
+
+
+	* lib/krb/{debug_decl.c,krb-protos.h}: add krb_disable_debug
+
+1999-06-15
+
+	* kuser/klist.c (display_tokens): type correctness
+
+	* lib/krb/send_to_kdc.c (url_parse): always return the port in
+ 	network byte order (and be more careful when parsing the port
+ 	number)
+
+	* lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and
+ 	HTTP/1.1 in reply
+
+Wed Jun 2 1999
+
+	* kadmin/kadmin.c: use print_version; (mod_entry): add command
+	line options
+	
+1999-05-21
+
+	* appl/bsd/login.c: limit more stuff for crays; fix call to
+	login_access
+
+1999-05-19
+
+	* man/Makefile.in (install, uninstall): handle relative paths (fix
+ 	editline)
+
+1999-05-18
+
+	* appl/bsd/bsd_locl.h: update prototype for login_access; declare
+	`struct aud_rec' to keep AIX xlc happy
+
+1999-05-14
+
+	* appl/bsd/login_access.c: merge in more recent code
+
+	* configure.in (CHECK_NETINET_IP_AND_TCP): use
+
+1999-05-10
+
+	* lib/krb/get_host.c (parse_address): remove trailing slash
+	
+	* lib/krb/send_to_kdc.c (prog): nuke
+	(send_to_kdc): restructure.  make sure we have used all of the
+	addresses from gethostbyname before calling send_recv
+	(send_recv): removed unused parameters
+	(url_parse): remove trailing slash
+	(http_recv): make sure the http transaction was succesful
+
+1999-05-08
+
+	* configure.in: use the correct include files for the utmp tests
+
+	* appl/movemail/pop.c: rename getline -> pop_getline removed
+ 	duplicate prototypes
+
+	* configure.in: db.h: test for
+	(getmsg): check for existence before checking if it works (otherwise
+	it fails with glibc2.1 that implements an always failing getmsg)
+
+	* acconfig.h (_GNU_SOURCE): define this to enable (used)
+ 	extensions on glibc-based systems such as linux
+
+	* configure.in: test for strndup
+
+1999-04-21
+
+	* configure.in: replace AC_TEST_PACKAGE with AC_TEST_PACKAGE_NEW
+ 	fix test for readline.h add test for four argument el_init
+ 	remember to link with $LIB_tgetent when trying linking with
+ 	readline
+
+1999-04-16
+
+	* configure.in: check for prototype of strsep
+
+Sat Apr 10 1999
+
+	* configure.in: fix readline logic
+
+Fri Apr 9 1999
+
+	* man/Makefile.in: add editline and push.  make install rules
+ 	handle paths
+
+Wed Apr 7 1999
+
+	* appl/movemail/Makefile.in: fix names of hesiod variables
+
+	* configure.in: fix readline flags
+
+Mon Mar 29 1999
+
+	* appl/bsd/utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* appl/bsd/utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* appl/bsd/rlogind.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+	* configure.in: include <sys/types.h> in test for ut_*; use
+ 	AC_CHECK_XAU
+
+	* configure.in: utmp{,x} -> struct utmp{,x}
+
+Sat Mar 27 1999
+
+	* configure.in: AC_CHECK_OSFC2
+
+Fri Mar 19 1999
+
+	* configure.in: use AC_SHARED_LIBS
+
+	* configure.in: remove AIX install hack (fixed in autoconf 2.13)
+
+
+	* server/kerberos.c: fix some printf format strings
+
+Wed Mar 17 1999
+
+	* lib/krb/krb.h (KRB_VERIFY_NOT_SECURE): add for completeness
+
+	* lib/auth/sia/sia.c (common_auth): use KRB_VERIFY_SECURE instead
+ 	of 1
+
+	* lib/auth/pam/pam.c (doit): use KRB_VERIFY_SECURE instead of 1
+
+	* lib/auth/afskauthlib/verify.c (afs_verify): use
+ 	KRB_VERIFY_SECURE instead of 1
+
+Tue Mar 16 1999
+
+	* lib/krb/verify_user.c (krb_verify_user): handle multiple local
+ 	realms
+	(krb_verify_user_multiple): remove
+
+	* lib/krb/krb-protos.h (krb_verify_user_multiple): remove
+
+	* lib/auth/pam/pam.c: krb_verify_user_multiple -> krb_verify_user
+
+	* lib/auth/sia/sia.c: krb_verify_user_multiple -> krb_verify_user
+
+	* lib/auth/afskauthlib/verify.c: krb_verify_user_multiple ->
+ 	krb_verify_user
+
+
+	* lib/krb/getaddrs.c: SOCKADDR_HAS_SA_LEN ->
+ 	HAVE_STRUCT_SOCKADDR_SA_LEN
+
+Sat Mar 13 1999
+
+	* lib/kadm/check_password.c (kadm_check_pw): cast when calling is*
+ 	to get rid of a warning
+
+	* lib/acl/acl_files.c (nuke_whitespace): cast when calling is* to
+ 	get rid of a warning
+
+	* kadmin/ksrvutil.c (usage): update. improve error messages
+	
+	* appl/bsd/sysv_default.c (trim): cast when calling is* to get rid
+ 	of a warning
+
+	* appl/bsd/rshd.c (doit): more parenthesis to make gcc happy
+
+	* appl/bsd/rsh.c: add `-p'
+
+	* appl/bsd/rlogin.c (main): more paranoid parsing of `-p'
+
+	* appl/bsd/rcp.c (sink): cast when calling is* to get rid of a
+ 	warning
+
+	* appl/bsd/login_access.c (login_access): cast when calling
+ 	isspace to get rid of a warning
+
+	* include/bits.c (my_strupr): rename to strupr and ifdef
+	(try_signed, try_unsigned): add __attribute__ junk to get rid of two
+	warnings
+
+	* appl/bsd/Makefile.in (SOURCES): add osfc2.c
+
+	* admin/kdb_util.c (update_ok_file): add fallback utimes (some
+ 	systems seem to fail updating the timestamp with open(), close())
+
+	* server/kerberos.c (main): more paranoid parsing of `-a' and `-p'
+
+Thu Mar 11 1999
+
+	* configure.in: AC_BROKEN innetgr
+
+	* lib/krb/send_to_kdc.c: fix types in format string
+
+	* lib/krb/get_host.c: add some if-braces to keep gcc happy
+
+	* lib/kadm/kadm_supp.c: fix types in format string
+
+	* lib/auth/sia/Makefile.in: WFLAGS
+
+	* include/bits.c: fix types in format string
+
+	* appl/bsd/su.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/rlogind.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/rlogin.c: add some if-braces to keep gcc happy
+
+	* appl/bsd/login.c: add some if-braces to keep gcc happy
+
+	* appl/afsutil/pagsh.c: fix types in format string
+
+Wed Mar 10 1999
+
+	* server/kerberos.c: remove unused k_instance
+
+	* lib/krb/krb-protos.h (read_service_key): add some consts to
+ 	prototype
+
+	* lib/krb/read_service_key.c (read_service_key): add some consts
+ 	to prototype
+
+	* appl/sample/sample_server.c: openlog -> roken_openlog
+
+	* appl/kip/kipd.c: openlog -> roken_openlog
+
+	* configure.in: use AC_WFLAGS
+
+Mon Mar 1 1999
+
+	* acinclude.m4: add
+
+	* configure.in: typo
+
+	* Makefile.in: use aclocal
+
+	* Makefile.export: use aclocal
+
+	* configure.in: update to autoconf 2.13
+
+	* aclocal.m4.in: have-struct-field.m4, check-type-extra.m4
+
+	* acconfig.h: update to autoconf 2.13
+
+	* lib/auth/sia/sia.c: SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID
+
+Tue Feb 23 1999
+
+	* configure.in: don't include afsl.exp in libkafs.a if building
+ 	with dynamic afs support (breaks egcs 1.1.1)
+
+	* configure.in: don't build rxkad if not building afs-support
+
+Mon Feb 22 1999
+
+	* include/Makefile.in: clean up handling of missing system headers
+
+	* configure.in: clean up handling of missing system headers
+
+	* aclocal.m4.in: broken-snprintf.m4 broken-glob.m4
+
+	* acconfig.h: NEED_{SNPRINTF,GLOB}_PROTO
+
+Mon Feb 15 1999
+
+	* configure.in (gethostname, mkstemp): test for prototype
+
+	* configure.in: homogenize broken detection with heimdal
+
+Thu Feb 11 1999
+
+	* lib/krb/verify_user.c: If secure == KRB_VERIFY_SECURE_FAIL,
+ 	return ok if there isn't any service key (or if it can't be read).
+
+	* lib/krb/krb.h: KRB_VERIFY_SECURE, KRB_VERIFY_SECURE_FAIL
+
+Wed Jan 13 1999
+
+	* kadmin/kadmin.c (add_new_key): enable the `-p password' option
+ 	and add the missing code.
+
+	* appl/bsd/login_fbtab.c (login_protect): remove `/*' from string
+ 	before reading the directory.  From "Brandon S. Allbery"
+ 	<allbery@ece.cmu.edu>
+
+Fri Dec 18 1998
+
+	* man/kadmin.8 (-t): add a note about using `kinit -p'
+
+Mon Dec 14 1998
+
+	* lib/krb/name2name.c (krb_name_to_name): really verify we have an
+ 	alias before trying to use it as the primary name.
+
+Fri Nov 27 1998
+
+	* lib/krb/send_to_kdc.c (url_parse): use correct length when
+ 	copying the hostname
+
+Sun Nov 22 1998
+
+	* configure.in, acconfig.h: NEED_HSTRERROR_PROTO
+
+
+	* configure.in: use AC_KRB_STRUCT_SPWD
+
+	* slave/Makefile.in (WFLAGS): set
+
+	* server/Makefile.in (WFLAGS): set
+
+	* lib/krb/send_to_kdc.c (send_recv): add `int'
+
+	* lib/krb/decomp_ticket.c (decomp_ticket): if the realm is empty,
+ 	use the local realm.
+
+	* lib/krb/Makefile.in (WFLAGS): set
+
+	* lib/kdb/krb_lib.c (kerb_get_principal): correct test
+	(kerb_put_principal): remove unused variable
+
+	* lib/kdb/Makefile.in (WFLAGS): set
+
+	* lib/auth/pam/Makefile.in (WFLAGS): set
+
+	* lib/auth/afskauthlib/Makefile.in (WFLAGS): set
+
+	* lib/acl/Makefile.in (WFLAGS): set
+
+	* kuser/Makefile.in (WFLAGS): set
+
+	* kadmin/Makefile.in (WFLAGS): set
+
+	* include/Makefile.in (WFLAGS): set
+
+	* appl/sample/sample_client.c (main): remove unused variable
+
+	* appl/sample/Makefile.in (WFLAGS): set
+
+	* appl/movemail/Makefile.in (WFLAGS): set
+
+	* appl/kip/Makefile.in (WFLAGS): set
+
+	* appl/bsd/Makefile.in (WFLAGS): set
+
+	* appl/afsutil/pagsh.c (main): fall back to running /bin/sh if
+ 	execvp fails.
+
+	* appl/afsutil/Makefile.in (WFLAGS): set
+
+	* admin/kdb_edit.c (change_principal): remove unused variable
+
+	* admin/Makefile.in (WFLAGS): set
+
+	* configure.in: check for crypt, environ and struct spwd
+
+Thu Nov 19 1998
+
+	* appl/movemail/Makefile.in: link and include hesiod
+
+	* configure.in: test for hesiod
+
+Wed Nov 18 1998
+
+	* kadmin/kadm_locl.h: include <arpa/inet.h>
+
+	* configure.in (freebsd3): seems to like symbolic links for the
+ 	shared libraries
+
+1998-11-07
+
+	* Makefile.export (ChangeLOG): handle emacs20-style changelog
+	entries
+
+	* lib/kdb/krb_dbm.c (kerb_db_get_principal, kerb_db_iterate):
+	check return value from `dbm_open'
+
+Fri Oct 23 1998
+
+	* lib/kadm/kadm.h: enable new extended kadmin fields by default
+
+Thu Oct 22 1998
+
+	* lib/krb/get_host.c (read_file): add more kinds of whitespace
+
+	* lib/krb/lsb_addr_comp.c: fix(?) calculations regrding
+ 	`firewall_address'
+
+	* kadmin/kadmin.c: change timeout to 5 minutes, (sigarlm): only
+ 	print message if any tickets were actually destroyed, (main): less
+ 	noise, (add_new_key): some cleanup, (del_entry): allow more than
+ 	one principal on command line, (get_entry): set more flags
+
+	* lib/kadm/kadm.h: add code to get modification date, modifier and
+ 	key version number
+
+	* lib/kadm/kadm_supp.c: add code to get modification date,
+ 	modifier and key version number
+
+	* lib/kadm/kadm_stream.c: add code to get modification date,
+ 	modifier and key version number
+
+Tue Oct 13 1998
+
+	* lib/kadm/Makefile.in: ROKEN_RENAME
+
+	* lib/krb/roken_rename.h: add strnlen
+
+	* lib/krb/Makefile.in: add strnlen
+
+Sat Oct 3 1998
+
+	* doc/install.texi: add comment about afskauthlib being in the
+ 	correct object format
+
+Thu Oct 1 1998
+
+	* kadmin/kadmin.c (change_admin_password): add `alarm(0)' to
+ 	prevent it from timing out
+
+
+	* lib/krb/time.c (krb_kdctimeofday): set `tv'.  fix from Thomas
+ 	Nyström <thn@stacken.kth.se>
+
+Mon Sep 28 1998
+
+	* appl/bsd/osfc2.c: lots of C2 magic
+
+	* appl/bsd/{rshd,rcp_util,rcp}.c: do C2 stuff
+
+	* appl/bsd/login.c: move C2 stuff to osfc2.c
+
+	* appl/bsd/login.c: call `set_auth_parameters' if OSFC2
+
+Sun Sep 27 1998
+
+	* appl/bsd/login.c: add some code to call setluid
+
+Sat Sep 26 1998
+
+	* appl/sample/sample_client.c (main): correct test
+
+Sat Sep 12 1998
+
+	* configure.in (XauReadAuth): reverse test and check for -lX11
+ 	before -lXau, otherwise the test fails on Irix 6.5
+
+Sun Sep 6 1998
+
+	* lib/krb/krb-protos.h: fix prototypes for krb_net_{read,write}
+
+	* lib/krb/krb_net_{read,write}.c: new files
+
+	* lib/krb/Makefile.in: add krb_net_{read,write}
+
+Fri Sep 4 1998
+
+	* lib/auth/sia/sia.c (siad_ses_launch, siad_ses_reauthent): use
+ 	krb_afslog_home
+
+	* lib/auth/pam/pam.c (pam_sm_open_session): use krb_afslog_home
+
+	* lib/auth/afskauthlib/verify.c (afs_verify): use
+ 	krb_afslog_uid_home
+
+Sun Aug 30 1998
+
+	* lib/krb/get_host.c: patch from Derrick J Brashear
+ 	<shadow@dementia.org> for doing less DNS lookups
+
+Sun Aug 23 1998
+
+	* lib/krb/ticket_memory.c (tf_save_cred): use memcpy to copy the
+ 	session key.
+
+Tue Aug 18 1998
+
+	* kadmin/kadmin.c (change_password): add `--random'.  From Love
+ 	Hörnquist-Åstrand <lha@elixir.e.kth.se>
+
+Thu Aug 13 1998
+
+	* lib/kclient/KClient.c (KClientErrorText): copy the string.
+  	Patch from Daniel Staaf <d96-dst@nada.kth.se>
+
+Tue Jul 28 1998
+
+	* appl/bsd/rsh.c (main): make sure not to send `-K' before the
+ 	hostname when re-execing
+
+	* appl/bsd/su.c: openlog LOG_AUTH
+
+Fri Jul 24 1998
+
+	* lib/krb/create_ciph.c: typo: s/tmp/rem/
+
+Wed Jul 22 1998
+
+	* lib/krb/send_to_kdc.c (send_recv): return FALSE if recv failed
+ 	so that we try the next server
+
+	* configure.in (*-*-sunos): no lib_deps
+
+	* include/protos.H (utime): update prototype
+
+Thu Jul 16 1998
+
+	* acconfig.h (DBDIR, MATCH_SUBDOMAINS): added
+
+	* configure.in (--enable-match-subdomains): added
+	(--with-db-dir): added
+
+	* lib/krb/getrealm.c (file_find_realm): fix MATCH_SUBDOMAINS code.
+  	Patch originally from R Lindsay Todd <toddr@rpi.edu>
+
+	* lib/krb/dllmain.c: clean-up patch from <d96-dst@nada.kth.se>
+
+	* appl/krbmanager: patches from <d96-dst>
+
+Mon Jul 13 1998
+
+	* appl/sample/sample_client.c (main): don't advance
+ 	hostent->h_addr_list, use a copy instead
+
+	* appl/bsd/kcmd.c (kcmd): don't advance hostent->h_addr_list, use
+ 	a copy instead
+
+Fri Jul 10 1998
+
+	* lib/krb/net{read,write}.c: removed
+
+	* lib/krb/Makefile.in: grab net_{read,write}.c from roken
+
+	* lib/krb/roken_rename.h: add krb_net_{write,read}
+
+	* lib/krb/create_ciph.c (create_ciph): return KFAILURE instead of
+ 	NULL
+
+	* lib/kadm/kadm_cli_wrap.c (kadm_get): return KADM_NOMEM, not NULL
+
+Wed Jul 8 1998
+
+	* server/kerberos.c (make_sockets): strdup the port specification
+ 	before strtok_r:ing it
+
+	* lib/krb/extra.c (define_variable): return 0
+
+	* kuser/klist.c (display_tktfile): only print time diff and
+ 	newline if using the longform
+
+Tue Jun 30 1998
+
+	* lib/krb/send_to_kdc.c (send_to_kdc): be careful in not advancing
+ 	the h_addr_list pointer in the hostent structure
+
+	* lib/krb/time.c (krb_kdctimeofday): handle the case of `time_t'
+ 	and the type of `tv_sec' being different.  patch originally from
+ 	<art@stacken.kth.se>
+
+	* man/afslog.1: add refs to kafs and kauth
+
+	* man/kauth.1: add refs to kafs
+
+	* lib/krb/krb_get_in_tkt.c (krb_mk_as_req): remove old code laying
+ 	around.
+
+	* lib/krb/Makefile.in: add strcat_truncate.c
+
+	* lib/auth/sia/krb4+c2_matrix.conf: fix broken lines and typos
+
+	* kuser/klist.c (display_tokens): print expired for expired tokens
+
+Sat Jun 13 1998
+
+	* kadmin/kadm_ser_wrap.c (kadm_ser_init): new argument `addr'
+
+	* kadmin/admin_server.c: new argument `-i' for listening on a
+ 	single address
+
+Mon Jun 8 1998
+
+	*  Release 0.9.9
+
+Wed Jun 3 1998
+
+	* lib/krb/extra.c: implement read_extra_file() for Win32
+
+Fri May 29 1998
+
+	* configure.in: removed duplicate crypt
+
+	* lib/kdb/Makefile.in (roken_rename.h): remove dependency
+
+	* lib/acl/Makefile.in (roken_rename.h): remove dependency
+
+	* lib/krb/roken_rename.h: remove duplicate flock
+
+	* appl/afsutil/aklog.c (createuser): fclose the file
+
+Wed May 27 1998
+
+	* lib/krb/Makefile.in (extra.c): add
+
+	* slave/kpropd.c: k_flock -> flock
+
+	* slave/kprop.c: k_flock -> flock
+
+	* lib/krb/tf_util.c: k_flock -> flock
+
+	* lib/krb/roken_rename.h: add base64* and flock
+
+	* lib/krb/kntoln.c: k_flock -> flock
+
+	* lib/kdb/krb_dbm.c: k_flock -> flock
+
+	* lib/kdb/Makefile.in: use ROKEN_RENAME to get hold of renames
+ 	symbols
+
+Tue May 26 1998
+
+	* lib/krb/extra.c: add read flag, so we don't have to look for
+ 	non-existant files several times
+
+	* lib/krb/send_to_kdc.c: use krb_get_config_string()
+
+	* lib/krb/lsb_addr_comp.c: use krb_get_config_bool()
+
+	* lib/krb/krb_get_in_tkt.c: use krb_get_config_bool()
+
+	* lib/krb/extra.c: parse and use krb.extra file for special
+ 	configurations, to lessen the number of environment variables used
+
+	* lib/krb/getfile.c: cleanup and add `krb_get_krbextra'
+
+	* lib/krb/debug_decl.c: add krb_enable_debug
+
+	* lib/krb/lsb_addr_comp.c (lsb_time): if KRB_REVERSE_DIRECTION is
+ 	set, negate time (fix for some firewalls)
+
+Mon May 25 1998
+
+	* lib/krb/Makefile.in (clean): try to remove shared library debris
+	(LIBDES and LIB_DEPS): try to figure out dependencies
+
+	* lib/kdb/Makefile.in (clean): try to remove shared library debris
+
+	* lib/kadm/Makefile.in (clean): try to remove shared library
+ 	debris
+
+	* configure.in: make symlink magic work with libsl
+
+Mon May 18 1998
+
+	* appl/bsd/login.c: Hack for AIX 4.3.
+
+Thu May 14 1998
+
+	* configure.in: mips-api support.  From Derrick J Brashear
+ 	<shadow@dementia.org>
+
+	* configure.in: --enable-legacy-kdestroy: added.  From Derrick J
+ 	Brashear <shadow@dementia.org>
+
+	* kuser/kdestroy.c: LEGACY_KDESTROY: add
+
+Wed May 13 1998
+
+	* lib/krb/krb.h (const, signed): define when compiling with
+ 	non-ANSI comilers.  From Derrick J Brashear <shadow@dementia.org>
+
+Mon May 11 1998
+
+	* kadmin/admin_server.c: Fix reallocation bug.
+
+Fri May 1 1998
+
+	* configure.in: don't test for winsock.h
+
+	* slave/kprop.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/sample/sample_client.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/movemail/pop.c: unifdef -DHAVE_H_ERRNO
+
+	* appl/kip/kip.c: unifdef -DHAVE_H_ERRNO
+
+Mon Apr 27 1998
+
+	* appl/ftp/ftpd/krb4.c (krb4_adat): applied patch from Love
+ 	<lha@elixir.e.kth.se> for checking address in krb_rd_req
+
+Sun Apr 26 1998
+
+	* appl/Makefile.in (SUBDIRS): add push
+
+Sun Apr 19 1998
+
+	* configure.in: fix for the symlink magic. From Gregory S. Stark
+ 	<gsstark@mit.edu>
+
+	* doc/Makefile.in (install): ignore failures from install-info.
+
+	* lib/krb/Makefile.in (install): don't install include files with
+ 	x bit
+
+	* lib/kadm/Makefile.in (install): don't install include files with
+ 	x bit
+
+	* man/Makefile.in: don't install getusershell
+
+	* lib/krb/Makefile.in: add symlink magic for linux.
+	only link in com_err.o and error.o if building shared
+
+	* lib/kdb/Makefile.in: add symlink magic for linux
+
+	* lib/kadm/Makefile.in: add symlink magic for linux
+
+	* configure.in: add symlink magic for Linux
+
+	* appl/kx/common.c (connect_local_xsocket): update to try the list
+ 	of potential socket pathnames
+
+Tue Apr 7 1998
+
+	* lib/krb/getaddrs.c: Don't bail out if various ioctl's fail.
+
+
+	* doc/Makefile.in (kth-krb.info): use `--no-split'
+
+Mon Apr 6 1998
+
+	* configure.in: add --disable-cat-manpages
+
+	* configure.in: call the shared libraries so.0.9.9 on linux
+
+Sat Apr 4 1998
+
+	* lib/Makefile.in (SUBDIRS): changed order so that editline is
+ 	built before sl
+
+	* lib/*/Makefile.in: shared library dependency information
+
+	* doc/Makefile.in (clean): remove *.info*
+
+	* merge in win32 changes from <flag@astrogator.se> and
+ 	<jfa@pobox.se>
+
+	* Makefile.export: aux -> cf
+
+	* Makefile.in: aux -> cf
+
+	* appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): check the
+ 	return from `gethostbyname'
+
+	* appl/bsd/bsd_locl.h: Check for <io.h> and conditionalize
+ 	prepare_utmp.  From <d96-mst@nada.kth.se>
+
+	* acconfig.h (__EMX__): define MAIL_USE_SYSTEM_LOCK.  From
+ 	<d96-mst@nada.kth.se>
+
+	* include/bits.c: renamed `strupr' to `my_strupr' not to conflict
+ 	with any exiting strupr.
+
+Sat Mar 28 1998
+
+	* Makefile.in (install): use DESTDIR
+
+	* include/Makefile.in (install): depend on all
+
+	* man/Makefile.in (install, uninstall): use transform correctly
+
+Fri Mar 27 1998
+
+	* configure.in: don't look for dbopen.  From Derrick J Brashear
+ 	<shadow@dementia.org>
+	(termcap.h): check for
+
+	* lib/krb/Makefile.in: fix for LD options on solaris.  From
+ 	Derrick J Brashear <shadow@dementia.org>
+
+Thu Mar 19 1998
+
+	* appl/kx/common.c: Trying binding sockets in the special
+	directories for some versions of Solaris and HP-UX
+
+
+	* lib/krb/kdc_reply.c: Check for error code of zero in error
+ 	packet from KDC.
+
+Wed Mar 18 1998
+
+	* appl/kx/common.c (get_xsockets): try getting sockets in lots of
+ 	places
+	
+	* appl/kauth/kauth.c: return error code from child (plus shell
+ 	magic)
+
+
+	* lib/krb/getrealm.c (krb_realmofhost), lib/krb/get_krbrlm.c
+ 	(krb_get_lrealm, krb_get_default_realm): When figuring out a
+ 	default local realm name avoid going into infinite loops.
+
+Sun Mar 15 1998
+
+	* configure.in: test for <term.h> and search for `tgetent' in
+	ncurses.  From Gregory S. Stark <gsstark@mit.edu>
+
+	* **/Makefile.in: add DESTDIR support and .PHONY
+
+Sat Mar 7 1998
+
+	* kadmin/ksrvutil.c: Remove kvno zero restriction.
+
+	* configure.in: Add option `--disable-dynamic-afs' do disable AIX
+ 	dynamic loading of afs syscall library. This should hopefully also
+ 	work with AIX 3.
+
+	* kadmin/ksrvutil.c: Add `delete' function (from Chris Chiappa
+ 	<griffon+@cmu.edu>).
+
+Thu Feb 26 1998
+
+	* kadmin/kadmin.c (do_init): fix check of return value from
+ 	krb_get_default_principal
+
+	* lib/kadm/kadm_stream.c (stv_string): use correct offset
+
+Sat Feb 21 1998
+
+	* include/Makefile.in: add parse_time.h
+
+	* lib/krb/solaris_compat.c: new file with alternative entry points
+	compatible with solaris's libkrb.
+
+Thu Feb 19 1998
+
+	* lib/krb/time.c: Various time related functions.
+
+Tue Feb 17 1998
+
+	* lib/krb/send_to_kdc.c: Add some more connection debug traces.
+
+Sun Feb 15 1998
+
+	* lib/krb/get_host.c (init_hosts): call k_getportbyname with proto
+ 	== "udp" instead of NULL.  NULL would be the right thing, but some
+ 	libraries are not happy with that.
+
+	* appl/bsd/rcp.c: renamed `{local,foreign}' to \1_addr to avoid
+ 	conflicts with system header files on mklinux.
+
+
+	* lib/kadm/Makefile.in: Fix rules for kadm_err.[ch].
+
+	* lib/krb/krb_err.et: Fix for changes to compile_et.
+
+	* lib/com_err/{error.c,com_err.h,com_right.h}: Rename error.h to
+ 	com_right.h.
+
+	* lib/com_err/{compile_et.c,compile_et.h,lex.l,parse.y}: Switch
+ 	back to a yacc-based compile_et.
+
+Tue Feb 10 1998
+
+	* appl/kx/kxd.c (doit): fix stupid mistake when marshalling
+
+	* lib/krb/Makefile.in: add strcpy_truncate
+
+Sun Feb 8 1998
+
+	* lib/krb/netwrite.c (krb_net_write): restart if errno == EINTR
+
+	* lib/krb/netread.c (krb_net_read): restart if errno == EINTR
+
+	* appl/kx/rxterm.in: redirect std{in,out,err} of xterm to make
+ 	sure rshd does not hang.
+
+Sat Feb 7 1998
+
+	* lib/acl/acl_files.c (acl_canonicalize_principal): use
+ 	krb_parse_name
+
+
+	* lib/krb/rw.c: add a parameter containting maximum size.  Change
+	all callers.
+
+	* lots-of-files: replace {REALM_SZ, *_SZ, MaxPathLen,
+ 	MaxHostNameLen} + 1 with \1
+
+	* appl/bsd/rlogind.c (cleanup): logout -> rlogind_logout
+
+	* lib/acl/acl_files.c (acl_canonicalize_principal): use
+ 	strcpy_truncate
+
+	* include/Makefile.in: fnmatch.h
+
+	* appl/ftp/ftpd/ftpd.c: <fnmatch.h>
+
+	* lib/kadm/kadm_stream.c (stv_string): don't use strncpy
+
+	* lib/auth/sia/sia.c (siad_ses_suauthent): do ugly magic to make
+ 	sure `entity->name' is long enough.
+
+	* appl/ftp/ftpd/ftpcmd.y: HASSETPROCTITLE -> HAVE_SETPROCTITLE
+
+	* appl/bsd/rlogind.c (logout): renamed to rlogind_logout to avoid
+ 	conflict with logout() in libutil.
+	(doit): use forkpty_truncate it there's one
+
+	* appl/afsutil/kstring2key.c (krb5_string_to_key): don't use
+ 	strcat
+
+	* configure.in: add lots of functions and headers that were used
+ 	in the code but not tested for.
+
+	* lib/krb/send_to_kdc.c (url_parse): re-structured
+
+	* kadmin/kadm_locl.h: add prototype for random_password and remove
+ 	__P
+
+	* appl/bsd/forkpty.c (forkpty_truncate): new function.
+	use strcpy_truncate instead of strcpy
+
+	* appl/bsd/bsd_locl.h: include <libutil.h>.
+	prototype for forkpty_truncate()
+
+	* configure.in: test for <libutil.h>
+
+Fri Feb 6 1998
+
+	* kadmin/random_password.c: Random password generation.
+
+	* kadmin/kadmin.c: Add some functionality to add_new_key, to make
+ 	it more useful with batch creation.
+
+Wed Feb 4 1998
+
+	* appl/bsd/login.c (find_in_etc_securetty): new function
+	(rootterm): call `find_in_etc_securetty'
+
+	* appl/bsd/pathnames.h (_PATH_ETC_SECURETTY): add
+
+Tue Feb 3 1998
+
+	* kadmin/kadmin.c: Fix `-t' flag. Centralize the calling of
+ 	alarm() to a modified sl_loop().
+
+	* kadmin/kadmin.c: Add support for `batch' processing, taking a
+ 	command from the command line. Remove the automatic destruction of
+ 	tickets, instead add a timeout (initially set to 1 minute), after
+ 	which any tickets will be destroyed. Option `-m' now sets this
+ 	timeout to 0 (disabling timeout). Options `-p' takes a full
+ 	principal, and `-u' takes a `username' that is used as the name of
+ 	the admin principal to use.
+
+Sat Jan 31 1998
+
+	* lib/auth/sia/sia.c: Chown ticket file when doing reauth.
+
+Thu Jan 29 1998
+
+	* lib/auth/sia/sia.c: Add support for reauthentication.
+
+Mon Jan 26 1998
+
+	* appl/kauth/kauth.c (main): Add debug switch -d to kauth to aid
+ 	in finding miss-configurations.
+
+Mon Jan 19 1998
+
+	* lib/krb/name2name.c: If inet_addr thinks host's a valid
+ 	ip-address, assume it is, and don't call gethostbyname().  This
+ 	should fix things like `rsh 1.2.3.4'.
+
+Sat Jan 17 1998
+
+	* lib/krb/get_host.c: Check for http-srv records.
+
+	* lib/krb/get_host.c: Don't use getprotobyname. Check for `http'
+ 	as well as `udp' and `tcp'.
+
+	* lib/auth/sia/sia.c: Add password changing support.
+
+	* kadmin/new_pwd.c: Use kadm_check_pw.
+
+	* lib/kadm/check_password.c: Password quality check, moved from
+ 	kpasswd.c.
+
+Fri Jan 16 1998
+
+	* kadmin/ksrvutil_get.c: Add `-u' flag to put each key in a
+ 	separate file.
+
+Mon Jan 12 1998
+
+	* kadmin/admin_server.c: Fix broken realloc of pidarray.
+
+Fri Jan 9 1998
+
+	* rename logwtmp -> ftpd_logwtmp not to conflict with libc.
+
+Sun Dec 21 1997
+
+	* lib/krb/verify_user.c (krb_verify_user): new argument `srvtab'.
+	Changed all callers.
+
+Sat Dec 13 1997
+
+	* lib/kdb/krb_dbm.c: check return value from dbm_store
+
+Thu Dec 11 1997
+
+	* lib/krb/k_flock.c (k_flock): Re-included an implementaion of
+ 	k_flock. Changed all library and core application source to use
+ 	k_flock.
+
+Tue Dec 9 1997
+
+	* appl/kx/kxd.c,common.c: more error testing from Love
+ 	Hörnquist-Åstrand <e96_lho@elixir.e.kth.se>
+	Use the correct number of X for mkstemp.
+
+
+	* Release 0.9.8
+
+	* Add `--disable-mmap' configure option, do disable all use of
+ 	mmap.
+
+	* Rename all k_afsklog to krb_afslog.
+
+Mon Dec 8 1997
+
+	* kuser/klist.c: Add a header for tokens.
+
+Fri Dec 5 1997
+
+	* lib/krb/krb.h: Moved prototypes to krb-protos.h, cruft to
+ 	krb-archaeology.h.
+
+Thu Dec 4 1997
+
+	* appl/kauth/kauth.c: Use krb_get_pw_in_tkt2.
+
+	* lib/krb/get_in_tkt.c: krb_get_pw_in_tkt2 that returns key.
+
+Sun Nov 30 1997
+
+	* configure.in: check for tgetent in libcurses
+
+Mon Nov 24 1997
+
+	* appl/krbmanager: incorporate patches from <d96-dst@nada.kth.se>
+	for making sure there's only one instance of krbmanager.
+
+Fri Nov 21 1997
+
+	* admin/ext_srvtab.c: use atexit() to stamp out secrets.
+
+Thu Nov 20 1997
+
+	* server/kerberos.c: Log funny HTTP requests.
+
+	* server/kerberos.c: Add comma to list of port separators for
+ 	`-P'.
+
+
+	* appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): better
+ 	error message (from <d96-dst@nada.kth.se>)
+
+Wed Nov 12 1997
+
+	* kuser/klist.c (display_tokens): patch from <e96_lho@e.kth.se>
+
+Sun Nov 9 1997
+
+	* Release 0.9.7
+
+
+	* configure.in: test for ssize_t
+
+	* appl/bsd/rlogind.c: Fill in ut_type, and ut_exit if they exist.
+
+	* appl/kx/common.c (create_and_write_cookie): Create temp file
+ 	with mkstemp.
+
+
+	* appl/ftp/ftpd/ftpd.c: conditionalize otp
+
+	* appl/bsd/login.c: conditionalize otp
+
+	* configure.in: add --disable-otp.  update Makefile.in's
+
+	* configure.in: define CANONICAL_HOST
+	
+	* configure.in, aclocal.m4: remove <bind/bitypes.h>.  contains
+ 	bogus information on Crays.
+
+	* include/bits.c: stolen from Heimdal
+
+	* include/Makefile.in: replace ktypes.c with bits.c
+
+	* lib/krb/getaddrs.c (k_get_all_addrs): cray fix
+
+	* configure.in: updated header files
+
+
+	* slave/kpropd.c: Make sure it's the kprop service that tries to
+ 	send data.
+
+Fri Nov 7 1997
+
+	* configure.in: Added option --with-afsws=/usr/afsws.
+
+	* lib/Makefile.in: Build lib/rxkad if we have include file rx/rx.h
+
+Thu Nov 6 1997
+
+	* appl/ftp/ftp/ftp.c (sendrequest, recvrequest): do correct tests
+ 	for `-'
+
+	* appl/ftp/ftp/cmds.c (getit): removed stupid goto
+
+
+	* appl/kauth/kauth.c: Use krb_get_pw_in_tkt(), now that it is
+ 	fixed.
+
+	* appl/ftp/ftp/cmds.c: Don't retrieve files that start with `..'
+ 	or `/' without asking.  Reverse test in confirm() to check for `y'
+ 	rather than not `n'.  Use mkstemp.
+
+	* appl/ftp/ftp/ftp.c: Add extra parameter to recvrequest,
+ 	specifying if local filenames should be parsed as "-" and "|".
+
+Mon Nov 3 1997
+
+	* configure.in: updated broken list.  add fclose for proto check.
+
+	* kadmin/kadmin.c: updated functions to new style of sl
+
+	* appl/bsd/rcp.c, rlogin.c, rsh.c: setuid before doing kerberos
+ 	authentication.  if that fails, exec ourselves with -K
+
+	* appl/bsd/pathnames.h: add _PATH_RCP
+
+	* configure.in: test for readv, writev
+
+Fri Oct 24 1997
+
+	* lib/krb/tkt_string.c (krb_set_tkt_string): const-ized
+
+	* appl/ftp/ftp{,d}: new commands: kdestroy, krbtkfile and afslog.
+
+	* appl/afsutil/aklog.c (expand_cell_name): fix parsing of
+ 	CellServDB
+
+Sat Oct 11 1997
+
+	* appl/telnet/telnetd/sys_term.c (start_login): moved `user' so it
+ 	works even if !defined(HAVE_UTMPX_H)
+
+Fri Oct 10 1997
+
+	* lib/krb/send_to_kdc.c: Change send_recv* to use a lookup table
+ 	indexed by protocol.
+	
+	Implement http proxy use, enabled via `krb4_proxy' environment
+ 	variable.
+
+Thu Oct 9 1997
+
+	* lib/krb/getrealm.c: Don't lookup top-level domains. Try files
+ 	before doing DNS.
+
+Thu Oct 2 1997
+
+	* appl/krbmanager: Turned into a ticket management program.
+
+	* lib/krb/{dllmain,ticket_memory}.c: Add some KrbManager
+ 	interaction.
+
+Sat Sep 27 1997
+
+	* appl/voodoo: Major fixes of terminal emulation, and other
+	things.
+
+Fri Sep 26 1997
+
+	* server/kerberos.c: Cleanup socket-opening code. Add HTTP
+ 	support.
+
+	* lib/krb/send_to_kdc.c: Add Kerberos over HTTP.
+
+	* lib/krb/get_host.c: Parse URL-style host-specifications.
+
+
+	* include/win32: add `version.h' and `ktypes.h'
+
+	* lib/kclient/KClient.def: rename kclnt32 to make Eudora
+ 	happy. Add SendTicketForService
+
+	* lib/kclient/KClient.c: implement SendTicketForService.  Used by
+ 	Eudora.
+
+	* appl/voodoo/voodoo.mak: kclient renamed as kclnt32
+
+Thu Sep 25 1997
+
+	* Moved various base64 implementations to roken.
+
+Thu Sep 18 1997
+
+	* appl/telnet/telnetd/telnetd.c: Move the call to startslave()
+ 	into the telnet() loop. This way we'll maximise the chance that
+ 	the transmission is encrypted before starting login. This will
+ 	hopefully remove the irritating warning you would get with some
+ 	macintosh telnet clients.
+
+Wed Sep 17 1997
+
+	* appl/telnet/telnetd/sys_term.c: Fix for duplicate `-- user'.
+
+Tue Sep 9 1997
+
+	* server/kerberos.c: More detailed logging
+
+Fri Sep 5 1997
+
+	* lib/kafs/afssysdefs.h: HP-UX 10.20 seems to use 48
+
+Thu Sep 4 1997
+
+	* lib/des/Makefile.in: quote the test for $(CC) correctly
+
+Wed Sep 3 1997
+
+	* include/ktypes.c: Move __BIT_TYPES_DEFINED__ to after including
+ 	other stuff.
+
+
+	* lib/rxkad/rxk_locl.c (rxkad_calc_header_iv): Simplify header IV
+ 	calculation.
+
+	* lib/rxkad/osi_alloc.c (osi_Alloc): Memory allocation routines
+ 	for user space. There is no longer any need for conditional
+ 	compilation of user/kernel-space versions of librxkad.a.
+
+	* lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Use
+ 	Transarc FC-crypto to generate random numbers. We no longer need
+ 	to link a DES library into the kernel.
+
+Tue Sep 2 1997
+
+	* appl/ftp/ftpd/ftpd.c (pass): chown the ticket file is logging in
+ 	with clear-text passwords and using kerberos
+
+	* lib/krb/krb_log.h: new file
+
+	* lib/krb/krb.h: moved all logging functions to krb_log.h.
+  	Include krb_log.h in appropriate places.  From
+ 	<shadow@dementia.org>
+
+Mon Sep 1 1997
+
+	* appl/kx/kx.c: more intelligent check for passive mode new option
+ 	`-P' to force passive mode
+
+Sat Aug 23 1997
+
+	* lib/krb/krb_get_in_tkt.c: rename krb_as_req -> krb_mk_as_req
+
+Wed Aug 20 1997
+
+	* lib/rxkad/rxkad.h, rxk_serv.c (server_CheckResponse): Increase
+ 	limit of ticket lengths to 1024 at server end.
+
+	* lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Support
+ 	for almost arbitrary ticket lengths.
+
+Tue Aug 19 1997
+
+	* kadmin/ksrvutil_get.c: Make sure we're talking to the admin
+ 	server when getting ticket.
+
+	* lib/krb/send_to_kdc.c: Add flag to always use admin server.
+
+Sun Aug 17 1997
+
+	* appl/kx/rxtelnet.in: reverse the looking for xterm loops Use
+ 	`-n' and not `-name' to xterm
+	
+	* server/kerberos.c: implement `-i' for only listening on one
+ 	address
+
+	* lib/kadm/kadm_cli_wrap.c: Implement kadm_change_pw2 to be
+ 	compatible with CNS.  From <shadow@dementia.org>
+
+	* appl/ftp/ftpd/ftpd.c: removed bogus reset of `debug'
+
+	* appl/ftp/ftpd/extern.h: define NBBY if needed
+
+	* configure.in: os2 fixes: -Zcrtdll and check for chroot
+
+Wed Aug 13 1997
+
+	* lib/krb/get_in_tkt.c: Use new get_in_tkt functions, and
+ 	implement kerberos 5 salts.
+
+	* lib/krb/krb_get_in_tkt.c: Split krb_get_in_tkt in two functions
+ 	so it's possible to try several key-procs with just one request to
+ 	the KDC.
+
+Wed Jul 23 1997
+
+	* lib/rxkad/rxk_serv.c (decode_krb4_ticket): New functions
+ 	decode_xxx_ticket so that it is possible to also decode kerberos
+ 	version 5 tickets.
+
+Sat Jul 19 1997
+
+	* doc/Makefile.in: `test -f' is more portable than `test -e'
+
+Tue Jul 15 1997
+
+	* lib/kafs/kafs.h, lib/krb/krb.h: swap order of <sys/cdefs.h> and
+ 	<ktypes.h>.  Another fix form <shadow@dementia.org>
+
+Fri Jul 11 1997
+
+	* lib/krb/krb.h: non-ANSI fix from <shadow@dementia.org>
+
+Fri Jun 27 1997
+
+	* man/otp.1: `-o' option
+
+	* appl/otp/otp.c: List lock-time with `-l'.  New option `-o' to
+ 	open an locked entry.
+
+	* lib/otp/otp_db.c (otp_get_internal): Save lock_time in returned
+ 	struct.
+
+	* lib/otp/otp.h: New field `lock_time' in OtpContext
+
+Thu Jun 26 1997
+
+	* man/otp.1, man/otpprint.1: Update changed default to `md5'
+
+	* appl/bsd/rsh.c: Don't use a hard-coded constant in `select'
+
+	* configure.in, include/ktypes.c: Handle the case of there being
+ 	an old version of our `sys/bitypes.h'.
+
+Sun Jun 22 1997
+
+	* lib/des: Merge in changes from libdes 4.01. The optimizations
+ 	written in assembler are not used since they in general wont't
+ 	work with shared libraries.
+
+Fri Jun 20 1997
+
+	* lib/krb/netread.c, netwrite.c: Handle windows discrimation of
+	sockets.
+
+Sun Jun 15 1997
+
+	* appl/kpopper/pop_init.c: Use `STDIN_FILENO' and `STDOUT_FILENO'
+ 	instead of `sp'.  OSF's libc isn't quite prepared to have two
+ 	different FILEs refer to the same file descriptor.
+
+Thu Jun 12 1997
+
+	* doc/dir: Add dir template file.
+
+
+	* appl/kauth/kauth.c (main): AFS style positional argument for -n
+ 	option.
+
+	* appl/xnlock/xnlock.c (verify): New resource destroyTickets and
+ 	corresponding option -nodestroytickets. First try local
+ 	authentication and if it fails try kerberos.
+	
+Sun Jun 8 1997
+
+	* appl/ftp/ftpd/popen.c (ftpd_popen): Correct initialization of
+ 	`foo' before call to `strtok_r'
+
+Wed Jun 4 1997
+
+	* doc/*.texi: Use @url.
+
+	* doc/setup.texi: Added @ifinfo around @dircategory
+
 Tue Jun 3 1997
 
 	* Release 0.9.6
diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in
index afa77fb..b2e9864 100644
--- a/crypto/kerberosIV/Makefile.in
+++ b/crypto/kerberosIV/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $
+# $Id: Makefile.in,v 1.36 1999/03/01 13:04:23 joda Exp $
 
 srcdir		= @srcdir@
 prefix		= @prefix@
@@ -14,7 +14,7 @@ TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \
 
 @SET_MAKE@
 
-SUBDIRS		= util include lib kuser server slave admin kadmin appl man doc
+SUBDIRS		= include lib kuser server slave admin kadmin appl man doc
 
 all:
 	for i in $(SUBDIRS); \
@@ -27,7 +27,7 @@ check:
 	cd lib && $(MAKE) $(MFLAGS) check
 
 install:
-	$(MKINSTALLDIRS) $(prefix)
+	$(MKINSTALLDIRS) $(DESTDIR)$(prefix)
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) install); done
 
@@ -67,4 +67,7 @@ realclean:
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
 
-.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean
+$(srcdir)/aclocal.m4:
+	cd $(srcdir) && aclocal -I cf
+
+.PHONY: all Wall check install install-strip uninstall travelkit travelkit-strip clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS
index cddbb22..6c6f84f 100644
--- a/crypto/kerberosIV/NEWS
+++ b/crypto/kerberosIV/NEWS
@@ -1,3 +1,118 @@
+Changes in release 0.10.1:
+
+* Bug fixes:
+  - krb_get_lrealm now works with zero `n'
+  - kadmin cosmetic fix
+  - login now compiles on IRIX < 6.5
+  - kxd fix for solaris waitpid breakage, fix for unicos setjob
+    breakage, better handling of fork failures
+
+Changes in release 0.10:
+
+* Some support for Irix 6.5 capabilities
+
+* Improved kadmin interface; you can get more info via kadmin.
+
+* Some improved support for OSF C2.
+
+* General bug-fixes and improvements, including a large number of
+  potential buffer overrun fixes.  A large number of portability
+  improvements.
+
+* Support for multiple local realms.
+
+* Support batch kadmin operation.
+
+* Heimdal support in push.
+
+* Removed `--with-shared' configure option (use `--enable-shared'.)
+
+* Now uses Autoconf 2.13.
+
+Changes in release 0.9.9:
+
+* New configuration file /etc/krb.extra
+
+* New program `push' for popping mail.
+
+* Add (still little tested) support for maildir spool files in popper.
+
+* Added `delete' to ksrvutil.
+
+* Support the strange X11 sockets used on HP-UX and some versions of
+  Solaris.
+
+* Arla compatibility in libkafs.
+
+* More compatibility with the Solaris version of libkrb.
+
+* New configure option `--with-mips-abi'
+
+* Support `/etc/securetty' in login.
+
+* Bug fixes and improvements to the Win32 telnet.
+
+* Add support for installing with DESTDIR
+
+* SIA module with added support for password changing, and
+  reauthentication.
+
+* Add better support for MIT `compile_et' and `mk_cmds', this should
+  make it easier to build things like `zephyr'.
+
+* Bug fixes:
+  - Krb: fixed dangling references to flock in libkrb
+  - FTP: fixed `logwtmp' name conflict
+  - Telnet: fix a few literal IP-number bugs
+  - Telnet: hopefully fixed stair-stepping bug
+  - Kafs: don't store expired tokens in the kernel
+  - Kafs: fix broken installation of afslib.so in AIX
+
+Changes in release 0.9.8:
+
+* several bug fixes; some which deserve mentioning:
+  - fix non-working `kauth -h'
+  - the sia-module should work again
+  - don't leave tickets in popper
+
+Changes in release 0.9.7:
+
+* new configure option --disable-otp
+
+* new configure option --with-afsws
+
+* includes rxkad implementation
+
+* ftp client is more careful with suspicious filenames (|, .., /)
+
+* fixed setuid-vulnerability of rcp, rlogin, and rsh.
+
+* removed use of tgetent from telnetd (thereby eliminating buffer-overflow)
+
+* new commands in ftp and ftpd: kdestroy, krbtkfile, and afslog.
+
+* implement HTTP transport in libkrb and KDC.
+
+* win32 terminal program much improved.  also implemented ticket
+  management program.
+
+* introduce `-i' option to kerberos server for listening only on one
+  interface.
+
+* updated otp applications and man pages.
+
+* merged in libdes 4.01
+
+* popper is more resilient to badly formatted mails.
+
+* minor fixes for Cray support.
+
+* fix popen bug i ftpd.
+
+* lots of bug fixes and portability fixes.
+
+* better compatibility with Heimdal.
+
 Minor changes in release 0.9.6:
 
 * utmp(x) works correctly on systems with utmpx.
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS
index f6eeeef..732766e 100644
--- a/crypto/kerberosIV/PROBLEMS
+++ b/crypto/kerberosIV/PROBLEMS
@@ -2,8 +2,8 @@
 Problems compiling Kerberos
 ===========================
 
-Many compilers require a switch to become ANSI compliant. Since kth-krb
-is written in ANSI C it is necessary to specify the name of the compiler
+Many compilers require a switch to become ANSI compliant. Since krb4 is
+written in ANSI C it is necessary to specify the name of the compiler
 to be used and the required switch to make it ANSI compliant. This is
 most easily done when running configure using the `env' command. For
 instance to build under HP-UX using the native compiler do:
@@ -31,8 +31,15 @@ verified to successfully compile the distribution:
 Linux problems
 --------------
 
+The libc functions gethostby*() under RedHat4.2 can sometimes cause
+core dumps. If you experience these problems make sure that the file
+`/etc/nsswitch.conf' contains a hosts entry no more complex than the
+line
+
+hosts: files dns
+
 Some systems have lost `/usr/include/ndbm.h' which is necessary to
-build kth-krb correctly. There is a `ndbm.h.Linux' right next to the
+build krb4 correctly. There is a `ndbm.h.Linux' right next to the
 source distribution.
 
 There has been reports of non-working `libdb' on some Linux
@@ -57,10 +64,35 @@ mean time use `telnetd'.
 AIX problems
 ------------
 
-`gcc' version 2.7.2.1 has a bug which makes it miscompile
+`gcc' version 2.7.2.* has a bug which makes it miscompile
 `appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
 if used with too much optimization.
 
+Some versions of the `xlc' preprocessor doesn't recognise the
+(undocumented) `-qnolm' option. If this option is passed to the
+preprocessor (like via the configuration file `/etc/ibmcxx.cfg',
+configure will fail.
+
+The solution is to remove this option from the configuration file,
+either globally, or for just the preprocessor:
+
+     $ cp /etc/ibmcxx.cfg /tmp
+     $ed /tmp/ibmcxx.cfg
+     8328
+     /nolm
+             options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
+     s/,-qnolm//p
+             options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
+     w
+     8321
+     q
+     $ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
+
+There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
+kernel to panic in some cases. There is a hack for this in `login', but
+other programs could be affected also. This seems to be fixed in
+version 5.55.
+
 C2 problems
 -----------
 
diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README
index 0647614..9c2f4a1 100644
--- a/crypto/kerberosIV/README
+++ b/crypto/kerberosIV/README
@@ -1,3 +1,6 @@
+
+*** PLEASE REPORT BUGS AND PROBLEMS TO kth-krb-bugs@nada.kth.se ***
+
 This is a severly hacked up version of Eric Young's eBones-p9 kerberos
 version. The DES library has been updated with his 3.23 version and
 numerous patches collected over the years have been applied to both
diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO
index 66aa1f1..83c308e 100644
--- a/crypto/kerberosIV/TODO
+++ b/crypto/kerberosIV/TODO
@@ -2,6 +2,9 @@
 rlogind, rshd, popper, ftpd (telnetd uses nonce?)
   Add a replay cache.
 
+rcp
+  figure out how it should really behave with -r
+
 telnet, rlogin, rsh, rcp
   Some form of support for ticket forwarding, perhaps only for AFS tickets.
 
@@ -25,9 +28,6 @@ autoconf
 libraries
   generate archive and shared libraries in some portable way.
 
-k_get_all_addrs
-  for Cray UNICOS
-
 ftpd
 
 kx
diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h
index bb7b7aa..cd9867d 100644
--- a/crypto/kerberosIV/acconfig.h
+++ b/crypto/kerberosIV/acconfig.h
@@ -1,104 +1,4 @@
-/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */
-
-/*  Define this if RETSIGTYPE == void  */
-#undef VOID_RETSIGTYPE
-
-/*  Define this if struct utmp have ut_user  */
-#undef HAVE_UT_USER
-
-/*  Define this if struct utmp have ut_host  */
-#undef HAVE_UT_HOST
-
-/*  Define this if struct utmp have ut_addr  */
-#undef HAVE_UT_ADDR
-
-/*  Define this if struct utmp have ut_type  */
-#undef HAVE_UT_TYPE
-
-/*  Define this if struct utmp have ut_pid  */
-#undef HAVE_UT_PID
-
-/*  Define this if struct utmp have ut_id  */
-#undef HAVE_UT_ID
-
-/*  Define this if struct utmpx have ut_syslen  */
-#undef HAVE_UT_SYSLEN
-
-/*  Define this if struct winsize is declared in sys/termios.h */
-#undef HAVE_STRUCT_WINSIZE
-
-/*  Define this if struct winsize have ws_xpixel */
-#undef HAVE_WS_XPIXEL
-
-/*  Define this if struct winsize have ws_ypixel */
-#undef HAVE_WS_YPIXEL
-
-/*  Define this to be the directory where the dictionary for cracklib */
-/*  resides */
-#undef DICTPATH
-
-/* Define this if you want to use SOCKS v5 */
-#undef SOCKS
-
-/* Define this to the path of the mail spool directory */
-#undef KRB4_MAILDIR
-
-/* Define this if `struct sockaddr' includes sa_len */
-#undef SOCKADDR_HAS_SA_LEN
-
-/* Define this if `struct siaentity' includes ouid */
-#undef SIAENTITY_HAS_OUID
-
-/* Define if getlogin has POSIX flavour, as opposed to BSD */
-#undef POSIX_GETLOGIN
-
-/* Define if getpwnam_r has POSIX flavour */
-#undef POSIX_GETPWNAM_R
-
-/* define if getcwd() is broken (such as in SunOS) */
-#undef BROKEN_GETCWD
-
-/* define if the system is missing a prototype for crypt() */
-#undef NEED_CRYPT_PROTO
-
-/* define if the system is missing a prototype for strtok_r() */
-#undef NEED_STRTOK_R_PROTO
-
-/* define if /bin/ls takes -A */
-#undef HAVE_LS_A
-
-/* define if you have h_errno */
-#undef HAVE_H_ERRNO
-
-/* define if you have h_errlist but not hstrerror */
-#undef HAVE_H_ERRLIST
-
-/* define if you have h_nerr but not hstrerror */
-#undef HAVE_H_NERR
-
-/* define if your system doesn't declare h_errlist */
-#undef HAVE_H_ERRLIST_DECLARATION
-
-/* define if your system doesn't declare h_nerr */
-#undef HAVE_H_NERR_DECLARATION
-
-/* define this if you need a declaration for h_errno */
-#undef HAVE_H_ERRNO_DECLARATION
-
-/* define if you need a declaration for optarg */
-#undef HAVE_OPTARG_DECLARATION
-
-/* define if you need a declaration for optind */
-#undef HAVE_OPTIND_DECLARATION
-
-/* define if you need a declaration for opterr */
-#undef HAVE_OPTERR_DECLARATION
-
-/* define if you need a declaration for optopt */
-#undef HAVE_OPTOPT_DECLARATION
-
-/* define if you need a declaration for __progname */
-#undef HAVE___PROGNAME_DECLARATION
+/* $Id: acconfig.h,v 1.103.2.1 1999/07/22 03:12:42 assar Exp $ */
 
 @BOTTOM@
 
@@ -111,6 +11,13 @@
 #undef HAVE_U_INT32_T
 #undef HAVE_U_INT64_T
 
+/* This for compat with heimdal (or something) */
+#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
+
+#define HAVE_KRB_ENABLE_DEBUG 1
+
+#define HAVE_KRB_DISABLE_DEBUG 1
+
 #define RCSID(msg) \
 static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 
@@ -148,20 +55,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #define MaxHostNameLen (64+4)
 #define MaxPathLen (1024+4)
 
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc).  If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
 /* ftp stuff -------------------------------------------------- */
 
 #define KERBEROS
 
 /* telnet stuff ----------------------------------------------- */
 
+/* define this for OTP support */
+#undef OTP
+
 /* define this if you have kerberos 4 */
 #undef KRB4
 
@@ -196,9 +98,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 /* Used with login -p */
 #undef LOGIN_ARGS
 
-/* Define if there are working stream ptys */
-#undef STREAMSPTY
-
 /* set this to a sensible login */
 #ifndef LOGIN_PATH
 #define LOGIN_PATH BINDIR "/login"
@@ -207,27 +106,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 
 /* ------------------------------------------------------------ */
 
-/*
- * Define this if your ndbm-library really is berkeley db and creates
- * files that ends in .db.
- */
-#undef HAVE_NEW_DB
-
-/* Define this if you have a working getmsg */
-#undef HAVE_GETMSG
-
-/* Define to enable new master key code */
-#undef RANDOM_MKEY
-
-/* Location of the master key file, default value lives in <kdc.h> */
-#undef MKEYFILE
-
-/* Define if you don't want support for afs, might be a good idea on
-   AIX if you don't have afs */
-#undef NO_AFS
-
-/* Define if you have a readline compatible library */
-#undef HAVE_READLINE
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) isoc_realloc((X), (Y))
+#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
+#endif
 
 #ifdef VOID_RETSIGTYPE
 #define SIGRETURN(x) return
@@ -235,37 +117,25 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #define SIGRETURN(x) return (RETSIGTYPE)(x)
 #endif
 
-/* Define this if your compiler supports '#pragma weak' */
-#undef HAVE_PRAGMA_WEAK
-
 /* Temporary fixes for krb_{rd,mk}_safe */
 #define DES_QUAD_GUESS 0
 #define DES_QUAD_NEW 1
 #define DES_QUAD_OLD 2
 
-/* Set this to one of the constants above to specify default checksum
-   type to emit */
-#undef DES_QUAD_DEFAULT
+/*
+ * All these are system-specific defines that I would rather not have at all.
+ */
 
 /*
  * AIX braindamage!
  */
 #if _AIX
 #define _ALL_SOURCE
-#define _POSIX_SOURCE
-/* this is left for hysteric reasons :-) */
-#define unix /* well, ok... */
-#endif
-
-/*
- * SunOS braindamage! (Sun include files are generally braindead)
- */
-#if (defined(sun) || defined(__sun))
-#if defined(__svr4__) || defined(__SVR4)
-#define SunOS 5
-#else
-#define SunOS 4
-#endif
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
 #endif
 
 #if defined(__sgi) || defined(sgi)
@@ -280,3 +150,21 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #if IRIX == 4 && !defined(__STDC__)
 #define __STDC__ 0
 #endif
+
+/*
+ * Defining this enables lots of useful (and used) extensions on
+ * glibc-based systems such as Linux
+ */
+
+#define _GNU_SOURCE
+
+/* some strange OS/2 stuff.  From <d96-mst@nada.kth.se> */
+
+#ifdef __EMX__
+#define _EMX_TCPIP
+#define MAIL_USE_SYSTEM_LOCK
+#endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/kerberosIV/acinclude.m4 b/crypto/kerberosIV/acinclude.m4
new file mode 100644
index 0000000..7e7de6f
--- /dev/null
+++ b/crypto/kerberosIV/acinclude.m4
@@ -0,0 +1,9 @@
+dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4
index 133e19d..ca2982b 100644
--- a/crypto/kerberosIV/aclocal.m4
+++ b/crypto/kerberosIV/aclocal.m4
@@ -1,28 +1,543 @@
+dnl aclocal.m4 generated automatically by aclocal 1.4
+
+dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl This program is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+dnl PARTICULAR PURPOSE.
+
+dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
+
+dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+  rm -f conftestdata
+  ac_cv_prog_LN_S="ln -s"
+else
+  touch conftestdata1
+  if ln conftestdata1 conftestdata2; then
+    rm -f conftestdata*
+    ac_cv_prog_LN_S=ln
+  else
+    ac_cv_prog_LN_S=cp
+  fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
+
+dnl $Id: krb-prog-yacc.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
+
+dnl $Id: test-package.m4,v 1.7 1999/04/19 13:33:05 assar Exp $
+dnl
+dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations)
+
+AC_DEFUN(AC_TEST_PACKAGE,[AC_TEST_PACKAGE_NEW($1,[#include <$2>],$4,,$5)])
+
+AC_DEFUN(AC_TEST_PACKAGE_NEW,[
+AC_ARG_WITH($1,
+[  --with-$1=dir                use $1 in dir])
+AC_ARG_WITH($1-lib,
+[  --with-$1-lib=dir            use $1 libraries in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+AC_ARG_WITH($1-include,
+[  --with-$1-include=dir        use $1 headers in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+
+AC_MSG_CHECKING(for $1)
+
+case "$with_$1" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_$1_include" = ""; then
+		with_$1_include="$with_$1/include"
+	fi
+	if test "$with_$1_lib" = ""; then
+		with_$1_lib="$with_$1/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d='$5'
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_$1_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_$1_include $header_dirs";;
+esac
+case "$with_$1_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_$1_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	AC_TRY_COMPILE([$2],,ires=$i;break)
+done
+for i in $lib_dirs; do
+	LIBS="-L$i $3 $4 $save_LIBS"
+	AC_TRY_LINK([$2],,lres=$i;break)
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
+	$1_includedir="$ires"
+	$1_libdir="$lres"
+	INCLUDE_$1="-I$$1_includedir"
+	LIB_$1="-L$$1_libdir $3"
+	AC_DEFINE_UNQUOTED(upcase($1),1,[Define if you have the $1 package.])
+	with_$1=yes
+	AC_MSG_RESULT([headers $ires, libraries $lres])
+else
+	INCLUDE_$1=
+	LIB_$1=
+	with_$1=no
+	AC_MSG_RESULT($with_$1)
+fi
+AC_SUBST(INCLUDE_$1)
+AC_SUBST(LIB_$1)
+])
+
+dnl $Id: osfc2.m4,v 1.2 1999/03/27 17:28:16 joda Exp $
+dnl
+dnl enable OSF C2 stuff
+
+AC_DEFUN(AC_CHECK_OSFC2,[
+AC_ARG_ENABLE(osfc2,
+[  --enable-osfc2          enable some OSF C2 support])
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
+	LIB_security=-lsecurity
+fi
+AC_SUBST(LIB_security)
+])
+
+dnl $Id: mips-abi.m4,v 1.4 1998/05/16 20:44:15 joda Exp $
+dnl
+dnl
+dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
+dnl value.
+
+AC_DEFUN(AC_MIPS_ABI, [
+AC_ARG_WITH(mips_abi,
+[  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)])
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+dnl
+dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
+dnl AC_MSG_RESULT
+dnl
+AC_MSG_CHECKING([if $CC supports the $abi option])
+AC_CACHE_VAL($ac_foo, [
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
+CFLAGS="$save_CFLAGS"
+])
+ac_res=`eval echo \\\$$ac_foo`
+AC_MSG_RESULT($ac_res)
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		AC_ERROR([$CC does not support the $with_mips_abi ABI])
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			AC_ERROR([$CC does not support the $with_mips_abi ABI])
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+])
+
+dnl
+dnl $Id: shared-libs.m4,v 1.3 1999/04/09 15:34:25 assar Exp $
+dnl
+dnl Shared library stuff has to be different everywhere
+dnl
+
+AC_DEFUN(AC_SHARED_LIBS, [
+
+dnl Check if we want to use shared libraries
+AC_ARG_ENABLE(shared,
+[  --enable-shared         create shared libraries for Kerberos])
+
+AC_SUBST(CFLAGS)dnl
+AC_SUBST(LDFLAGS)dnl
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS		$SHLIBEXT
+# HP-UX		sl
+# Linux		so
+# NetBSD	so
+# FreeBSD	so
+# OSF		so
+# SunOS5	so
+# SunOS4	so.0.5
+# Irix		so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+AC_SUBST(LINK)
+lib_deps=yes
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
+REAL_SHLIBEXT=so
+changequote({,})dnl
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
+changequote([,])dnl
+case "${host}" in
+*-*-hpux*)
+	REAL_SHLIBEXT=sl
+	REAL_LD_FLAGS='-Wl,+b$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED="ld -b"
+		REAL_PICFLAGS="+z"
+	fi
+	lib_deps=no
+	;;
+*-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-freebsd3*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-*bsd*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	;;
+*-*-osf*)
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_PICFLAGS=
+	LDSHARED='ld -shared -expect_unresolved \*'
+	;;
+*-*-solaris2*)
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED='$(CC) -G'
+		REAL_PICFLAGS="-Kpic"
+	fi
+	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
+*-*-sunos*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
+	;;
+*-*-irix*)
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
+	;;
+*-*-os2*)
+	LIBPREFIX=
+	EXECSUFFIX='.exe'
+	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
+	REAL_SHLIBEXT=nobuild
+	;;
+*-*-cygwin32*)
+	EXECSUFFIX='.exe'
+	REAL_SHLIBEXT=nobuild
+	;;
+*)	REAL_SHLIBEXT=nobuild
+	REAL_PICFLAGS= 
+	;;
+esac
+
+if test "${enable_shared}" != "yes" ; then 
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ AC_MSG_CHECKING(whether to use -rpath)
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     AC_MSG_RESULT(no)
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     AC_MSG_RESULT($LD_FLAGS)
+     ;;
+   esac
+fi
+
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
+else
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
+AC_SUBST(lib_deps_yes)
+AC_SUBST(lib_deps_no)
+
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
+fi
+
+AC_SUBST(REAL_PICFLAGS) dnl
+AC_SUBST(REAL_SHLIBEXT) dnl
+AC_SUBST(REAL_LD_FLAGS) dnl
+
+AC_SUBST(PICFLAGS) dnl
+AC_SUBST(SHLIBEXT) dnl
+AC_SUBST(LDSHARED) dnl
+AC_SUBST(LD_FLAGS) dnl
+AC_SUBST(LIBEXT) dnl
+AC_SUBST(LIBPREFIX) dnl
+AC_SUBST(EXECSUFFIX) dnl
+
+AC_SUBST(build_symlink_command)dnl
+AC_SUBST(install_symlink_command)dnl
+AC_SUBST(install_symlink_command2)dnl
+])
+
+dnl
+dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
 dnl
-dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $
+dnl Test for __attribute__
 dnl
 
+AC_DEFUN(AC_C___ATTRIBUTE__, [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_TRY_COMPILE([
+#include <stdlib.h>
+],
+[
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+],
+ac_cv___attribute__=yes,
+ac_cv___attribute__=no)])
+if test "$ac_cv___attribute__" = "yes"; then
+  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+
+
+dnl $Id: krb-sys-nextstep.m4,v 1.2 1998/06/03 23:48:40 joda Exp $
+dnl
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes, 
+[#if defined(NeXT) && !defined(__APPLE__)
+	yes
+#endif 
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+  CFLAGS="$CFLAGS -posix"
+  LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
+
+dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
 dnl
-dnl General tests
 dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes, 
+[#ifdef _AIX
+	yes
+#endif 
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
 
+dnl $Id: find-func-no-libs.m4,v 1.3 1998/06/04 02:06:50 assar Exp $
+dnl
 dnl
 dnl Look for function in any of the specified libraries
 dnl
 
 dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
 AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4])])
+
+dnl $Id: find-func-no-libs2.m4,v 1.1 1998/06/04 02:07:12 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
 
 AC_MSG_CHECKING([for $1])
 AC_CACHE_VAL(ac_cv_funclib_$1,
 [
 if eval "test \"\$ac_cv_func_$1\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" $2; do
+	for ac_lib in $2; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
 	done
 	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
@@ -32,17 +547,16 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_$1"
 
-# autoheader tricks *sigh*
+dnl autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs $1"@@@
 @@@libs="$libs $2"@@@
 END
 
-changequote(, )dnl
-eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# $1
+eval "ac_tr_func=HAVE_[]upcase($1)"
+eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
 eval "LIB_$1=$ac_res"
-changequote([, ])dnl
 
 case "$ac_res" in
 	yes)
@@ -67,210 +581,376 @@ esac
 AC_SUBST(LIB_$1)
 ])
 
-dnl AC_FIND_FUNC(func, libraries, includes, arguments)
-AC_DEFUN(AC_FIND_FUNC, [
-AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
-if test -n "$LIB_$1"; then
-	LIBS="$LIB_$1 $LIBS"
-fi
-])
-
 dnl
-dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
-dnl libraries 
+dnl $Id: check-netinet-ip-and-tcp.m4,v 1.2 1999/05/14 13:15:40 assar Exp $
+dnl
 
-AC_DEFUN(AC_BROKEN,
-[for ac_func in $1
-do
-AC_CHECK_FUNC($ac_func, [
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_MSG_CHECKING([for $i])
+AC_CACHE_VAL([ac_cv_header_$cv],
+[AC_TRY_CPP([\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+],
+eval "ac_cv_header_$cv=yes",
+eval "ac_cv_header_$cv=no")])
+AC_MSG_RESULT(`eval echo \\$ac_cv_header_$cv`)
 changequote(, )dnl
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
 changequote([, ])dnl
-AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"])
-# autoheader tricks *sigh*
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+dnl autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs $1"@@@
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
 END
+
+])
+
+dnl $Id: grok-type.m4,v 1.3 1999/03/21 18:59:56 joda Exp $
+dnl
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1, 
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+	AC_MSG_CHECKING(for $i)
+	AC_GROK_TYPE($i)
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_[]upcase($i)
+		AC_DEFINE_UNQUOTED($type)
+	fi
+	AC_MSG_RESULT($ac_res)
 done
-AC_SUBST(LIBOBJS)dnl
 ])
 
+dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
 dnl
-dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+	LIBS="$LIB_$1 $LIBS"
+fi
+])
+
+dnl 
+dnl See if there is any X11 present
 dnl
+dnl $Id: check-x.m4,v 1.1 1999/06/03 00:22:10 joda Exp $
 
-AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
-[AC_FIND_FUNC([$1], [$2], [$3], [$4])
-if eval "test \"$ac_cv_func_$1\" != yes"; then
-LIBOBJS="$LIBOBJS $1.o"
+AC_DEFUN(KRB_CHECK_X,[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo -lX11"
+		AC_TRY_RUN([
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	])
+	X_LIBS="$krb_cv_sys_x_libs"
 fi
-AC_SUBST(LIBOBJS)dnl
 ])
 
+dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
 dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
 dnl
-dnl
+AC_DEFUN(AC_CHECK_XAU,[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
 
-dnl AC_TEST_PACKAGE(package,header,lib,linkline)
-AC_DEFUN(AC_TEST_PACKAGE,
-[
-AC_MSG_CHECKING(for $1)
-AC_ARG_WITH($1,
-[  --with-$1=dir                use $1 in dir],
-[if test "$with_$1" = "no"; then
-  with_$1=
-fi]
-)
-AC_ARG_WITH($1-lib,
-[  --with-$1-lib=dir            use $1-lib in dir],
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi]
-)
-AC_ARG_WITH($1-include,
-[  --with-$1-include=dir        use $1-include in dir],
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi]
-)
 
-define([foo], translit($1, [a-z], [A-Z]))
-: << END
-@@@syms="$syms foo"@@@
-END
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
+LIBS="$ac_xxx"
 
-if test -n "$with_$1"; then
-  AC_DEFINE([foo])
-  if test "$with_$1" != "yes"; then
-    $1_dir=$with_$1
-  fi
-dnl Try to find include
-  if test -n "$with_$1_include"; then
-    trydir=$with_$1_include
-  elif test "$with_$1" != "yes"; then
-    trydir="$with_$1 $with_$1/include"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/$2; then
-        found=yes; res=$i; break
-      fi
-    else
-      AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break])
-    fi
-  done
-  if test -n "$found"; then
-    $1_include=$res
-  else
-    AC_MSG_ERROR(Cannot find $2)
-  fi
-dnl Try to find lib
-  if test -n "$with_$1_lib"; then
-    trydir=$with_$1_lib
-  elif test "$with_$1" != "yes"; then
-    trydir="$with_$1 $with_$1/lib"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/$3; then
-        found=yes; res=$i; break
-      fi
-    else
-      old_LIBS=$LIBS
-      LIBS="$4 $LIBS"
-      AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break])
-      LIBS=$old_LIBS
-    fi
-  done
-  if test -n "$found"; then
-    $1_lib=$res
-  else
-    AC_MSG_ERROR(Cannot find $3)
-  fi
-  AC_MSG_RESULT([headers $$1_include, libraries $$1_lib])
-  AC_DEFINE_UNQUOTED(foo)
-  if test -n "$$1_include"; then
-    foo[INCLUDE]="-I$$1_include"
-  fi
-  AC_SUBST(foo[INCLUDE])
-  if test -n "$$1_lib"; then
-    foo[LIB]="-L$$1_lib"
-  fi
-  foo[LIB]="$foo[LIB] $4"
-  AC_SUBST(foo[LIB])
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
 else
-  AC_MSG_RESULT(no)
+	AC_SUBST(NEED_WRITEAUTH_TRUE)
+	AC_SUBST(NEED_WRITEAUTH_FALSE)
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
 fi
-undefine([foo])
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
 ])
 
+# Define a conditional.
+
+AC_DEFUN(AM_CONDITIONAL,
+[AC_SUBST($1_TRUE)
+AC_SUBST($1_FALSE)
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi])
+
+dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
 dnl
-dnl Check if we need the declaration of a variable
+dnl find a suitable database library
 dnl
+dnl AC_FIND_DB(libraries)
+AC_DEFUN(KRB_FIND_DB, [
 
-dnl AC_HAVE_DECLARATION(includes, variable)
-AC_DEFUN(AC_CHECK_DECLARATION, [
-AC_MSG_CHECKING([if $2 is properly declared])
-AC_CACHE_VAL(ac_cv_var_$2_declaration, [
-AC_TRY_COMPILE([$1
-extern struct { int foo; } $2;],
-[$2.foo = 1;],
-eval "ac_cv_var_$2_declaration=no",
-eval "ac_cv_var_$2_declaration=yes")
-])
+lib_dbm=no
+lib_db=no
 
-ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]
+for i in $1; do
 
-define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
-: << END
-@@@syms="$syms foo"@@@
-END
-undefine([foo])
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
 
-AC_MSG_RESULT($ac_cv_var_$2_declaration)
-if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
-	AC_DEFINE_UNQUOTED($ac_tr_var)
+	AC_MSG_CHECKING(for dbm_open in $m)
+	AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	AC_TRY_RUN([
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}], [
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi], ac_res=no, ac_res=no)
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res])
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	AC_MSG_RESULT($ac_res)
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+AC_MSG_CHECKING(for NDBM library)
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).])
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
 fi
+test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl
+AC_SUBST(LIB_DBM)
+DBLIB="$LIB_DBM"
+AC_SUBST(DBLIB)
+AC_MSG_RESULT($ac_res)
+
 ])
 
+dnl $Id: broken-snprintf.m4,v 1.3 1999/03/01 09:52:22 joda Exp $
 dnl
-dnl
-dnl
+AC_DEFUN(AC_BROKEN_SNPRINTF, [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+changequote(`,')dnl
+	char foo[3];
+changequote([,])dnl
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1");
+}],:,ac_cv_func_snprintf_working=no,:))
 
-dnl AC_CHECK_VAR(includes, variable)
-AC_DEFUN(AC_CHECK_VAR, [
-AC_MSG_CHECKING(for $2)
-AC_CACHE_VAL(ac_cv_var_$2, [
-AC_TRY_LINK([extern int $2;
-int foo() { return $2; }],
-	    [foo()],
-	    ac_cv_var_$2=yes, ac_cv_var_$2=no)
+if test "$ac_cv_func_snprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
 ])
-eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])"
 
-define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
-: << END
-@@@syms="$syms foo"@@@
-END
-undefine([foo])
+AC_DEFUN(AC_BROKEN_VSNPRINTF,[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
 
-AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
-if test `eval echo \\$ac_cv_var_$2` = yes; then
-	AC_DEFINE_UNQUOTED($ac_tr_var)
-	AC_CHECK_DECLARATION([$1],[$2])
+int foo(int num, ...)
+{
+changequote(`,')dnl
+	char bar[3];
+changequote([,])dnl
+	va_list arg;
+	va_start(arg, num);
+	vsnprintf(bar, 2, "%s", arg);
+	va_end(arg);
+	return strcmp(bar, "1");
+}
+
+
+int main()
+{
+	return foo(0, "12");
+}],:,ac_cv_func_vsnprintf_working=no,:))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
 fi
 ])
 
+dnl $Id: need-proto.m4,v 1.2 1999/03/01 09:52:24 joda Exp $
+dnl
 dnl
 dnl Check if we need the prototype for a function
 dnl
@@ -278,6 +958,7 @@ dnl
 dnl AC_NEED_PROTO(includes, function)
 
 AC_DEFUN(AC_NEED_PROTO, [
+if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
 AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
 AC_TRY_COMPILE([$1],
 [struct foo { int foo; } xx;
@@ -288,158 +969,95 @@ eval "ac_cv_func_$2_noproto=yes",
 eval "ac_cv_func_$2_noproto=no"))
 define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
 if test "$ac_cv_func_$2_noproto" = yes; then
-	AC_DEFINE(foo)
+	AC_DEFINE(foo, 1, [define if the system is missing a prototype for $2()])
 fi
-: << END
-@@@syms="$syms foo"@@@
-END
 undefine([foo])
+fi
 ])
 
-dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
-dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
-dnl 	AC_DEFINE_UNQUOTED($ac_tr_func)
-dnl fi
-dnl ])
-dnl 
-dnl AC_DEFUN(AC_NEED_PROTO, [
-dnl AC_MSG_CHECKING([if $3 needs a proto])
-dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [
-dnl AC_TRY_COMPILE([$1],
-dnl [$2],
-dnl eval "ac_cv_func_$3_proto=no",
-dnl eval "ac_cv_func_$3_proto=yes")
-dnl ])
-dnl changequote(, )dnl
-dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO"
-dnl changequote([, ])dnl
-dnl 
-dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO])
-dnl : << END
-dnl @@@syms="$syms foo"@@@
-dnl END
-dnl undefine([foo])
-dnl 
-dnl AC_MSG_RESULT($ac_cv_func_$3_proto)
-dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then
-dnl 	AC_DEFINE_UNQUOTED($ac_tr_func)
-dnl fi
-dnl ])
-
-AC_DEFUN(AC_GROK_TYPE, [
-AC_CACHE_VAL(ac_cv_type_$1, 
-AC_TRY_COMPILE([
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-],
-$i x;
-,
-eval ac_cv_type_$1=yes,
-eval ac_cv_type_$1=no))])
-
-
-AC_DEFUN(AC_GROK_TYPES, [
-for i in $1; do
-	AC_MSG_CHECKING(for $i)
-	AC_GROK_TYPE($i)
-	eval ac_res=\$ac_cv_type_$i
-	if test "$ac_res" = yes; then
-		type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'`
-		AC_DEFINE_UNQUOTED($type)
-	fi
-	AC_MSG_RESULT($ac_res)
-done
-])
-
-dnl
-dnl Specific tests
-dnl
-
-dnl
-dnl We prefer byacc or yacc because they do not use `alloca'
-dnl
-
-AC_DEFUN(AC_KRB_PROG_YACC,
-[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
-
+dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
 dnl
-dnl Also look for EMXOMF for OS/2
+dnl check for glob(3)
 dnl
+AC_DEFUN(AC_BROKEN_GLOB,[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_TRY_LINK([
+#include <stdio.h>
+#include <glob.h>],[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+],:,ac_cv_func_glob_working=no,:))
 
-AC_DEFUN(AC_KRB_PROG_RANLIB,
-[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
+if test "$ac_cv_func_glob_working" = yes; then
+	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])
 
+dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
 dnl
-dnl Better test for ln -s, ln or cp
-dnl
+dnl check for getpwnam_r, and if it's posix or not
 
-AC_DEFUN(AC_KRB_PROG_LN_S,
-[AC_MSG_CHECKING(for ln -s or something else)
-AC_CACHE_VAL(ac_cv_prog_LN_S,
-[rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi])dnl
-LN_S="$ac_cv_prog_LN_S"
-AC_MSG_RESULT($ac_cv_prog_LN_S)
-AC_SUBST(LN_S)dnl
+AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+	ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	AC_TRY_RUN([
+#include <pwd.h>
+int main()
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
 ])
-
+dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $
 dnl
-dnl NEXTSTEP is not posix compliant by default,
-dnl you need a switch -posix to the compiler
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
 dnl
 
-AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
-AC_MSG_CHECKING(for NEXTSTEP)
-AC_CACHE_VAL(krb_cv_sys_nextstep,
-AC_EGREP_CPP(yes, 
-[#ifdef NeXT
-	yes
-#endif 
-], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
-if test "$krb_cv_sys_nextstep" = "yes"; then
-  CFLAGS="$CFLAGS -posix"
-  LIBS="$LIBS -posix"
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS[]="$LIBOBJS $1.o"
 fi
-AC_MSG_RESULT($krb_cv_sys_nextstep)
+AC_SUBST(LIBOBJS)dnl
 ])
 
+dnl $Id: broken.m4,v 1.3 1998/03/16 22:16:19 joda Exp $
 dnl
-dnl AIX have a very different syscall convention
 dnl
-AC_DEFUN(AC_KRB_SYS_AIX, [
-AC_MSG_CHECKING(for AIX)
-AC_CACHE_VAL(krb_cv_sys_aix,
-AC_EGREP_CPP(yes, 
-[#ifdef _AIX
-	yes
-#endif 
-], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
-AC_MSG_RESULT($krb_cv_sys_aix)
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries 
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+ac_tr_func=HAVE_[]upcase($ac_func)
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS[]="$LIBOBJS ${ac_func}.o"])
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
 ])
 
+dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
+dnl
 dnl
 dnl test for broken getcwd in (SunOS braindamage)
 dnl
@@ -471,7 +1089,7 @@ int main()
 ], ac_cv_func_getcwd_broken=yes,:,:)
 ])
 if test "$ac_cv_func_getcwd_broken" = yes; then
-	AC_DEFINE(BROKEN_GETCWD, 1)dnl
+	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
 	LIBOBJS="$LIBOBJS getcwd.o"
 	AC_SUBST(LIBOBJS)dnl
 	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
@@ -481,43 +1099,120 @@ fi
 fi
 ])
 
+dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
+dnl
+dnl
+dnl Check if the prototype of a function is compatible with another one
+dnl
+
+dnl AC_PROTO_COMPAT(includes, function, prototype)
+
+AC_DEFUN(AC_PROTO_COMPAT, [
+AC_CACHE_CHECK([if $2 is compatible with system prototype],
+ac_cv_func_$2_proto_compat,
+AC_TRY_COMPILE([$1],
+[$3;],
+eval "ac_cv_func_$2_proto_compat=yes",
+eval "ac_cv_func_$2_proto_compat=no"))
+define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
+if test "$ac_cv_func_$2_proto_compat" = yes; then
+	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
+	$3])
+fi
+undefine([foo])
+])
+dnl $Id: check-var.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+	    [foo()],
+	    ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+	AC_DEFINE_UNQUOTED(foo, 1, [define if you have $2])
+	AC_CHECK_DECLARATION([$1],[$2])
+fi
+undefine([foo])
+])
+
+dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
+dnl
+dnl
+dnl Check if we need the declaration of a variable
+dnl
 
-AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
-if test "${with_shared}" = "yes"; then
-AC_MSG_CHECKING(for pragma weak)
-AC_CACHE_VAL(ac_have_pragma_weak, [
-ac_have_pragma_weak=no
-cat > conftest_foo.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-#pragma weak foo = _foo
-int _foo = 17;
-EOF
-cat > conftest_bar.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-extern int foo;
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
 
-int t() {
-  return foo;
-}
+define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
 
-int main() {
-  return t();
-}
-EOF
-if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
-ac_have_pragma_weak=yes
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+	AC_DEFINE(foo, 1, [define if your system declares $2])
 fi
-rm -rf conftest*
+undefine([foo])
 ])
-if test "$ac_have_pragma_weak" = "yes"; then
-	AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl
+
+dnl $Id: have-struct-field.m4,v 1.5 1999/03/01 13:10:35 joda Exp $
+dnl
+dnl check for fields in a structure
+dnl
+dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
+
+AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
+define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
+AC_CACHE_CHECK([for $2 in $1], cache_val,[
+AC_TRY_COMPILE([$3],[$1 x; x.$2;],
+cache_val=yes,
+cache_val=no)])
+if test "$cache_val" = yes; then
+	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
+	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
+	undefine(foo)
 fi
-AC_MSG_RESULT($ac_have_pragma_weak)
+undefine(cache_val)
+])
+
+dnl $Id
+dnl
+dnl Test for `struct spwd'
+
+AC_DEFUN(AC_KRB_STRUCT_SPWD, [
+AC_MSG_CHECKING(for struct spwd)
+AC_CACHE_VAL(ac_cv_type_struct_spwd, [
+AC_TRY_COMPILE(
+[#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif],
+[struct spwd foo;],
+ac_cv_struct_spwd=yes,
+ac_cv_struct_spwd=no)
+])
+AC_MSG_RESULT($ac_cv_struct_spwd)
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
 fi
 ])
 
+dnl $Id: krb-struct-winsize.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
 dnl
 dnl Search for struct winsize
 dnl
@@ -535,9 +1230,62 @@ $i, ac_cv_struct_winsize=yes; break)dnl
 done
 ])
 if test "$ac_cv_struct_winsize" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl
+  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
 fi
 AC_MSG_RESULT($ac_cv_struct_winsize)
-AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL))
-AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL))
+AC_EGREP_HEADER(ws_xpixel, termios.h, 
+	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
+AC_EGREP_HEADER(ws_ypixel, termios.h, 
+	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
+])
+
+dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN(AC_CHECK_TYPE_EXTRA,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
 ])
+
+dnl $Id: krb-version.m4,v 1.1 1997/12/14 15:59:03 joda Exp $
+dnl
+dnl
+dnl output a C header-file with some version strings
+dnl
+AC_DEFUN(AC_KRB_VERSION,[
+dnl AC_OUTPUT_COMMANDS([
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+	echo "include/version.h is unchanged"
+	rm -f include/newversion.h.in
+else
+ 	echo "creating include/version.h"
+ 	User=${USER-${LOGNAME}}
+ 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ 	Date=`date`
+	mv -f include/newversion.h.in include/version.h.in
+	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+dnl ],host=$host PACKAGE=$PACKAGE VERSION=$VERSION)
+])
+
diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in
index d0b68b1..31de19d 100644
--- a/crypto/kerberosIV/admin/Makefile.in
+++ b/crypto/kerberosIV/admin/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $
+# $Id: Makefile.in,v 1.32 1999/03/10 19:01:10 joda Exp $
 
 SHELL = /bin/sh
 
@@ -6,10 +6,12 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 LIBS = @LIBS@
 LIB_DBM = @LIB_DBM@
@@ -45,17 +47,17 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(sbindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -74,31 +76,27 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes
 LIBROKEN= -L../lib/roken -lroken
 
 ext_srvtab$(EXECSUFFIX): ext_srvtab.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 kdb_destroy$(EXECSUFFIX): kdb_destroy.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 kdb_edit$(EXECSUFFIX): kdb_edit.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 kdb_init$(EXECSUFFIX): kdb_init.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 kdb_util$(EXECSUFFIX): kdb_util.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 kstash$(EXECSUFFIX): kstash.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
 
 $(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c
index 9c02921..f1f1752 100644
--- a/crypto/kerberosIV/admin/ext_srvtab.c
+++ b/crypto/kerberosIV/admin/ext_srvtab.c
@@ -9,7 +9,7 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $");
+RCSID("$Id: ext_srvtab.c,v 1.17 1998/06/09 19:24:13 joda Exp $");
 
 static des_cblock master_key;
 static des_cblock session_key;
@@ -17,15 +17,6 @@ static des_key_schedule master_key_schedule;
 static char realm[REALM_SZ];
 
 static void
-usage(void)
-{
-    fprintf(stderr, 
-	    "Usage: %s [-n] [-r realm] instance [instance ...]\n",
-	    __progname);
-    exit(1);
-}
-
-static void
 StampOutSecrets(void)
 {
     memset(master_key, 0, sizeof master_key);
@@ -34,8 +25,11 @@ StampOutSecrets(void)
 }
 
 static void
-Die(void)
+usage(void)
 {
+    fprintf(stderr, 
+	    "Usage: %s [-n] [-r realm] instance [instance ...]\n",
+	    __progname);
     StampOutSecrets();
     exit(1);
 }
@@ -44,8 +38,8 @@ static void
 FWrite(void *p, int size, int n, FILE *f)
 {
     if (fwrite(p, size, n, f) != n) {
-	printf("Error writing output file.  Terminating.\n");
-	Die();
+        StampOutSecrets();
+	errx(1, "Error writing output file.  Terminating.\n");
     }
 }
 
@@ -64,6 +58,10 @@ main(int argc, char **argv)
     set_progname (argv[0]);
     memset(realm, 0, sizeof(realm));
     
+#ifdef HAVE_ATEXIT
+    atexit(StampOutSecrets);
+#endif
+
     /* Parse commandline arguments */
     if (argc < 2)
 	usage();
@@ -75,7 +73,7 @@ main(int argc, char **argv)
 		if (++i >= argc)
 		    usage();
 		else {
-		    strcpy(realm, argv[i]);
+		    strcpy_truncate(realm, argv[i], REALM_SZ);
 		    /* 
 		     * This is to humor the broken way commandline
 		     * argument parsing is done.  Later, this
@@ -104,8 +102,10 @@ main(int argc, char **argv)
     /* For each arg, search for instances of arg, and produce */
     /* srvtab file */
     if (!realm[0])
-	if (krb_get_lrealm(realm, 1) != KSUCCESS)
+      if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+	  StampOutSecrets();
 	  errx (1, "couldn't get local realm");
+      }
     umask(077);
 
     for (arg = 1; arg < argc; arg++) {
@@ -135,9 +135,6 @@ main(int argc, char **argv)
 	}
 	fclose(fout);
     }
-
     StampOutSecrets();
-
     return fopen_errs;		/* 0 errors if successful */
-
 }
diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c
index fca339f..ec4a5d00 100644
--- a/crypto/kerberosIV/admin/kdb_destroy.c
+++ b/crypto/kerberosIV/admin/kdb_destroy.c
@@ -9,14 +9,12 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $");
+RCSID("$Id: kdb_destroy.c,v 1.9 1998/06/09 19:24:13 joda Exp $");
 
 int
 main(int argc, char **argv)
 {
     char    answer[10];		/* user input */
-    char    dbm[256];		/* database path and name */
-    char    dbm1[256];		/* database path and name */
 #ifdef HAVE_NEW_DB
     char   *file;               /* database file names */
 #else
@@ -25,21 +23,22 @@ main(int argc, char **argv)
 
     set_progname (argv[0]);
 
-    strcpy(dbm, DBM_FILE);
 #ifdef HAVE_NEW_DB
-    file = strcat(dbm, ".db");
+    asprintf(&file, "%s.db", DBM_FILE);
+    if (file == NULL)
+	err (1, "malloc");
 #else
-    strcpy(dbm1, DBM_FILE);
-    file1 = strcat(dbm, ".dir");
-    file2 = strcat(dbm1, ".pag");
+    asprintf(&file1, "%s.dir", DBM_FILE);
+    asprintf(&file2, "%s.pag", DBM_FILE);
+    if (file1 == NULL || file2 == NULL)
+	err (1, "malloc");
 #endif
 
     printf("You are about to destroy the Kerberos database ");
     printf("on this machine.\n");
     printf("Are you sure you want to do this (y/n)? ");
-    fgets(answer, sizeof(answer), stdin);
-
-    if (answer[0] == 'y' || answer[0] == 'Y') {
+    if (fgets(answer, sizeof(answer), stdin) != NULL
+	&& (answer[0] == 'y' || answer[0] == 'Y')) {
 #ifdef HAVE_NEW_DB
       if (unlink(file) == 0)
 #else
diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c
index 5d07135..bd9df2d 100644
--- a/crypto/kerberosIV/admin/kdb_edit.c
+++ b/crypto/kerberosIV/admin/kdb_edit.c
@@ -15,14 +15,12 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $");
+RCSID("$Id: kdb_edit.c,v 1.27 1998/11/22 09:26:31 assar Exp $");
 
 #ifdef DEBUG
 extern  kerb_debug;
 #endif
 
-#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
-
 static int     nflag = 0;
 static int     debug;
 
@@ -74,8 +72,7 @@ change_principal(void)
     int     editpw = 0;
     int     changed = 0;
     long    temp_long;		/* Don't change to int32_t, used by scanf */
-    int     n;
-    struct tm 	*tp, edate;
+    struct tm 	edate;
 
     fprintf(stdout, "\nPrincipal name: ");
     fflush(stdout);
@@ -96,8 +93,12 @@ change_principal(void)
 	/* make a new principal, fill in defaults */
 	j = 1;
 	creating = 1;
-	strcpy(principal_data[0].name, input_name);
-	strcpy(principal_data[0].instance, input_instance);
+	strcpy_truncate(principal_data[0].name,
+			input_name,
+			ANAME_SZ);
+	strcpy_truncate(principal_data[0].instance,
+			input_instance,
+			INST_SZ);
 	principal_data[0].old = NULL;
 	principal_data[0].exp_date = default_princ.exp_date;
 	if (strcmp(input_instance, "admin") == 0)
@@ -110,12 +111,7 @@ change_principal(void)
 	principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
 	principal_data[0].key_version = 0; /* bumped up later */
     }
-    tp = k_localtime(&principal_data[0].exp_date);
-    snprintf(principal_data[0].exp_date_txt,
-	     sizeof(principal_data[0].exp_date_txt),
-	     "%4d-%02d-%02d",
-	     tp->tm_year + 1900,
-	     tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+    *principal_data[0].exp_date_txt = '\0';
     for (i = 0; i < j; i++) {
 	for (;;) {
 	    fprintf(stdout,
@@ -219,35 +215,38 @@ change_principal(void)
 		changed = 1;
 	    }
 	    /* expiration date */
-	    fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
-		    principal_data[i].exp_date_txt);
-	    fflush(stdout);
-	    zaptime(&edate);
-	    while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) >
-				  sizeof(principal_data[0].exp_date_txt))) {
-	    bad_date:
-		fprintf(stdout, "\07\07Date Invalid\n");
-		fprintf(stdout,
-			"Expiration date (enter yyyy-mm-dd) [ %s ] ? ",
-			principal_data[i].exp_date_txt);
-		fflush(stdout);
-		zaptime(&edate);
-	    }
-
-	    if (*temp) {
-		if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
-			      &edate.tm_mon, &edate.tm_mday) != 3)
-		    goto bad_date;
-		edate.tm_mon--;		/* January is 0, not 1 */
-		edate.tm_hour = 23;	/* nearly midnight at the end of the */
-		edate.tm_min = 59;	/* specified day */
-		if (krb_check_tm (edate))
-		    goto bad_date;
-		edate.tm_year -= 1900;
-		temp_long = tm2time (edate, 1);
-		strcpy(principal_data[i].exp_date_txt, temp);
-		principal_data[i].exp_date = temp_long;
-		changed = 1;
+	    {
+		char d[DATE_SZ];
+		struct tm *tm;
+		tm = k_localtime(&principal_data[i].exp_date);
+		strftime(d, sizeof(d), "%Y-%m-%d", tm);
+		while(1) {
+		    printf("Expiration date (yyyy-mm-dd) [ %s ] ? ", d);
+		    fflush(stdout);
+		    if(n_gets(temp, sizeof(temp)) == NULL) {
+			printf("Invalid date.\n");
+			continue;
+		    }
+		    if (*temp) {
+			memset(&edate, 0, sizeof(edate));
+			if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
+				   &edate.tm_mon, &edate.tm_mday) != 3) {
+			    printf("Invalid date.\n");
+			    continue;
+			}
+			edate.tm_mon--;     /* January is 0, not 1 */
+			edate.tm_hour = 23; /* at the end of the */
+			edate.tm_min = 59;  /* specified day */
+			if (krb_check_tm (edate)) {
+			    printf("Invalid date.\n");
+			    continue;
+			}
+			edate.tm_year -= 1900;
+			principal_data[i].exp_date = tm2time (edate, 1);
+			changed = 1;
+		    }
+		    break;
+		}
 	    }
 
 	    /* maximum lifetime */
@@ -281,7 +280,7 @@ change_principal(void)
 		    goto bad_att;
 		if (temp_long > 65535 || (temp_long < 0)) {
 		bad_att:
-		    fprintf(stdout, "\07\07Invalid, choose 0-65535\n");
+		    fprintf(stdout, "Invalid, choose 0-65535\n");
 		    fprintf(stdout, "Attributes [ %d ] ? ",
 			    principal_data[i].attributes);
 		    fflush(stdout);
diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c
index b9ea009..bf340a7 100644
--- a/crypto/kerberosIV/admin/kdb_init.c
+++ b/crypto/kerberosIV/admin/kdb_init.c
@@ -10,7 +10,7 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $");
+RCSID("$Id: kdb_init.c,v 1.24 1998/06/09 19:24:13 joda Exp $");
 
 enum ap_op {
     NULL_KEY,			/* setup null keys */
@@ -28,12 +28,11 @@ static int
 add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
 {
     Principal principal;
-    struct tm *tm;
     des_cblock new_key;
 
     memset(&principal, 0, sizeof(principal));
-    strncpy(principal.name, name, ANAME_SZ);
-    strncpy(principal.instance, instance, INST_SZ);
+    strcpy_truncate(principal.name, name, ANAME_SZ);
+    strcpy_truncate(principal.instance, instance, INST_SZ);
     switch (aap_op) {
     case NULL_KEY:
 	principal.key_low = 0;
@@ -58,19 +57,19 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
 	copy_from_key(new_key, &principal.key_low, &principal.key_high);
 	break;
     }
-    principal.exp_date = 946702799;	/* Happy new century */
-    strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
     principal.mod_date = time(0);
+    *principal.mod_date_txt = '\0';
+    principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60;
+    *principal.exp_date_txt = '\0';
 
-    tm = k_localtime(&principal.mod_date);
     principal.attributes = 0;
     principal.max_life = maxlife;
 
     principal.kdc_key_ver = 1;
     principal.key_version = 1;
 
-    strncpy(principal.mod_name, "db_creation", ANAME_SZ);
-    strncpy(principal.mod_instance, "", INST_SZ);
+    strcpy_truncate(principal.mod_name, "db_creation", ANAME_SZ);
+    strcpy_truncate(principal.mod_instance, "", INST_SZ);
     principal.old = 0;
 
     if (kerb_db_put_principal(&principal, 1) != 1)
@@ -109,10 +108,10 @@ main(int argc, char **argv)
     kerb_db_set_name(database);
 
     if (argc == 2)
-	strncpy(realm, argv[1], REALM_SZ);
+	strcpy_truncate(realm, argv[1], REALM_SZ);
     else {
         if (krb_get_lrealm(realm, 1) != KSUCCESS)
-		strcpy(realm, KRB_REALM);
+	    strcpy_truncate(realm, KRB_REALM, REALM_SZ);
 	fprintf(stderr, "Realm name [default  %s ]: ", realm);
 	if (fgets(realm, sizeof(realm), stdin) == NULL)
 	    errx (1, "\nEOF reading realm");
@@ -120,7 +119,7 @@ main(int argc, char **argv)
 	    *cp = '\0';
 	if (!*realm)			/* no realm given */
 		if (krb_get_lrealm(realm, 1) != KSUCCESS)
-			strcpy(realm, KRB_REALM);
+		    strcpy_truncate(realm, KRB_REALM, REALM_SZ);
     }
     if (!k_isrealm(realm))
 	errx (1, "Bad kerberos realm name \"%s\"", realm);
diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c
index b221fdd..4700df1 100644
--- a/crypto/kerberosIV/admin/kdb_util.c
+++ b/crypto/kerberosIV/admin/kdb_util.c
@@ -15,13 +15,11 @@
 
 #include "adm_locl.h"
 
-RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $");
+RCSID("$Id: kdb_util.c,v 1.40 1999/07/05 21:43:52 assar Exp $");
 
 static des_cblock master_key, new_master_key;
 static des_key_schedule master_key_schedule, new_master_key_schedule;
 
-#define zaptime(foo) memset((foo), 0, sizeof(*(foo)))
-
 /* cv_key is a procedure which takes a principle and changes its key, 
    either for a new method of encrypting the keys, or a new master key.
    if cv_key is null no transformation of key is done (other than net byte
@@ -52,11 +50,10 @@ time_explode(char *cp)
     struct tm tp;
     int local;
 
-    zaptime(&tp);			/* clear out the struct */
+    memset(&tp, 0, sizeof(tp));	/* clear out the struct */
     
     if (strlen(cp) > 10) {		/* new format */
-	strncpy(wbuf, cp, 4);
-	wbuf[4] = 0;
+	strcpy_truncate(wbuf, cp, sizeof(wbuf));
 	tp.tm_year = atoi(wbuf) - 1900;
 	cp += 4;			/* step over the year */
 	local = 0;			/* GMT */
@@ -86,13 +83,13 @@ time_explode(char *cp)
     wbuf[1] = *cp++;
     tp.tm_min = atoi(wbuf);
 
-
     return(tm2time(tp, local));
 }
 
 static int
-dump_db_1(void *arg, Principal *principal)
-{	    /* replace null strings with "*" */
+dump_db_1(void *arg,
+	  Principal *principal)	/* replace null strings with "*" */
+{
     struct callback_args *a = (struct callback_args *)arg;
     
     if (principal->instance[0] == '\0') {
@@ -135,7 +132,7 @@ dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
     a.cv_key = cv_key;
     a.output_file = output_file;
     
-    kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a);
+    kerb_db_iterate (dump_db_1, &a);
     return fflush(output_file);
 }
 
@@ -198,14 +195,12 @@ static void
 load_db (char *db_file, FILE *input_file)
 {
     long *db;
-    int     temp1;
     int code;
     char *temp_db_file;
 
-    temp1 = strlen(db_file)+2;
-    temp_db_file = malloc (temp1);
-    strcpy(temp_db_file, db_file);
-    strcat(temp_db_file, "~");
+    asprintf (&temp_db_file, "%s~", db_file);
+    if(temp_db_file == NULL)
+	errx (1, "out of memory");
 
     /* Create the database */
     if ((code = kerb_db_create(temp_db_file)) != 0)
@@ -244,15 +239,20 @@ update_ok_file (char *file_name)
     /* handle slave locking/failure stuff */
     char *file_ok;
     int fd;
-    static char ok[]=".dump_ok";
 
-    asprintf (&file_ok, "%s%s", file_name, ok);
+    asprintf (&file_ok, "%s.dump_ok", file_name);
     if (file_ok == NULL)
       errx (1, "out of memory");
-    if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0)
+    if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
         err (1, "Error creating %s", file_ok);
     free(file_ok);
     close(fd);
+    /*
+     * Some versions of BSD don't update the mtime in the above open so
+     * we call utimes just in case.
+     */
+    if (utime(file_name, NULL) < 0)
+	err (1, "utime %s", file_name);
 }
 
 static void
@@ -271,10 +271,12 @@ convert_key_new_master (Principal *p)
     (p->key_version)++;
   } else {
     copy_to_key(&p->key_low, &p->key_high, key);
-    kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT);
+    kdb_encrypt_key (&key, &key, &master_key,
+		     master_key_schedule, DES_DECRYPT);
   }
 
-  kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT);
+  kdb_encrypt_key (&key, &key, &new_master_key,
+		   new_master_key_schedule, DES_ENCRYPT);
 
   copy_from_key(key, &(p->key_low), &(p->key_high));
   memset(key, 0, sizeof (key));  /* a little paranoia ... */
@@ -319,9 +321,15 @@ convert_new_master_key (char *db_file, FILE *out)
 
   dump_db (db_file, out, convert_key_new_master);
   {
-    char fname[128];
-    snprintf(fname, sizeof(fname), "%s.new", MKEYFILE);
+    char *fname;
+
+    asprintf(&fname, "%s.new", MKEYFILE);
+    if(fname == NULL) {
+      clear_secrets();
+      errx(1, "malloc: failed");
+    }
     kdb_kstash(&new_master_key, fname);
+    free(fname);
   }
 #endif /* RANDOM_MKEY */
 }
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
index c951258..2cc8391 100644
--- a/crypto/kerberosIV/appl/Makefile.in
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $
+# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $
 
 srcdir		= @srcdir@
 VPATH		= @srcdir@
@@ -7,8 +7,8 @@ SHELL		= /bin/sh
 
 @SET_MAKE@
 
-SUBDIRS		= sample kauth bsd movemail afsutil \
-		  kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet
+SUBDIRS		= sample kauth bsd movemail push afsutil \
+		  popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
 
 all:
 	for i in $(SUBDIRS); \
@@ -40,4 +40,4 @@ realclean:
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
 
-.PHONY: all install uninstall clean distclean realclean mostlyclean
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/afsutil/Makefile.in b/crypto/kerberosIV/appl/afsutil/Makefile.in
new file mode 100644
index 0000000..86adb88
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/Makefile.in
@@ -0,0 +1,89 @@
+# $Id: Makefile.in,v 1.27 1999/03/10 19:01:10 joda Exp $
+
+SHELL	= /bin/sh
+
+srcdir	= @srcdir@
+VPATH	= @srcdir@
+
+top_builddir	= ../..
+
+CC	= @CC@
+LINK	= @LINK@
+AR	= ar
+RANLIB	= @RANLIB@
+DEFS	= @DEFS@
+CFLAGS	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS= @LD_FLAGS@
+INSTALL	= @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+LIBROKEN = -L../../lib/roken -lroken
+LIBS	= @KRB_KAFS_LIB@ -L../../lib/krb -lkrb -L../../lib/des -ldes $(LIBROKEN) @LIBS@ $(LIBROKEN)
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= pagsh$(EXECSUFFIX) \
+		  afslog$(EXECSUFFIX) \
+		  kstring2key$(EXECSUFFIX)
+PROG_LIBEXEC	= 
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+SOURCES = pagsh.c aklog.c kstring2key.c
+
+OBJECTS = pagsh.o aklog.o kstring2key.o
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROG_BIN); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROG_BIN); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+pagsh$(EXECSUFFIX): pagsh.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ pagsh.o $(LIBS)
+
+afslog$(EXECSUFFIX): aklog.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ aklog.o $(LIBS)
+
+kstring2key$(EXECSUFFIX): kstring2key.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstring2key.o $(LIBS)
+
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/afsutil/aklog.c b/crypto/kerberosIV/appl/afsutil/aklog.c
new file mode 100644
index 0000000..f3bcb8b
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/aklog.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <err.h>
+#include <krb.h>
+#include <kafs.h>
+
+#include <roken.h>
+
+RCSID("$Id: aklog.c,v 1.22.2.1 1999/07/22 03:13:22 assar Exp $");
+
+static int debug = 0;
+
+static void
+DEBUG(const char *, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+static void
+DEBUG(const char *fmt, ...)
+{
+  va_list ap;
+  if (debug) {
+    va_start(ap, fmt);
+    vwarnx(fmt, ap);
+    va_end(ap);
+  }
+}
+
+static char *
+expand_cell_name(char *cell)
+{
+  FILE *f;
+  static char buf[128];
+  char *p;
+
+  f = fopen(_PATH_CELLSERVDB, "r");
+  if(f == NULL)
+    return cell;
+  while(fgets(buf, sizeof(buf), f) != NULL) {
+    if(buf[0] == '>') {
+      for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
+	  ;
+      *p = '\0';
+      if(strstr(buf, cell)){
+	fclose(f);
+	return buf + 1;
+      }
+    }
+    buf[0] = 0;
+  }
+  fclose(f);
+  return cell;
+}
+
+static int
+createuser (char *cell)
+{
+  char cellbuf[64];
+  char name[ANAME_SZ];
+  char instance[INST_SZ];
+  char realm[REALM_SZ];
+  char cmd[1024];
+
+  if (cell == NULL) {
+    FILE *f;
+    int len;
+
+    f = fopen (_PATH_THISCELL, "r");
+    if (f == NULL)
+      err (1, "open(%s)", _PATH_THISCELL);
+    if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
+      err (1, "read cellname from %s", _PATH_THISCELL);
+    fclose (f);
+    len = strlen(cellbuf);
+    if (cellbuf[len-1] == '\n')
+      cellbuf[len-1] = '\0';
+    cell = cellbuf;
+  }
+
+  if(krb_get_default_principal(name, instance, realm))
+    errx (1, "Could not even figure out who you are");
+
+  snprintf (cmd, sizeof(cmd),
+	    "pts createuser %s%s%s@%s -cell %s",
+	    name, *instance ? "." : "", instance, strlwr(realm),
+	    cell);
+  DEBUG("Executing %s", cmd);
+  return system(cmd);
+}
+
+int
+main(int argc, char **argv)
+{
+  int i;
+  int do_aklog = -1;
+  int do_createuser = -1;
+  char *cell = NULL;
+  char *realm = NULL;
+  char cellbuf[64];
+  
+  set_progname (argv[0]);
+
+  if(!k_hasafs())
+    exit(1);
+
+  for(i = 1; i < argc; i++){
+    if(!strncmp(argv[i], "-createuser", 11)){
+      do_createuser = do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-c", 2) && i + 1 < argc){
+      cell = expand_cell_name(argv[++i]);
+      do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-k", 2) && i + 1 < argc){
+      realm = argv[++i];
+
+    }else if(!strncmp(argv[i], "-p", 2) && i + 1 < argc){
+      if(k_afs_cell_of_file(argv[++i], cellbuf, sizeof(cellbuf)))
+	errx (1, "No cell found for file \"%s\".", argv[i]);
+      else
+	cell = cellbuf;
+      do_aklog = 1;
+
+    }else if(!strncmp(argv[i], "-unlog", 6)){
+      exit(k_unlog());
+
+    }else if(!strncmp(argv[i], "-hosts", 6)){
+      warnx ("Argument -hosts is not implemented.");
+
+    }else if(!strncmp(argv[i], "-zsubs", 6)){
+      warnx("Argument -zsubs is not implemented.");
+
+    }else if(!strncmp(argv[i], "-noprdb", 6)){
+      warnx("Argument -noprdb is not implemented.");
+
+    }else if(!strncmp(argv[i], "-d", 6)){
+      debug = 1;
+
+    }else{
+      if(!strcmp(argv[i], ".") ||
+	 !strcmp(argv[i], "..") ||
+	 strchr(argv[i], '/')){
+	DEBUG("I guess that \"%s\" is a filename.", argv[i]);
+	if(k_afs_cell_of_file(argv[i], cellbuf, sizeof(cellbuf)))
+	  errx (1, "No cell found for file \"%s\".", argv[i]);
+	else {
+	  cell = cellbuf;
+	  DEBUG("The file \"%s\" lives in cell \"%s\".", argv[i], cell);
+	}
+      }else{
+	cell = expand_cell_name(argv[i]);
+	DEBUG("I guess that %s is cell %s.", argv[i], cell);
+      }
+      do_aklog = 1;
+    }
+    if(do_aklog == 1){
+      do_aklog = 0;
+      if(krb_afslog(cell, realm))
+	errx (1, "Failed getting tokens for cell %s in realm %s.", 
+	      cell?cell:"(local cell)", realm?realm:"(local realm)");
+    }
+    if(do_createuser == 1) {
+      do_createuser = 0;
+      if(createuser(cell))
+	errx (1, "Failed creating user in cell %s", cell?cell:"(local cell)");
+    }
+  }
+  if(do_aklog == -1 && do_createuser == -1 && krb_afslog(0, realm))
+    errx (1, "Failed getting tokens for cell %s in realm %s.", 
+	  cell?cell:"(local cell)", realm?realm:"(local realm)");
+  return 0;
+}
diff --git a/crypto/kerberosIV/appl/afsutil/kstring2key.c b/crypto/kerberosIV/appl/afsutil/kstring2key.c
new file mode 100644
index 0000000..30482f0
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/kstring2key.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+RCSID("$Id: kstring2key.c,v 1.14 1998/06/09 19:24:14 joda Exp $");
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <err.h>
+
+#include <roken.h>
+
+#include <des.h>
+#include <krb.h>
+
+#define VERIFY 0
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	    "Usage: %s [-c AFS cellname] [ -5 krb5salt ] [ password ]\n",
+	    __progname);
+    fprintf(stderr,
+	    "       krb5salt is realmname APPEND principal APPEND instance\n");
+    exit(1);
+}
+
+static
+void
+krb5_string_to_key(char *str,
+		   char *salt,
+		   des_cblock *key)
+{
+    char *foo;
+
+    asprintf(&foo, "%s%s", str, salt);
+    if (foo == NULL)
+	errx (1, "malloc: out of memory");
+    des_string_to_key(foo, key);
+    free (foo);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    des_cblock key;
+    char buf[1024];
+    char *cellname = 0, *salt = 0;
+
+    set_progname (argv[0]);
+
+    if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == 'c')
+	{
+	    cellname = argv[2];
+	    argv += 2;
+	    argc -= 2;
+	}
+    else if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == '5')
+	{
+	    salt = argv[2];
+	    argv += 2;
+	    argc -= 2;
+	}
+    if (argc >= 2 && argv[1][0] == '-')
+	usage();
+
+    switch (argc) {
+    case 1:
+	if (des_read_pw_string(buf, sizeof(buf)-1, "password: ", VERIFY))
+	    errx (1, "Error reading password.");
+	break;
+    case 2:
+	strcpy_truncate(buf, argv[1], sizeof(buf));
+	break;
+    default:
+	usage();
+	break;
+    }
+
+    if (cellname != 0)
+	afs_string_to_key(buf, cellname, &key);
+    else if (salt != 0)
+        krb5_string_to_key(buf, salt, &key);
+    else
+	des_string_to_key(buf, &key);
+
+    {
+	int j;
+	unsigned char *tkey = (unsigned char *) &key;
+	printf("ascii = ");
+	for(j = 0; j < 8; j++)
+	    if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
+		printf("%c", tkey[j]);
+	    else
+		printf("\\%03o",(unsigned char)tkey[j]);
+	printf("\n");
+	printf("hex   = ");
+	for(j = 0; j < 8; j++)
+	    printf("%02x",(unsigned char)tkey[j]);
+	printf("\n");
+    }
+    exit(0);
+}
diff --git a/crypto/kerberosIV/appl/afsutil/pagsh.c b/crypto/kerberosIV/appl/afsutil/pagsh.c
new file mode 100644
index 0000000..1f02ee8
--- /dev/null
+++ b/crypto/kerberosIV/appl/afsutil/pagsh.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: pagsh.c,v 1.21 1999/03/11 13:56:55 joda Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <time.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#include <err.h>
+#include <roken.h>
+
+#include <krb.h>
+#include <kafs.h>
+
+int
+main(int argc, char **argv)
+{
+  int f;
+  char tf[1024];
+  char *p;
+
+  char *path;
+  char **args;
+  int i;
+
+  do {
+    snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned int)getuid(),
+	    (unsigned int)(getpid()*time(0)));
+    f = open(tf, O_CREAT|O_EXCL|O_RDWR);
+  } while(f < 0);
+  close(f);
+  unlink(tf);
+  setenv("KRBTKFILE", tf, 1);
+
+  i = 0;
+
+  args = (char **) malloc((argc + 10)*sizeof(char *));
+  if (args == NULL)
+      errx (1, "Out of memory allocating %lu bytes",
+	    (unsigned long)((argc + 10)*sizeof(char *)));
+  
+  argv++;
+
+  if(*argv == NULL) {
+    path = getenv("SHELL");
+    if(path == NULL){
+      struct passwd *pw = k_getpwuid(geteuid());
+      path = strdup(pw->pw_shell);
+    }
+  } else {
+    if(strcmp(*argv, "-c") ==  0) argv++;
+    path = strdup(*argv++);
+  }
+  if (path == NULL)
+      errx (1, "Out of memory copying path");
+  
+  p=strrchr(path, '/');
+  if(p)
+    args[i] = strdup(p+1);
+  else
+    args[i] = strdup(path);
+
+  if (args[i++] == NULL)
+      errx (1, "Out of memory copying arguments");
+  
+  while(*argv)
+    args[i++] = *argv++;
+
+  args[i++] = NULL;
+
+  if(k_hasafs())
+    k_setpag();
+
+  execvp(path, args);
+  if (errno == ENOENT) {
+      char **sh_args = malloc ((i + 2) * sizeof(char *));
+      int j;
+
+      if (sh_args == NULL)
+	  errx (1, "Out of memory copying sh arguments");
+      for (j = 1; j < i; ++j)
+	  sh_args[j + 2] = args[j];
+      sh_args[0] = "sh";
+      sh_args[1] = "-c";
+      sh_args[2] = path;
+      execv ("/bin/sh", sh_args);
+  }
+  perror("execvp");
+  exit(1);
+}
diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in
index 57a8108..fdda8c1 100644
--- a/crypto/kerberosIV/appl/bsd/Makefile.in
+++ b/crypto/kerberosIV/appl/bsd/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $
+# $Id: Makefile.in,v 1.68 1999/03/27 17:05:34 joda Exp $
 
 SHELL = /bin/sh
 
@@ -6,13 +6,15 @@ srcdir = @srcdir@
 top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 
-topdir	= ../..
+top_builddir = ../..
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -39,19 +41,20 @@ PROG_LIBEXEC	= rshd$(EXECSUFFIX) \
 PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC)
 
 SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \
-	login.c klogin.c login_access.c su.c rlogind.c iruserok.c \
+	login.c klogin.c login_access.c su.c rlogind.c \
 	login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \
-	utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c
+	utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c \
+	osfc2.c
 
 rsh_OBJS	= rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o
-rcp_OBJS	= rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o
+rcp_OBJS	= rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o osfc2.o
 rlogin_OBJS	= rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o
 login_OBJS 	= login.o klogin.o login_fbtab.o login_access.o \
 		  sysv_default.o sysv_environ.o sysv_shadow.o \
-		  utmp_login.o utmpx_login.o stty_default.o tty.o
+		  utmp_login.o utmpx_login.o stty_default.o tty.o osfc2.o
 su_OBJS		= su.o
-rshd_OBJS	= rshd.o iruserok.o encrypt.o rcmd_util.o
-rlogind_OBJS	= rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o
+rshd_OBJS	= rshd.o encrypt.o rcmd_util.o osfc2.o
+rlogind_OBJS	= rlogind.o forkpty.o encrypt.o rcmd_util.o tty.o
 
 
 all: $(PROGS) 
@@ -60,30 +63,30 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o: 
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
 	for x in $(PROG_LIBEXEC); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
 	done
-	$(MKINSTALLDIRS) $(bindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
 	for x in $(PROG_BIN); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 	-for x in $(PROG_SUIDBIN); do \
-	  $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) -o root -m 04555 $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROG_LIBEXEC); do \
-	  rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
 	done
 	for x in $(PROG_BIN); do \
-	  rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 	for x in $(PROG_SUIDBIN); do \
-	  rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -102,34 +105,32 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
 KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB)
-OTPLIB=-L../../lib/otp -lotp
+OTPLIB=@LIB_otp@
 LIBROKEN=-L../../lib/roken -lroken
 
+LIB_security=@LIB_security@
+
 rcp$(EXECSUFFIX): $(rcp_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
 
 rsh$(EXECSUFFIX): $(rsh_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 rshd$(EXECSUFFIX): $(rshd_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
 
 rlogin$(EXECSUFFIX): $(rlogin_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@  $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@  $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 rlogind$(EXECSUFFIX): $(rlogind_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 login$(EXECSUFFIX): $(login_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(LIB_security)
 
 su$(EXECSUFFIX): $(su_OBJS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
index d0b37aa..2731f03 100644
--- a/crypto/kerberosIV/appl/bsd/bsd_locl.h
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */
+/* $Id: bsd_locl.h,v 1.109.2.1 1999/07/22 03:13:49 assar Exp $ */
 
 #define LOGALL
 #define KERBEROS
@@ -49,7 +49,7 @@
 #endif
 
 /* Any better way to test NO_MOTD? */
-#if (SunOS == 5) || defined(__hpux)
+#if (SunOS >= 50) || defined(__hpux)
 #define NO_MOTD
 #endif
 
@@ -62,13 +62,20 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <setjmp.h>
+#include <limits.h>
 
 #include <stdarg.h>
 
 #include <errno.h>
+#ifdef HAVE_IO_H
+#include <io.h>
+#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -145,7 +152,7 @@
 #include <netdb.h>
 #endif
 
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 #ifdef HAVE_SYS_IOCCOM_H
@@ -228,10 +235,10 @@
 
 #ifdef HAVE_UTMP_H
 #include <utmp.h>
-#endif
 #ifndef UT_NAMESIZE
 #define UT_NAMESIZE     sizeof(((struct utmp *)0)->ut_name)
 #endif
+#endif
 
 #ifdef HAVE_UTMPX_H
 #include <utmpx.h>
@@ -242,9 +249,14 @@
 #endif /* HAVE_USERPW_H */
 
 #ifdef HAVE_USERSEC_H
+struct aud_rec;
 #include <usersec.h>
 #endif /* HAVE_USERSEC_H */
 
+#ifdef HAVE_OSFC2
+#include "/usr/include/prot.h"
+#endif
+
 #ifndef PRIO_PROCESS
 #define PRIO_PROCESS 0
 #endif
@@ -255,6 +267,9 @@
 
 #ifdef SOCKS
 #include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
 #endif
 
 #include <des.h>
@@ -289,6 +304,9 @@ int susystem(char *s, int userid);
 int forkpty(int *amaster, char *name,
 	    struct termios *termp, struct winsize *winp);
 
+int forkpty_truncate(int *amaster, char *name, size_t name_sz,
+		     struct termios *termp, struct winsize *winp);
+
 #ifndef MODEMASK
 #define	MODEMASK	(S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO)
 #endif
@@ -310,11 +328,7 @@ extern char **environ;
 void sysv_newenv(int argc, char **argv, struct passwd *pwd,
 		 char *term, int pflag);
 
-int login_access(char *user, char *from);
-#ifndef HAVE_IRUSEROK
-int iruserok(u_int32_t raddr, int superuser, const char *ruser,
-	     const char *luser);
-#endif
+int login_access(struct passwd *user, char *from);
 void fatal(int f, const char *msg, int syserr);
 
 extern int LEFT_JUSTIFIED;
@@ -323,6 +337,10 @@ int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
 int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
 	des_cblock *iv);
 
+/* used in des_read and des_write */
+#define DES_RW_MAXWRITE	(1024*16)
+#define DES_RW_BSIZE	(DES_RW_MAXWRITE+4)
+
 void sysv_defaults(void);
 void utmp_login(char *tty, char *username, char *hostname);
 void sleepexit (int);
@@ -342,11 +360,11 @@ void sleepexit (int);
 #ifndef _POSIX_VDISABLE
 #define _POSIX_VDISABLE 0
 #endif /* _POSIX_VDISABLE */
-#if SunOS == 4
+#if SunOS == 40
 #include <sys/ttold.h>
 #endif
 
-#if defined(_AIX)
+#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
 #include <sys/termio.h>
 #endif
 
@@ -376,5 +394,9 @@ __attribute__ ((format (printf, 1, 2)))
 
 char *clean_ttyname (char *tty);
 char *make_id (char *tty);
+#ifdef HAVE_UTMP_H
 void prepare_utmp (struct utmp *utmp, char *tty, char *username,
 		   char *hostname);
+#endif
+
+int do_osfc2_magic(uid_t);
diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c
index b74f329..9f835c6 100644
--- a/crypto/kerberosIV/appl/bsd/encrypt.c
+++ b/crypto/kerberosIV/appl/bsd/encrypt.c
@@ -46,13 +46,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $");
-
-#undef BSIZE
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
+RCSID("$Id: encrypt.c,v 1.4 1999/06/17 18:47:26 assar Exp $");
 
 /* replacements for htonl and ntohl since I have no idea what to do
  * when faced with machines with 8 byte longs. */
@@ -78,11 +72,11 @@ des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock
 {
   /* data to be unencrypted */
   int net_num=0;
-  unsigned char net[BSIZE];
+  unsigned char net[DES_RW_BSIZE];
   /* extra unencrypted data 
    * for when a block of 100 comes in but is des_read one byte at
    * a time. */
-  static char unnet[BSIZE];
+  static char unnet[DES_RW_BSIZE];
   static int unnet_start=0;
   static int unnet_left=0;
   int i;
@@ -114,7 +108,7 @@ des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock
     }
 
   /* We need to get more data. */
-  if (len > MAXWRITE) len=MAXWRITE;
+  if (len > DES_RW_MAXWRITE) len=DES_RW_MAXWRITE;
 
   /* first - get the length */
   net_num=0;
@@ -133,7 +127,7 @@ des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock
   /* num should be rounded up to the next group of eight
    * we make sure that we have read a multiple of 8 bytes from the net.
    */
-  if ((num > MAXWRITE) || (num < 0)) /* error */
+  if ((num > DES_RW_MAXWRITE) || (num < 0)) /* error */
     return(-1);
   rnum=(num < 8)?8:((num+7)/8*8);
 
@@ -172,7 +166,7 @@ des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock
        * FIXED - Should be ok now 18-9-90 - eay */
       if (len < rnum)
 	{
-	  char tmpbuf[BSIZE];
+	  char tmpbuf[DES_RW_BSIZE];
 
 	  if (des_rw_mode & DES_PCBC_MODE)
 	    des_pcbc_encrypt((des_cblock *)net,
@@ -223,7 +217,7 @@ des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cbloc
 {
   long rnum;
   int i,j,k,outnum;
-  char outbuf[BSIZE+HDRSIZE];
+  char outbuf[DES_RW_BSIZE+HDRSIZE];
   char shortbuf[8];
   char *p;
   static int start=1;
@@ -237,13 +231,13 @@ des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cbloc
     }
 
   /* lets recurse if we want to send the data in small chunks */
-  if (len > MAXWRITE)
+  if (len > DES_RW_MAXWRITE)
     {
       j=0;
       for (i=0; i<len; i+=k)
 	{
 	  k=des_enc_write(fd,&(buf[i]),
-			  ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+			  ((len-i) > DES_RW_MAXWRITE)?DES_RW_MAXWRITE:(len-i),sched,iv);
 	  if (k < 0)
 	    return(k);
 	  else
diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c
index 5c0aaaf..0ab7ef2 100644
--- a/crypto/kerberosIV/appl/bsd/forkpty.c
+++ b/crypto/kerberosIV/appl/bsd/forkpty.c
@@ -40,7 +40,7 @@
 
 #ifndef HAVE_FORKPTY
 
-RCSID("$Id: forkpty.c,v 1.52 1997/05/25 07:37:01 assar Exp $");
+RCSID("$Id: forkpty.c,v 1.53.2.2 1999/08/19 13:37:16 assar Exp $");
 
 /* Only CRAY is known to have problems with forkpty(). */
 #if defined(CRAY)
@@ -150,7 +150,9 @@ pty_scan_tty(char *buf, size_t sz)
 }
 
 static int
-ptym_open_streams_flavor(char *pts_name, int *streams_pty)
+ptym_open_streams_flavor(char *pts_name,
+			 size_t pts_name_sz,
+			 int *streams_pty)
 {
     /* Try clone device master ptys */
     const char *const clone[] = { "/dev/ptc", "/dev/ptmx",
@@ -166,7 +168,8 @@ ptym_open_streams_flavor(char *pts_name, int *streams_pty)
     if (fdm >= 0) {
 	char *ptr1;
 	if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
-	    strcpy(pts_name, ptr1); /* Return name of slave */  
+	    /* Return name of slave */  
+	    strcpy_truncate(pts_name, ptr1, pts_name_sz);
 	else {
 	    close(fdm);
 	    return(-4);
@@ -185,7 +188,7 @@ ptym_open_streams_flavor(char *pts_name, int *streams_pty)
 }
 
 static int
-ptym_open_bsd_flavor(char *pts_name, int *streams_pty)
+ptym_open_bsd_flavor(char *pts_name, size_t pts_name_sz, int *streams_pty)
 {
     int fdm;
     char ptm[MaxPathLen];
@@ -196,7 +199,7 @@ ptym_open_bsd_flavor(char *pts_name, int *streams_pty)
 	fdm = open(ptm, O_RDWR);
 	if (fdm < 0)
 	    continue;
-#if SunOS == 4
+#if SunOS == 40
 	/* Avoid a bug in SunOS4 ttydriver */
 	if (fdm > 0) {
 	    int pgrp;
@@ -265,14 +268,14 @@ ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
 	char *p = _getpty(&fdm, O_RDWR, 0600, 1);
 	if (p) {
 	    *streams_pty = 1;
-	    strcpy (pts_name, p);
+	    strcpy_truncate (pts_name, p, pts_name_sz);
 	    return fdm;
 	}
     }
 #endif
 
 #ifdef STREAMSPTY
-    fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+    fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
     if (fdm >= 0)
       {
 	*streams_pty = 1;
@@ -280,7 +283,7 @@ ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
       }
 #endif
     
-    fdm = ptym_open_bsd_flavor(pts_name, streams_pty);
+    fdm = ptym_open_bsd_flavor(pts_name, pts_name_sz, streams_pty);
     if (fdm >= 0)
       {
 	*streams_pty = 0;
@@ -288,7 +291,7 @@ ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
       }
 
 #ifndef STREAMSPTY
-    fdm = ptym_open_streams_flavor(pts_name, streams_pty);
+    fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
     if (fdm >= 0)
       {
 	*streams_pty = 1;
@@ -363,8 +366,10 @@ ptys_open(int fdm, char *pts_name, int streams_pty)
 	    gid = -1;	/* group tty is not in the group file */
 
 	/* Grant access to slave */
-	chown(pts_name, getuid(), gid);
-	chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP);
+	if (chown(pts_name, getuid(), gid) < 0)
+	  fatal(0, "chown slave tty failed", 1);
+	if (chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP) < 0)
+	  fatal(0, "chmod slave tty failed", 1);
 
 	if ( (fds = open(pts_name, O_RDWR)) < 0) {
 	    close(fdm);
@@ -375,10 +380,11 @@ ptys_open(int fdm, char *pts_name, int streams_pty)
 }
 
 int
-forkpty(int *ptrfdm,
-	char *slave_name,
-	struct termios *slave_termios,
-	struct winsize *slave_winsize)
+forkpty_truncate(int *ptrfdm,
+		 char *slave_name,
+		 size_t slave_name_sz,
+		 struct termios *slave_termios,
+		 struct winsize *slave_winsize)
 {
     int		fdm, fds, streams_pty;
     pid_t	pid;
@@ -391,7 +397,8 @@ forkpty(int *ptrfdm,
 	return -1;
 
     if (slave_name != NULL)
-	strcpy(slave_name, pts_name);	/* Return name of slave */
+	/* Return name of slave */
+	strcpy_truncate(slave_name, pts_name, slave_name_sz);
 
     pid = fork();
     if (pid < 0)
@@ -458,4 +465,18 @@ forkpty(int *ptrfdm,
 	return(pid);	/* Parent returns pid of child */
     }
 }
+
+int
+forkpty(int *ptrfdm,
+	char *slave_name,
+	struct termios *slave_termios,
+	struct winsize *slave_winsize)
+{
+    return forkpty_truncate (ptrfdm,
+			     slave_name,
+			     MaxPathLen,
+			     slave_termios,
+			     slave_winsize);
+}
+
 #endif /* HAVE_FORKPTY */
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
index 9fa7ab2..af20357 100644
--- a/crypto/kerberosIV/appl/bsd/kcmd.c
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $");
+RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $");
 
 #define	START_PORT	5120	 /* arbitrary */
 
@@ -100,6 +100,7 @@ kcmd(int *sock,
 	int rc;
 	char *host_save;
 	int status;
+	char **h_addr_list;
 
 	pid = getpid();
 	hp = gethostbyname(*ahost);
@@ -112,6 +113,7 @@ kcmd(int *sock,
 	if (host_save == NULL)
 		return -1;
 	*ahost = host_save;
+	h_addr_list = hp->h_addr_list;
 
 	/* If realm is null, look up from table */
 	if (realm == NULL || realm[0] == '\0')
@@ -127,7 +129,7 @@ kcmd(int *sock,
 			return (-1);
 		}
 		sin.sin_family = hp->h_addrtype;
-		memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+		memcpy (&sin.sin_addr, h_addr_list[0], sizeof(sin.sin_addr));
 		sin.sin_port = rport;
 		if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
 			break;
@@ -144,12 +146,12 @@ kcmd(int *sock,
 			timo *= 2;
 			continue;
 		}
-		if (hp->h_addr_list[1] != NULL) {
+		if (h_addr_list[1] != NULL) {
 			warn ("kcmd: connect (%s)",
 			      inet_ntoa(sin.sin_addr));
-			hp->h_addr_list++;
+			h_addr_list++;
 			memcpy(&sin.sin_addr,
-			       hp->h_addr_list[0], 
+			       *h_addr_list, 
 			       sizeof(sin.sin_addr));
 			fprintf(stderr, "Trying %s...\n",
 				inet_ntoa(sin.sin_addr));
diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c
index 321da64..41002dc 100644
--- a/crypto/kerberosIV/appl/bsd/klogin.c
+++ b/crypto/kerberosIV/appl/bsd/klogin.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $");
+RCSID("$Id: klogin.c,v 1.24 1999/03/15 13:34:12 bg Exp $");
 
 #ifdef KERBEROS
 
@@ -44,6 +44,63 @@ extern char *krbtkfile_env;
 
 static char tkt_location[MaxPathLen];
 
+static int
+multiple_get_tkt(char *name,
+		 char *instance,
+		 char *realm,
+		 char *service,
+		 char *sinstance,
+		 int life,
+		 char *password)
+{
+  int n;
+  char rlm[256];
+#define ERICSSON_COMPAT 1
+#ifdef  ERICSSON_COMPAT
+  FILE *f;
+
+  f = fopen("/etc/krb.localrealms", "r");
+  if (f != NULL) {
+    while (fgets(rlm, sizeof(rlm), f) != NULL) {
+      if (rlm[strlen(rlm) - 1] == '\n')
+	rlm[strlen(rlm) - 1] = '\0';
+	    
+      if (krb_get_pw_in_tkt(name,
+			    instance,
+			    rlm,
+			    service,
+			    realm,
+			    life,
+			    password) == KSUCCESS) {
+	fclose(f);
+	return KSUCCESS;
+      }
+    }
+    return krb_get_pw_in_tkt(name,
+			     instance,
+			     realm,
+			     service,
+			     realm,
+			     life,
+			     password);
+  }
+#endif
+  /* First try to verify against the supplied realm. */
+  if (krb_get_pw_in_tkt(name, instance, realm, service, realm, life, password)
+      == KSUCCESS)
+    return KSUCCESS;
+
+  /* Verify all local realms, except the supplied realm. */
+  for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
+    if (strcmp(rlm, realm) != 0)
+      if (krb_get_pw_in_tkt(name, instance, rlm,service, realm, life, password)
+	  == KSUCCESS)
+	return KSUCCESS;
+
+  return KFAILURE;
+
+}
+
 /*
  * Attempt to log the user in using Kerberos authentication
  *
@@ -73,7 +130,7 @@ klogin(struct passwd *pw, char *instance, char *localhost, char *password)
      * without issuing any tickets.
      */
     if (strcmp(pw->pw_name, "root") == 0 ||
-	krb_get_lrealm(realm, 0) != KSUCCESS)
+	krb_get_lrealm(realm, 1) != KSUCCESS)
 	return (1);
 
     noticketsdontcomplain = 0; /* enable warning message */
@@ -96,9 +153,25 @@ klogin(struct passwd *pw, char *instance, char *localhost, char *password)
     krbtkfile_env = tkt_location;
     krb_set_tkt_string(tkt_location);
 
-    kerror = krb_get_pw_in_tkt(pw->pw_name, instance,
-			       realm, KRB_TICKET_GRANTING_TICKET, realm,
-			       DEFAULT_TKT_LIFE, password);
+    /*
+     * Set real as well as effective ID to 0 for the moment,
+     * to make the kerberos library do the right thing.
+     */
+    if (setuid(0) < 0) {
+        warnx("setuid");
+	return (1);
+    }
+
+    /*
+     * Get ticket
+     */
+    kerror = multiple_get_tkt(pw->pw_name,
+			      instance,
+			      realm,
+			      KRB_TICKET_GRANTING_TICKET,
+			      realm,
+			      DEFAULT_TKT_LIFE,
+			      password);
 
     /*
      * If we got a TGT, get a local "rcmd" ticket and check it so as to
@@ -121,8 +194,7 @@ klogin(struct passwd *pw, char *instance, char *localhost, char *password)
     if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
 	syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
 
-    strncpy(savehost, krb_get_phost(localhost), sizeof(savehost));
-    savehost[sizeof(savehost)-1] = '\0';
+    strcpy_truncate(savehost, krb_get_phost(localhost), sizeof(savehost));
 
 #ifdef KLOGIN_PARANOID
     /*
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
index c436f8d..702c5ff 100644
--- a/crypto/kerberosIV/appl/bsd/login.c
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -38,10 +38,18 @@
  */
 
 #include "bsd_locl.h"
+#ifdef HAVE_CAPABILITY_H
+#include <capability.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
 
-RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $");
+RCSID("$Id: login.c,v 1.120.2.2 1999/09/02 08:55:26 joda Exp $");
 
+#ifdef OTP
 #include <otp.h>
+#endif
 
 #include "sysv_default.h"
 #ifdef SYSV_SHADOW
@@ -93,22 +101,20 @@ static  char rusername[100], lusername[100];
 static int
 change_passwd(struct passwd  *who)
 {
-        int             status;
-        int             pid;
-        int             wpid;
+    int status;
+    pid_t pid;
  
-        switch (pid = fork()) {
-	case -1:
-	    warn("fork /bin/passwd");
-	    sleepexit(1);
-	case 0:
-	    execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0);
-	    _exit(1);
-	default:
-	    while ((wpid = wait(&status)) != -1 && wpid != pid)
-		/* void */ ;
-	    return (status);
-	}
+    switch (pid = fork()) {
+    case -1:
+	warn("fork /bin/passwd");
+	sleepexit(1);
+    case 0:
+	execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0);
+	_exit(1);
+    default:
+	waitpid(pid, &status, 0);
+	return (status);
+    }
 }
 
 #ifndef NO_MOTD /* message of the day stuff */
@@ -177,7 +183,9 @@ main(int argc, char **argv)
 	char localhost[MaxHostNameLen];
 	char full_hostname[MaxHostNameLen];
 	int auth_level = AUTH_NONE;
+#ifdef OTP
 	OtpContext otp_ctx;
+#endif
 	int mask = 022;		/* Default umask (set below) */
 	int maxtrys = 5;	/* Default number of allowed failed logins */
 
@@ -210,7 +218,7 @@ main(int argc, char **argv)
 
 	*full_hostname = '\0';
 	domain = NULL;
-	if (k_gethostname(localhost, sizeof(localhost)) < 0)
+	if (gethostname(localhost, sizeof(localhost)) < 0)
 		syslog(LOG_ERR, "couldn't get local hostname: %m");
 	else
 		domain = strchr(localhost, '.');
@@ -222,8 +230,10 @@ main(int argc, char **argv)
 		case 'a':
 			if (strcmp (optarg, "none") == 0)
 				auth_level = AUTH_NONE;
+#ifdef OTP
 			else if (strcmp (optarg, "otp") == 0)
 				auth_level = AUTH_OTP;
+#endif
 			else
 				warnx ("bad value for -a: %s", optarg);
 			break;
@@ -240,7 +250,9 @@ main(int argc, char **argv)
 			if (uid)
 				errx(1, "-h option: %s", strerror(EPERM));
 			hflag = 1;
-			strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+			strcpy_truncate(full_hostname,
+					optarg,
+					sizeof(full_hostname));
 			if (domain && (p = strchr(optarg, '.')) &&
 			    strcasecmp(p, domain) == 0)
 				*p = 0;
@@ -263,7 +275,9 @@ main(int argc, char **argv)
 				exit(1);
                         }
 			rflag = 1;
-			strncpy(full_hostname, optarg, sizeof(full_hostname)-1);
+			strcpy_truncate(full_hostname,
+					optarg,
+					sizeof(full_hostname));
 			if (domain && (p = strchr(optarg, '.')) &&
 			    strcasecmp(p, domain) == 0)
 				*p = 0;
@@ -275,8 +289,11 @@ main(int argc, char **argv)
 			if (!uid)
 				syslog(LOG_ERR, "invalid flag %c", ch);
 			fprintf(stderr,
-				"usage: login [-fp] [-a otp]"
-				"[-h hostname | -r hostname] [username]\n");
+				"usage: login [-fp]"
+#ifdef OTP
+				" [-a otp]"
+#endif
+				" [-h hostname | -r hostname] [username]\n");
 			exit(1);
 		}
 	argc -= optind;
@@ -366,7 +383,7 @@ main(int argc, char **argv)
 				badlogin(tbuf);
 			failures = 0;
 		}
-		strcpy(tbuf, username);
+		strcpy_truncate(tbuf, username, sizeof(tbuf));
 
 		pwd = paranoid_getpwnam (username);
 
@@ -394,11 +411,14 @@ main(int argc, char **argv)
 
 		setpriority(PRIO_PROCESS, 0, -4);
 
+#ifdef OTP
 		if (otp_challenge (&otp_ctx, username,
 				   ss, sizeof(ss)) == 0)
 			snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
 				  username, ss);
-		else {
+		else
+#endif
+		{
 			if (auth_level == AUTH_NONE)
 				snprintf(prompt, sizeof(prompt), "%s's Password: ",
 					 username);
@@ -406,9 +426,11 @@ main(int argc, char **argv)
 				char *s;
 
 				rval = 1;
+#ifdef OTP
 				s = otp_error(&otp_ctx);
 				if(s)
 					printf ("OTP: %s\n", s);
+#endif
 				continue;
 			}
 		}
@@ -419,9 +441,12 @@ main(int argc, char **argv)
 
 		/* Verify it somehow */
 
+#ifdef OTP
 		if (otp_verify_user (&otp_ctx, passwd) == 0)
 			rval = 0;
-		else if (pwd == NULL)
+		else
+#endif
+		if (pwd == NULL)
 			;
 		else if (auth_level == AUTH_NONE) {
 			uid_t pwd_uid = pwd->pw_uid;
@@ -445,8 +470,10 @@ main(int argc, char **argv)
 			char *s;
 
 			rval = 1;
+#ifdef OTP
 			if ((s = otp_error(&otp_ctx)))
 				printf ("OTP: %s\n", s);
+#endif
 		}
 
 		memset (passwd, 0, sizeof(passwd));
@@ -507,28 +534,45 @@ main(int argc, char **argv)
 	    struct udb *udb;
 	    long t;
 	    const long maxcpu = 46116860184; /* some random constant */
+	    
+	    if(setjob(pwd->pw_uid, 0) < 0) 
+		warn("setjob");
+
 	    udb = getudbnam(pwd->pw_name);
-	    if(udb == UDB_NULL){
-		    warnx("Failed to get UDB entry.");
-		    exit(1);
-	    }
+	    if(udb == UDB_NULL)
+		errx(1, "Failed to get UDB entry.");
+
+	    /* per process cpu limit */
 	    t = udb->ue_pcpulim[UDBRC_INTER];
 	    if(t == 0 || t > maxcpu)
 		t = CPUUNLIM;
 	    else
-		t *= 100 * CLOCKS_PER_SEC;
+		t *= CLK_TCK;
 
 	    if(limit(C_PROC, 0, L_CPU, t) < 0)
-		warn("limit C_PROC");
+		warn("limit process cpu");
 
+	    /* per process memory limit */
+	    if(limit(C_PROC, 0, L_MEM, udb->ue_pmemlim[UDBRC_INTER]) < 0)
+		warn("limit process memory");
+
+	    /* per job cpu limit */
 	    t = udb->ue_jcpulim[UDBRC_INTER];
 	    if(t == 0 || t > maxcpu)
 		t = CPUUNLIM;
 	    else
-		t *= 100 * CLOCKS_PER_SEC;
+		t *= CLK_TCK;
+
+	    if(limit(C_JOB, 0, L_CPU, t) < 0)
+		warn("limit job cpu");
+	    
+	    /* per job processor limit */
+	    if(limit(C_JOB, 0, L_CPROC, udb->ue_jproclim[UDBRC_INTER]) < 0)
+		warn("limit job processors");
 
-	    if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
-		warn("limit C_JOBPROCS");
+	    /* per job memory limit */
+	    if(limit(C_JOB, 0, L_MEM, udb->ue_jmemlim[UDBRC_INTER]) < 0)
+		warn("limit job memory");
 
 	    nice(udb->ue_nice[UDBRC_INTER]);
 	}
@@ -590,9 +634,11 @@ main(int argc, char **argv)
 	 */
 	login_fbtab(tty, pwd->pw_uid, pwd->pw_gid);
 
-	chown(ttyn, pwd->pw_uid,
-	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
-	chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP);
+	if (chown(ttyn, pwd->pw_uid,
+	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid) < 0)
+	  err(1, "chown tty failed");
+	if (chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0)
+	  err(1, "chmod tty failed");
 	setgid(pwd->pw_gid);
 
 	initgroups(username, pwd->pw_gid);
@@ -608,7 +654,7 @@ main(int argc, char **argv)
          * that LD_* and IFS are never preserved.
          */
 	if (term[0] == '\0')
-		strncpy(term, stypeof(tty), sizeof(term));
+		strcpy_truncate(term, stypeof(tty), sizeof(term));
         /* set up a somewhat censored environment. */
         sysv_newenv(argc, argv, pwd, term, pflag);
 #ifdef KERBEROS
@@ -620,12 +666,13 @@ main(int argc, char **argv)
 		syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
 
 	/* If fflag is on, assume caller/authenticator has logged root login. */
-	if (rootlogin && fflag == 0)
+	if (rootlogin && fflag == 0) {
 		if (hostname)
 			syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s",
 			    username, tty, hostname);
 		else
 			syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty);
+	}
 
 #ifdef KERBEROS
 	if (!quietlog && notickets == 1 && !noticketsdontcomplain)
@@ -668,7 +715,7 @@ main(int argc, char **argv)
 #endif /* NO_MOTD */
 
 #ifdef LOGIN_ACCESS
-	if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) {
+	if (login_access(pwd, hostname ? full_hostname : tty) == 0) {
 		printf("Permission denied\n");
 		if (hostname)
 			syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
@@ -683,11 +730,12 @@ main(int argc, char **argv)
 	signal(SIGALRM, SIG_DFL);
 	signal(SIGQUIT, SIG_DFL);
 	signal(SIGINT, SIG_DFL);
+#ifdef SIGTSTP
 	signal(SIGTSTP, SIG_IGN);
+#endif
 
-	tbuf[0] = '-';
-	strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
-	       p + 1 : pwd->pw_shell);
+	p = strrchr(pwd->pw_shell, '/');
+	snprintf (tbuf, sizeof(tbuf), "-%s", p ? p + 1 : pwd->pw_shell);
 
 #ifdef HAVE_SETLOGIN
      	if (setlogin(pwd->pw_name) < 0)
@@ -703,6 +751,35 @@ main(int argc, char **argv)
 	spwd = getspnam (username);
 	endspent ();
 #endif
+	/* perhaps work some magic */
+	if(do_osfc2_magic(pwd->pw_uid))
+	    sleepexit(1);
+#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
+	/* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
+	   called capabilities, that allow you to give away
+	   permissions (such as chown) to specific processes. From 6.5
+	   this is default on, and the default capability set seems to
+	   not always be the empty set. The problem is that the
+	   runtime linker refuses to do just about anything if the
+	   process has *any* capabilities set, so we have to remove
+	   them here (unless otherwise instructed by /etc/capability).
+	   In IRIX < 6.5, these functions was called sgi_cap_setproc,
+	   etc, but we ignore this fact (it works anyway). */
+	{
+	    struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
+	    cap_t cap;
+	    if(ucap == NULL)
+		cap = cap_from_text("all=");
+	    else
+		cap = cap_from_text(ucap->ca_default);
+	    if(cap == NULL)
+		err(1, "cap_from_text");
+	    if(cap_set_proc(cap) < 0)
+		err(1, "cap_set_proc");
+	    cap_free(cap);
+	    free(ucap);
+	}
+#endif
 	/* Discard permissions last so can't get killed and drop core. */
 	{
 	    int uid = rootlogin ? 0 : pwd->pw_uid;
@@ -742,10 +819,18 @@ main(int argc, char **argv)
 
 	if (k_hasafs()) {
 	    char cell[64];
+#ifdef _AIX
+	    /* XXX this is a fix for a bug in AFS for AIX 4.3, w/o
+               this hack the kernel crashes on the following
+               pioctl... */
+	    char *pw_dir = strdup(pwd->pw_dir);
+#else
+	    char *pw_dir = pwd->pw_dir;
+#endif
 	    k_setpag();
-	    if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-		k_afsklog(cell, 0);
-	    k_afsklog(0, 0);
+	    if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
+		krb_afslog(cell, 0);
+	    krb_afslog(0, 0);
 	}
 
 	execlp(pwd->pw_shell, tbuf, 0);
@@ -768,46 +853,77 @@ main(int argc, char **argv)
 static void
 getloginname(int prompt)
 {
-	int ch;
-	char *p;
-	static char nbuf[NBUFSIZ];
-
-	for (;;) {
-                if (prompt)
-                    if (ttyprompt && *ttyprompt)
-                        printf("%s", ttyprompt);
-                    else
-		        printf("login: ");
-		prompt = 1;
-		for (p = nbuf; (ch = getchar()) != '\n'; ) {
-			if (ch == EOF) {
-				badlogin(username);
-				exit(0);
-			}
-			if (p < nbuf + (NBUFSIZ - 1))
-				*p++ = ch;
-		}
-		if (p > nbuf)
-			if (nbuf[0] == '-')
-				warnx("login names may not start with '-'.");
-			else {
-				*p = '\0';
-				username = nbuf;
-				break;
-			}
+    int ch;
+    char *p;
+    static char nbuf[NBUFSIZ];
+
+    for (;;) {
+	if (prompt) {
+	    if (ttyprompt && *ttyprompt)
+		printf("%s", ttyprompt);
+	    else
+		printf("login: ");
+	}
+	prompt = 1;
+	for (p = nbuf; (ch = getchar()) != '\n'; ) {
+	    if (ch == EOF) {
+		badlogin(username);
+		exit(0);
+	    }
+	    if (p < nbuf + (NBUFSIZ - 1))
+		*p++ = ch;
+	}
+	if (p > nbuf) {
+	    if (nbuf[0] == '-')
+		warnx("login names may not start with '-'.");
+	    else {
+		*p = '\0';
+		username = nbuf;
+		break;
+	    }
 	}
+    }
+}
+
+static int
+find_in_etc_securetty (char *ttyn)
+{
+    FILE *f;
+    char buf[128];
+    int ret = 0;
+
+    f = fopen (_PATH_ETC_SECURETTY, "r");
+    if (f == NULL)
+	return 0;
+    while (fgets(buf, sizeof(buf), f) != NULL) {
+	if(buf[strlen(buf) - 1] == '\n')
+	    buf[strlen(buf) - 1] = '\0';
+	if (strcmp (buf, ttyn) == 0) {
+	    ret = 1;
+	    break;
+	}
+    }
+    fclose(f);
+    return ret;
 }
 
 static int
 rootterm(char *ttyn)
 {
-#ifndef HAVE_TTYENT_H
-        return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0);
-#else
+#ifdef HAVE_TTYENT_H
+    {
 	struct ttyent *t;
 
-	return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
+	t = getttynam (ttyn);
+	if (t && t->ty_status & TTY_SECURE)
+	    return 1;
+    }
 #endif
+    if (find_in_etc_securetty(ttyn))
+	return 1;
+    if (default_console == 0 || strcmp(default_console, ttyn) == 0)
+	return 1;
+    return 0;
 }
 
 static RETSIGTYPE
diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c
index 0e017b1..7b79dc8 100644
--- a/crypto/kerberosIV/appl/bsd/login_access.c
+++ b/crypto/kerberosIV/appl/bsd/login_access.c
@@ -9,7 +9,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $");
+RCSID("$Id: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $");
 
 #ifdef LOGIN_ACCESS
 
@@ -23,15 +23,26 @@ static char sep[] = ", \t";		/* list-element separator */
 #define YES             1
 #define NO              0
 
-static int list_match(char *list, char *item, int (*match_fn)(char *, char *));
-static int user_match(char *tok, char *string);
-static int from_match(char *tok, char *string);
+ /*
+  * A structure to bundle up all login-related information to keep the
+  * functional interfaces as generic as possible.
+  */
+struct login_info {
+    struct passwd *user;
+    char   *from;
+};
+
+static int list_match(char *list, struct login_info *item,
+		      int (*match_fn)(char *, struct login_info *));
+static int user_match(char *tok, struct login_info *item);
+static int from_match(char *tok, struct login_info *item);
 static int string_match(char *tok, char *string);
 
 /* login_access - match username/group and host/tty with access control file */
 
-int login_access(char *user, char *from)
+int login_access(struct passwd *user, char *from)
 {
+    struct login_info item;
     FILE   *fp;
     char    line[BUFSIZ];
     char   *perm;			/* becomes permission field */
@@ -43,6 +54,12 @@ int login_access(char *user, char *from)
     char   *foo;
 
     /*
+     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
+     */
+    item.user = user;
+    item.from = from;
+
+    /*
      * Process the table one line at a time and stop at the first match.
      * Blank lines and lines that begin with a '#' character are ignored.
      * Non-comment lines are broken at the ':' character. All fields are
@@ -60,7 +77,7 @@ int login_access(char *user, char *from)
 	    }
 	    if (line[0] == '#')
 		continue;			/* comment line */
-	    while (end > 0 && isspace(line[end - 1]))
+	    while (end > 0 && isspace((unsigned char)line[end - 1]))
 		end--;
 	    line[end] = 0;			/* strip trailing whitespace */
 	    if (line[0] == 0)			/* skip blank lines */
@@ -81,8 +98,8 @@ int login_access(char *user, char *from)
 		       lineno);
 		continue;
 	    }
-	    match = (list_match(froms, from, from_match)
-		     && list_match(users, user, user_match));
+	    match = (list_match(froms, &item, from_match)
+		     && list_match(users, &item, user_match));
 	}
 	fclose(fp);
     } else if (errno != ENOENT) {
@@ -94,7 +111,9 @@ int login_access(char *user, char *from)
 /* list_match - match an item against a list of tokens with exceptions */
 
 static int
-list_match(char *list, char *item, int (*match_fn)(char *, char *))
+list_match(char *list,
+	   struct login_info *item,
+	   int (*match_fn)(char *, struct login_info *))
 {
     char   *tok;
     int     match = NO;
@@ -126,6 +145,19 @@ list_match(char *list, char *item, int (*match_fn)(char *, char *))
     return (NO);
 }
 
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+    static char name[MAXHOSTNAMELEN + 1] = "";
+
+    if (name[0] == 0) {
+	gethostname(name, sizeof(name));
+	name[MAXHOSTNAMELEN] = 0;
+    }
+    return (name);
+}
+
 /* netgroup_match - match group against machine or user */
 
 static int netgroup_match(char *group, char *machine, char *user)
@@ -144,22 +176,32 @@ static int netgroup_match(char *group, char *machine, char *user)
 
 /* user_match - match a username against one token */
 
-static int user_match(char *tok, char *string)
+static int user_match(char *tok, struct login_info *item)
 {
+    char   *string = item->user->pw_name;
+    struct login_info fake_item;
     struct group *group;
     int     i;
+    char   *at;
 
     /*
      * If a token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the username, or if
-     * the token is a group that contains the username.
+     * Otherwise, return YES if the token fully matches the username, if the
+     * token is a group that contains the username, or if the token is the
+     * name of the user's primary group.
      */
 
-    if (tok[0] == '@') {			/* netgroup */
+    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
+	*at = 0;
+	fake_item.from = myhostname();
+	return (user_match(tok, item) && from_match(at + 1, &fake_item));
+    } else if (tok[0] == '@') {			/* netgroup */
 	return (netgroup_match(tok + 1, (char *) 0, string));
     } else if (string_match(tok, string)) {	/* ALL or exact match */
 	return (YES);
     } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+	if (item->user->pw_gid == group->gr_gid)
+	    return (YES);
 	for (i = 0; group->gr_mem[i]; i++)
 	    if (strcasecmp(string, group->gr_mem[i]) == 0)
 		return (YES);
@@ -169,8 +211,9 @@ static int user_match(char *tok, char *string)
 
 /* from_match - match a host or tty against a list of tokens */
 
-static int from_match(char *tok, char *string)
+static int from_match(char *tok, struct login_info *item)
 {
+    char   *string = item->from;
     int     tok_len;
     int     str_len;
 
diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c
index f7f53aa..f831909 100644
--- a/crypto/kerberosIV/appl/bsd/login_fbtab.c
+++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c
@@ -58,7 +58,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $");
+RCSID("$Id: login_fbtab.c,v 1.13 1999/01/14 00:37:59 assar Exp $");
 
 void	login_protect	(char *, char *, int, uid_t, gid_t);
 void	login_fbtab	(char *tty, uid_t uid, gid_t gid);
@@ -126,15 +126,25 @@ login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
 	if (chown(path, uid, gid) && errno != ENOENT)
 	    syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
     } else {
-	strcpy(buf, path);
-	buf[pathlen - 1] = 0;
+	strcpy_truncate (buf, path, sizeof(buf));
+	if (sizeof(buf) > pathlen)
+	    buf[pathlen - 2] = '\0';
+ 	/* Solaris evidently operates on the directory as well */
+ 	login_protect(table, buf, mask | ((mask & 0444) >> 2), uid, gid);
 	if ((dir = opendir(buf)) == 0) {
 	    syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
 	} else {
+	    if (sizeof(buf) > pathlen) {
+		buf[pathlen - 2] = '/';
+		buf[pathlen - 1] = '\0';
+	    }
+
 	    while ((ent = readdir(dir)) != 0) {
 		if (strcmp(ent->d_name, ".") != 0
 		    && strcmp(ent->d_name, "..") != 0) {
-		    strcpy(buf + pathlen - 1, ent->d_name);
+		    strcpy_truncate (buf + pathlen - 1,
+				     ent->d_name,
+				     sizeof(buf) - (pathlen + 1));
 		    login_protect(table, buf, mask, uid, gid);
 		}
 	    }
diff --git a/crypto/kerberosIV/appl/bsd/osfc2.c b/crypto/kerberosIV/appl/bsd/osfc2.c
new file mode 100644
index 0000000..78f2e6e
--- /dev/null
+++ b/crypto/kerberosIV/appl/bsd/osfc2.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "bsd_locl.h"
+RCSID("$Id: osfc2.c,v 1.1 1998/09/28 11:47:36 joda Exp $");
+
+int
+do_osfc2_magic(uid_t uid)
+{
+#ifdef HAVE_OSFC2
+    struct es_passwd *epw;
+    char *argv[2];
+    
+    /* fake */
+    argv[0] = (char*)__progname;
+    argv[1] = NULL;
+    set_auth_parameters(1, argv);
+    
+    epw = getespwuid(uid);
+    if(epw == NULL) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "getespwuid failed for %d", uid);
+	printf("Sorry.\n");
+	return 1;
+    }
+    /* We don't check for auto-retired, foo-retired,
+       bar-retired, or any other kind of retired accounts
+       here; neither do we check for time-locked accounts, or
+       any other kind of serious C2 mumbo-jumbo. We do,
+       however, call setluid, since failing to do so it not
+       very good (take my word for it). */
+    
+    if(!epw->uflg->fg_uid) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "attempted login by %s (has no uid)", epw->ufld->fd_name);
+	printf("Sorry.\n");
+	return 1;
+    }
+    setluid(epw->ufld->fd_uid);
+    if(getluid() != epw->ufld->fd_uid) {
+	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
+	       "failed to set LUID for %s (%d)", 
+	       epw->ufld->fd_name, epw->ufld->fd_uid);
+	printf("Sorry.\n");
+	return 1;
+    }
+#endif /* HAVE_OSFC2 */
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h
index 3c10bff..671f663 100644
--- a/crypto/kerberosIV/appl/bsd/pathnames.h
+++ b/crypto/kerberosIV/appl/bsd/pathnames.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	from: @(#)pathnames.h	5.2 (Berkeley) 4/9/90
- *	$Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $
+ *	$Id: pathnames.h,v 1.25 1998/02/03 23:29:30 assar Exp $
  */
 
 /******* First fix default path, we stick to _PATH_DEFPATH everywhere */
@@ -65,6 +65,9 @@
 #undef _PATH_RSH		/* Redifine rsh */
 #define _PATH_RSH	BINDIR  "/rsh"
 
+#undef _PATH_RCP		/* Redifine rcp */
+#define _PATH_RCP	BINDIR  "/rcp"
+
 #undef _PATH_LOGIN
 #define _PATH_LOGIN	BINDIR "/login"
 
@@ -175,6 +178,10 @@
 #define _PATH_ETC_ENVIRONMENT "/etc/environment"
 #endif
 
+#ifndef _PATH_ETC_SECURETTY
+#define _PATH_ETC_SECURETTY "/etc/securetty"
+#endif
+
 /*
  * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!!
  * Some sort of bug in the NEXTSTEP cpp.
@@ -186,6 +193,8 @@
 #define	_PATH_RLOGIN	"/usr/athena/bin/rlogin"
 #undef  _PATH_RSH
 #define _PATH_RSH	"/usr/athena/bin/rsh"
+#undef  _PATH_RCP
+#define _PATH_RCP	"/usr/athena/bin/rcp"
 #undef  _PATH_LOGIN
 #define _PATH_LOGIN	"/usr/athena/bin/login"
 #endif
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
index 4669009..1884133 100644
--- a/crypto/kerberosIV/appl/bsd/rcmd_util.c
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -38,7 +38,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $");
+RCSID("$Id: rcmd_util.c,v 1.17 1997/09/24 21:14:23 assar Exp $");
 
 int
 get_login_port(int kerberos, int encryption)
@@ -240,7 +240,7 @@ warning(const char *fmt, ...)
     if (strncmp(rstar_no_warn, "yes", 3) != 0) {
 	/* XXX */
 	fprintf(stderr, "%s: warning, using standard ", __progname);
-	warnx(fmt, args);
+	vwarnx(fmt, args);
     }
     va_end(args);
 }
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
index 6dfb472..39fd36e 100644
--- a/crypto/kerberosIV/appl/bsd/rcp.c
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $");
+RCSID("$Id: rcp.c,v 1.49 1999/07/06 03:17:58 assar Exp $");
 
 /* Globals */
 static char	dst_realm_buf[REALM_SZ];
@@ -49,6 +49,9 @@ static u_short	port;
 static uid_t	userid;
 static int pflag, iamremote, iamrecursive, targetshouldbedirectory;
 
+static int argc_copy;
+static char **argv_copy;
+
 #define	CMDNEEDS	64
 static char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
 
@@ -58,7 +61,7 @@ void rsource(char *name, struct stat *statp);
 
 CREDENTIALS cred;
 MSG_DAT msg_data;
-struct sockaddr_in foreign, local;
+struct sockaddr_in foreign_addr, local_addr;
 Key_schedule schedule;
 
 KTEXT_ST ticket;
@@ -71,18 +74,18 @@ send_auth(char *h, char *r)
     long opts;
 
     lslen = sizeof(struct sockaddr_in);
-    if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+    if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0)
 	err(1, "getsockname");
     fslen = sizeof(struct sockaddr_in);
-    if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+    if (getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0)
 	err(1, "getpeername");
     if ((r == NULL) || (*r == '\0'))
 	r = krb_realmofhost(h);
     opts = KOPT_DO_MUTUAL;
     if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, 
 			       (unsigned long)getpid(), &msg_data, &cred, 
-			       schedule, &local, 
-			       &foreign, "KCMDV0.1")) != KSUCCESS)
+			       schedule, &local_addr, 
+			       &foreign_addr, "KCMDV0.1")) != KSUCCESS)
 	errx(1, "krb_sendauth failure: %s", krb_get_err_text(status));
 }
 
@@ -94,15 +97,15 @@ answer_auth(void)
     char inst[INST_SZ], v[9];
 
     lslen = sizeof(struct sockaddr_in);
-    if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0)
+    if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0)
 	err(1, "getsockname");
     fslen = sizeof(struct sockaddr_in);
-    if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0)
+    if(getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0)
 	    err(1, "getperrname");
     k_getsockinst(rem, inst, sizeof(inst));
     opts = KOPT_DO_MUTUAL;
     if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst,
-			       &foreign, &local, 
+			       &foreign_addr, &local_addr, 
 			       &kdata, "", schedule, v)) != KSUCCESS)
 	errx(1, "krb_recvauth failure: %s", krb_get_err_text(status));
 }
@@ -143,10 +146,11 @@ run_err(const char *fmt, ...)
 	va_start(args, fmt);
 	++errs;
 #define RCPERR "\001rcp: "
-	strcpy (errbuf, RCPERR);
-	vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR),
+	strcpy_truncate (errbuf, RCPERR, sizeof(errbuf));
+	vsnprintf (errbuf + strlen(errbuf),
+		   sizeof(errbuf) - strlen(errbuf),
 		   fmt, args);
-	strcat (errbuf, "\n");
+	strcat_truncate (errbuf, "\n", sizeof(errbuf));
 	des_write (rem, errbuf, strlen(errbuf));
 	if (!iamremote)
 		vwarnx(fmt, args);
@@ -351,11 +355,15 @@ rsource(char *name, struct stat *statp)
 	DIR *dirp;
 	struct dirent *dp;
 	char *last, *vect[1], path[MaxPathLen];
+	char *p;
 
 	if (!(dirp = opendir(name))) {
 		run_err("%s: %s", name, strerror(errno));
 		return;
 	}
+	for (p = name + strlen(name) - 1; p >= name && *p == '/'; --p)
+	    *p = '\0';
+
 	last = strrchr(name, '/');
 	if (last == 0)
 		last = name;
@@ -403,8 +411,9 @@ static int
 kerberos(char **host, char *bp, char *locuser, char *user)
 {
         int sock = -1, err;
-again:
+
 	if (use_kerberos) {
+	        setuid(getuid());
 		rem = KSUCCESS;
 		errno = 0;
 		if (dest_realm == NULL)
@@ -439,13 +448,11 @@ again:
 		    rem = sock;
 #endif
 		if (rem < 0) {
-			use_kerberos = 0;
-			port = get_shell_port(use_kerberos, 0);
 			if (errno == ECONNREFUSED)
 			    oldw("remote host doesn't support Kerberos");
 			else if (errno == ENOENT)
 			    oldw("can't provide Kerberos authentication data");
-			goto again;
+			execv(_PATH_RCP, argv_copy);
 		}
 	} else {
 		if (doencrypt)
@@ -493,29 +500,24 @@ toremote(char *targ, int argc, char **argv)
 			if (*src == 0)
 				src = ".";
 			host = strchr(argv[i], '@');
-			len = strlen(_PATH_RSH) + strlen(argv[i]) +
-			    strlen(src) + (tuser ? strlen(tuser) : 0) +
-			    strlen(thost) + strlen(targ) + CMDNEEDS + 20;
-			if (!(bp = malloc(len)))
-				err(1, " ");
 			if (host) {
-				*host++ = 0;
-				suser = argv[i];
-				if (*suser == '\0')
-					suser = pwd->pw_name;
-				else if (!okname(suser))
-					continue;
-				snprintf(bp, len,
-					 "%s %s -l %s -n %s %s '%s%s%s:%s'",
-					 _PATH_RSH, host, suser, cmd, src,
-					 tuser ? tuser : "", tuser ? "@" : "",
-					 thost, targ);
+			    *host++ = 0;
+			    suser = argv[i];
+			    if (*suser == '\0')
+				suser = pwd->pw_name;
+			    else if (!okname(suser))
+				continue;
+			    asprintf(&bp, "%s %s -l %s -n %s %s '%s%s%s:%s'",
+				     _PATH_RSH, host, suser, cmd, src,
+				     tuser ? tuser : "", tuser ? "@" : "",
+				     thost, targ);
 			} else
-				snprintf(bp, len,
-					 "exec %s %s -n %s %s '%s%s%s:%s'",
-					 _PATH_RSH, argv[i], cmd, src,
-					 tuser ? tuser : "", tuser ? "@" : "",
-					 thost, targ);
+			    asprintf(&bp, "exec %s %s -n %s %s '%s%s%s:%s'",
+				     _PATH_RSH, argv[i], cmd, src,
+				     tuser ? tuser : "", tuser ? "@" : "",
+				     thost, targ);
+			if(bp == NULL)
+			    errx(1, "out of memory");
 			susystem(bp, userid);
 			free(bp);
 		} else {			/* local to remote */
@@ -623,7 +625,13 @@ sink(int argc, char **argv)
 		if (ch == '\n')
 			*--cp = 0;
 
-#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0');
+#define getnum(t)					\
+		do {					\
+		    (t) = 0;				\
+		    while (isdigit((unsigned char)*cp))	\
+			(t) = (t) * 10 + (*cp++ - '0');	\
+		} while(0)
+
 		cp = buf;
 		if (*cp == 'T') {
 			setimes++;
@@ -666,7 +674,7 @@ sink(int argc, char **argv)
 		if (*cp++ != ' ')
 			SCREWUP("mode not delimited");
 
-		for (size = 0; isdigit(*cp);)
+		for (size = 0; isdigit((unsigned char)*cp);)
 			size = size * 10 + (*cp++ - '0');
 		if (*cp++ != ' ')
 			SCREWUP("size not delimited");
@@ -906,8 +914,28 @@ main(int argc, char **argv)
 {
 	int ch, fflag, tflag;
 	char *targ;
+	int i;
 
 	set_progname(argv[0]);
+
+	/*
+	 * Prepare for execing ourselves.
+	 */
+
+	argc_copy = argc + 1;
+	argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy));
+	if (argv_copy == NULL)
+	    err(1, "malloc");
+	argv_copy[0] = argv[0];
+	argv_copy[1] = "-K";
+	for(i = 1; i < argc; ++i) {
+	    argv_copy[i + 1] = strdup(argv[i]);
+	    if (argv_copy[i + 1] == NULL)
+		errx(1, "strdup: out of memory");
+	}
+	argv_copy[argc + 1] = NULL;
+
+
 	fflag = tflag = 0;
 	while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
 		switch(ch) {			/* User-visible flags. */
@@ -916,7 +944,7 @@ main(int argc, char **argv)
 			break;
 		case 'k':
 			dest_realm = dst_realm_buf;
-			strncpy(dst_realm_buf, optarg, REALM_SZ);
+			strcpy_truncate(dst_realm_buf, optarg, REALM_SZ);
 			break;
 		case 'x':
 			doencrypt = 1;
@@ -951,47 +979,40 @@ main(int argc, char **argv)
 	 * kshell service, pass 0 for no encryption */
 	port = get_shell_port(use_kerberos, 0);
 
+	userid = getuid();
+
 #ifndef __CYGWIN32__
-	if ((pwd = k_getpwuid(userid = getuid())) == NULL)
+	if ((pwd = k_getpwuid(userid)) == NULL)
 		errx(1, "unknown user %d", (int)userid);
 #endif
 
 	rem = STDIN_FILENO;		/* XXX */
 
-	if (fflag) {			/* Follow "protocol", send data. */
-		if (doencrypt)
-			answer_auth();
+	if (fflag || tflag) {
+	    if (doencrypt)
+		answer_auth();
+	    if(fflag)
 		response();
-		setuid(userid);
-		if (k_hasafs()) {
-		       /* Sometimes we will need cell specific tokens
-			* to be able to read and write files, thus,
-			* the token stuff done in rshd might not
-			* suffice.
-			*/
-			char cell[64];
-			if (k_afs_cell_of_file(pwd->pw_dir,
-					       cell, sizeof(cell)) == 0)
-				k_afsklog(cell, 0);
-			k_afsklog(0, 0);
-		}
+	    if(do_osfc2_magic(pwd->pw_uid))
+		exit(1);
+	    setuid(userid);
+	    if (k_hasafs()) {
+		/* Sometimes we will need cell specific tokens
+		 * to be able to read and write files, thus,
+		 * the token stuff done in rshd might not
+		 * suffice.
+		 */
+		char cell[64];
+		if (k_afs_cell_of_file(pwd->pw_dir,
+				       cell, sizeof(cell)) == 0)
+		    krb_afslog(cell, 0);
+		krb_afslog(0, 0);
+	    }
+	    if(fflag)
 		source(argc, argv);
-		exit(errs);
-	}
-
-	if (tflag) {			/* Receive data. */
-		if (doencrypt)
-			answer_auth();
-		setuid(userid);
-		if (k_hasafs()) {
-			char cell[64];
-			if (k_afs_cell_of_file(pwd->pw_dir,
-					       cell, sizeof(cell)) == 0)
-				k_afsklog(cell, 0);
-			k_afsklog(0, 0);
-		}
+	    else
 		sink(argc, argv);
-		exit(errs);
+	    exit(errs);
 	}
 
 	if (argc < 2)
diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c
index 6f0c5f0..54233af 100644
--- a/crypto/kerberosIV/appl/bsd/rcp_util.c
+++ b/crypto/kerberosIV/appl/bsd/rcp_util.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $");
+RCSID("$Id: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $");
 
 char *
 colon(char *cp)
@@ -73,25 +73,27 @@ bad:	warnx("%s: invalid user name", cp0);
 int
 susystem(char *s, int userid)
 {
-        RETSIGTYPE (*istat)(), (*qstat)();
-	int status;
-	pid_t pid;
+    RETSIGTYPE (*istat)(), (*qstat)();
+    int status;
+    pid_t pid;
 
-	pid = fork();
-	switch (pid) {
-	case -1:
-		return (127);
+    pid = fork();
+    switch (pid) {
+    case -1:
+	return (127);
 	
-	case 0:
-		setuid(userid);
-		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
-		_exit(127);
-	}
-	istat = signal(SIGINT, SIG_IGN);
-	qstat = signal(SIGQUIT, SIG_IGN);
-	if (waitpid(pid, &status, 0) < 0)
-		status = -1;
-	signal(SIGINT, istat);
-	signal(SIGQUIT, qstat);
-	return (status);
+    case 0:
+	if(do_osfc2_magic(userid))
+	    exit(1);
+	setuid(userid);
+	execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+	_exit(127);
+    }
+    istat = signal(SIGINT, SIG_IGN);
+    qstat = signal(SIGQUIT, SIG_IGN);
+    if (waitpid(pid, &status, 0) < 0)
+	status = -1;
+    signal(SIGINT, istat);
+    signal(SIGQUIT, qstat);
+    return (status);
 }
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
index 27aa8f0..5bc6196 100644
--- a/crypto/kerberosIV/appl/bsd/rlogin.c
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -36,7 +36,7 @@
  */
 #include "bsd_locl.h"
 
-RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $");
+RCSID("$Id: rlogin.c,v 1.65 1999/03/13 21:13:54 assar Exp $");
 
 CREDENTIALS cred;
 Key_schedule schedule;
@@ -406,13 +406,14 @@ writer(void)
 				continue;
 			}
 #endif /* VDSUSP */
-			if (c != escapechar)
+			if (c != escapechar) {
 #ifndef NOENCRYPTION
 				if (doencrypt)
 					des_enc_write(rem, &escapechar,1, schedule, &cred.session);
 				else
 #endif
 					write(rem, &escapechar, 1);
+			}
 		}
 
 		if (doencrypt) {
@@ -578,7 +579,7 @@ main(int argc, char **argv)
 			break;
 		case 'k':
 			dest_realm = dst_realm_buf;
-			strncpy(dest_realm, optarg, REALM_SZ);
+			strcpy_truncate(dest_realm, optarg, REALM_SZ);
 			break;
 		case 'l':
 			user = optarg;
@@ -586,22 +587,26 @@ main(int argc, char **argv)
 		case 'x':
 			doencrypt = 1;
 			break;
-		case 'p':
-			user_port = htons(atoi(optarg));
-			break;
+		case 'p': {
+		    char *endptr;
+
+		    user_port = strtol (optarg, &endptr, 0);
+		    if (user_port == 0 && optarg == endptr)
+			errx (1, "Bad port `%s'", optarg);
+		    user_port = htons(user_port);
+		    break;
+		}
 		case '?':
 		default:
 			usage();
 		}
 	optind += argoff;
-	argc -= optind;
-	argv += optind;
 
 	/* if haven't gotten a host yet, do so */
-	if (!host && !(host = *argv++))
+	if (!host && !(host = argv[optind++]))
 		usage();
 
-	if (*argv)
+	if (argv[optind])
 		usage();
 
 	if (!(pw = k_getpwuid(uid = getuid())))
@@ -609,7 +614,6 @@ main(int argc, char **argv)
 	if (!user)
 	    user = pw->pw_name;
 
-
 	if (user_port)
 		sv_port = user_port;
 	else
@@ -636,17 +640,8 @@ main(int argc, char **argv)
 
 	get_window_size(0, &winsize);
 
-      try_connect:
 	if (use_kerberos) {
-		struct hostent *hp;
-
-		/* Fully qualify hostname (needed for krb_realmofhost). */
-		hp = gethostbyname(host);
-		if (hp != NULL && !(host = strdup(hp->h_name))) {
-		    errno = ENOMEM;
-		    err(1, NULL);
-		}
-
+	        setuid(getuid());
 		rem = KSUCCESS;
 		errno = 0;
 		if (dest_realm == NULL)
@@ -656,18 +651,25 @@ main(int argc, char **argv)
 		    rem = krcmd_mutual(&host, sv_port, user, term, 0,
 				       dest_realm, &cred, schedule);
 		else
-			rem = krcmd(&host, sv_port, user, term, 0,
-			    dest_realm);
+		    rem = krcmd(&host, sv_port, user, term, 0,
+				dest_realm);
 		if (rem < 0) {
-			use_kerberos = 0;
-			if (user_port == 0)
-				sv_port = get_login_port(use_kerberos,
-							 doencrypt);
-			if (errno == ECONNREFUSED)
-			    warning("remote host doesn't support Kerberos");
-			if (errno == ENOENT)
-			  warning("can't provide Kerberos auth data");
-			goto try_connect;
+		    int i;
+		    char **newargv;
+
+		    if (errno == ECONNREFUSED)
+			warning("remote host doesn't support Kerberos");
+		    if (errno == ENOENT)
+			warning("can't provide Kerberos auth data");
+		    newargv = malloc((argc + 2) * sizeof(*newargv));
+		    if (newargv == NULL)
+			err(1, "malloc");
+		    newargv[0] = argv[0];
+		    newargv[1] = "-K";
+		    for(i = 1; i < argc; ++i)
+			newargv[i + 1] = argv[i];
+		    newargv[argc + 1] = NULL;
+		    execv(_PATH_RLOGIN, newargv);
 		}
 	} else {
 		if (doencrypt)
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
index c5d80774..d36df92 100644
--- a/crypto/kerberosIV/appl/bsd/rlogind.c
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -42,7 +42,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $");
+RCSID("$Id: rlogind.c,v 1.107.2.1 1999/07/22 03:14:39 assar Exp $");
 
 extern int __check_rhosts_file;
 
@@ -187,7 +187,7 @@ readstream(int p, char *ibuf, int bufsize)
 
 #ifdef HAVE_UTMPX_H
 static int
-logout(const char *line)
+rlogind_logout(const char *line)
 {
     struct utmpx utmpx, *utxp;
     int ret = 1;
@@ -198,8 +198,9 @@ logout(const char *line)
     strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
     utxp = getutxline(&utmpx);
     if (utxp) {
-	strcpy(utxp->ut_user, "");
+	utxp->ut_user[0] = '\0';
 	utxp->ut_type = DEAD_PROCESS;
+#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
 #ifdef _STRUCT___EXIT_STATUS
 	utxp->ut_exit.__e_termination = 0;
 	utxp->ut_exit.__e_exit = 0;
@@ -210,6 +211,7 @@ logout(const char *line)
 	utxp->ut_exit.e_termination = 0;
 	utxp->ut_exit.e_exit = 0;
 #endif
+#endif
 	gettimeofday(&utxp->ut_tv, NULL);
 	pututxline(utxp);
 #ifdef WTMPX_FILE
@@ -223,7 +225,7 @@ logout(const char *line)
 }
 #else
 static int
-logout(const char *line)
+rlogind_logout(const char *line)
 {
     FILE *fp;
     struct utmp ut;
@@ -237,9 +239,24 @@ logout(const char *line)
 	    strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
 	    continue;
 	memset(ut.ut_name, 0, sizeof(ut.ut_name));
-#ifdef HAVE_UT_HOST
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
 	memset(ut.ut_host, 0, sizeof(ut.ut_host));
 #endif
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
+	ut.ut_type = DEAD_PROCESS;
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+	ut.ut_exit.__e_termination = 0;
+	ut.ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+	ut.ut_exit.ut_termination = 0;
+	ut.ut_exit.ut_exit = 0;
+#else	
+	ut.ut_exit.e_termination = 0;
+	ut.ut_exit.e_exit = 0;
+#endif
+#endif
 	time(&ut.ut_time);
 	fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
 	fwrite(&ut, sizeof(struct utmp), 1, fp);
@@ -265,13 +282,16 @@ logwtmp(const char *line, const char *name, const char *host)
     if (!fstat(fd, &buf)) {
 	strncpy(ut.ut_line, line, sizeof(ut.ut_line));
 	strncpy(ut.ut_name, name, sizeof(ut.ut_name));
-#ifdef HAVE_UT_HOST
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+	strncpy(ut.ut_id, make_id((char *)line), sizeof(ut.ut_id));
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
 	strncpy(ut.ut_host, host, sizeof(ut.ut_host));
 #endif
-#ifdef HAVE_UT_PID
+#ifdef HAVE_STRUCT_UTMP_UT_PID
 	ut.ut_pid = getpid();
 #endif
-#ifdef HAVE_UT_TYPE
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
 	if(name[0])
 	    ut.ut_type = USER_PROCESS;
 	else
@@ -440,7 +460,11 @@ doit(int f, struct sockaddr_in *fromp)
 	write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE));
     netf = f;
 
+#ifdef HAVE_FORKPTY
     pid = forkpty(&master, line, NULL, NULL);
+#else
+    pid = forkpty_truncate(&master, line, sizeof(line), NULL, NULL);
+#endif
     if (pid < 0) {
 	if (errno == ENOENT)
 	    fatal(f, "Out of ptys", 0);
@@ -482,7 +506,9 @@ doit(int f, struct sockaddr_in *fromp)
 	ioctl(f, FIONBIO, &on);
     ioctl(master, FIONBIO, &on);
     ioctl(master, TIOCPKT, &on);
+#ifdef SIGTSTP
     signal(SIGTSTP, SIG_IGN);
+#endif
     signal(SIGCHLD, cleanup);
     setsid();
     protocol(f, master);
@@ -532,7 +558,7 @@ send_oob(int fd, char c)
 {
     static char last_oob = 0xFF;
 
-#if (SunOS == 5) || defined(__hpux)
+#if (SunOS >= 50) || defined(__hpux)
     /*
      * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we
      * can avoid sending OOB data and thus not break on Linux by merging
@@ -571,12 +597,14 @@ protocol(int f, int master)
     char cntl;
     unsigned char oob_queue = 0;
 
+#ifdef SIGTTOU
     /*
      * Must ignore SIGTTOU, otherwise we'll stop
      * when we try and set slave pty's window shape
      * (our controlling tty is the master pty).
      */
     signal(SIGTTOU, SIG_IGN);
+#endif
 
     send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */
 
@@ -600,12 +628,13 @@ protocol(int f, int master)
 	    omask = &obits;
 	} else
 	    FD_SET(f, &ibits);
-	if (pcc >= 0)
+	if (pcc >= 0) {
 	    if (pcc) {
 		FD_SET(f, &obits);
 		omask = &obits;
 	    } else
 		FD_SET(master, &ibits);
+	}
 	FD_SET(master, &ebits);
 	if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
 	    if (errno == EINTR)
@@ -735,7 +764,7 @@ cleanup(int signo)
 {
     char *p = clean_ttyname (line);
 
-    if (logout(p) == 0)
+    if (rlogind_logout(p) == 0)
 	logwtmp(p, "", "");
     chmod(line, 0666);
     chown(line, 0, 0);
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
index 329ebf7..be2dfea 100644
--- a/crypto/kerberosIV/appl/bsd/rsh.c
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $");
+RCSID("$Id: rsh.c,v 1.41 1999/06/17 18:49:18 assar Exp $");
 
 CREDENTIALS cred;
 Key_schedule schedule;
@@ -49,7 +49,7 @@ static void
 usage(void)
 {
     fprintf(stderr,
-	    "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n");
+	    "usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n");
     exit(1);
 }
 
@@ -63,11 +63,13 @@ copyargs(char **argv)
     cc = 0;
     for (ap = argv; *ap; ++ap)
 	cc += strlen(*ap) + 1;
-    if (!(args = malloc(cc))) 
+    args = malloc(cc);
+    if (args == NULL)
 	errx(1, "Out of memory.");
     for (p = args, ap = argv; *ap; ++ap) {
 	strcpy(p, *ap);
-	for (p = strcpy(p, *ap); *p; ++p);
+	while(*p)
+	    ++p;
 	if (ap[1])
 	    *p++ = ' ';
     }
@@ -92,7 +94,7 @@ talk(int nflag, sigset_t omask, int pid, int rem)
     int cc, wc;
     char *bp;
     fd_set readfrom, ready, rembits;
-    char buf[BUFSIZ];
+    char buf[DES_RW_MAXWRITE];
 
     if (pid == 0) {
 	if (nflag)
@@ -107,7 +109,7 @@ talk(int nflag, sigset_t omask, int pid, int rem)
 
     rewrite:	FD_ZERO(&rembits);
     FD_SET(rem, &rembits);
-    if (select(16, 0, &rembits, 0, 0) < 0) {
+    if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
 	if (errno != EINTR) 
 	    err(1, "select");
 	goto rewrite;
@@ -142,7 +144,7 @@ talk(int nflag, sigset_t omask, int pid, int rem)
     FD_SET(rfd2, &readfrom);
     do {
 	ready = readfrom;
-	if (select(16, &ready, 0, 0, 0) < 0) {
+	if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) {
 	    if (errno != EINTR)
 		err(1, "select");
 	    continue;
@@ -184,7 +186,7 @@ int
 main(int argc, char **argv)
 {
     struct passwd *pw;
-    int sv_port;
+    int sv_port, user_port = 0;
     sigset_t omask;
     int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
     char *args, *host, *user, *local_user;
@@ -197,12 +199,12 @@ main(int argc, char **argv)
     set_progname(argv[0]);
 
     /* handle "rsh host flags" */
-    if (!host && argc > 2 && argv[1][0] != '-') {
+    if (argc > 2 && argv[1][0] != '-') {
 	host = argv[1];
 	argoff = 1;
     }
 
-#define	OPTIONS	"+8KLde:k:l:nwx"
+#define	OPTIONS	"+8KLde:k:l:np:wx"
     while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
 	switch(ch) {
 	case 'K':
@@ -221,7 +223,7 @@ main(int argc, char **argv)
 	    break;
 	case 'k':
 	    dest_realm = dst_realm_buf;
-	    strncpy(dest_realm, optarg, REALM_SZ);
+	    strcpy_truncate(dest_realm, optarg, REALM_SZ);
 	    break;
 	case 'n':
 	    nflag = nfork = 1;
@@ -229,6 +231,15 @@ main(int argc, char **argv)
 	case 'x':
 	    doencrypt = 1;
 	    break;
+	case 'p': {
+	    char *endptr;
+
+	    user_port = strtol (optarg, &endptr, 0);
+	    if (user_port == 0 && optarg == endptr)
+		errx (1, "Bad port `%s'", optarg);
+	    user_port = htons(user_port);
+	    break;
+	}
 	case '?':
 	default:
 	    usage();
@@ -247,9 +258,6 @@ main(int argc, char **argv)
 	err(1, "can't exec %s", _PATH_RLOGIN);
     }
 
-    argc -= optind;
-    argv += optind;
-
 #ifndef __CYGWIN32__
     if (!(pw = k_getpwuid(uid = getuid())))
 	errx(1, "unknown user id.");
@@ -266,12 +274,15 @@ main(int argc, char **argv)
     if (doencrypt)
 	nfork = 0;
 
-    args = copyargs(argv);
+    args = copyargs(argv+optind);
 
-    sv_port=get_shell_port(use_kerberos, doencrypt);
+    if (user_port)
+	sv_port = user_port;
+    else
+	sv_port = get_shell_port(use_kerberos, doencrypt);
 
-try_connect:
     if (use_kerberos) {
+	setuid(getuid());
 	rem = KSUCCESS;
 	errno = 0;
 	if (dest_realm == NULL)
@@ -284,13 +295,27 @@ try_connect:
 	    rem = krcmd(&host, sv_port, user, args, &rfd2,
 			dest_realm);
 	if (rem < 0) {
+	    int i = 0;
+	    char **newargv;
+
 	    if (errno == ECONNREFUSED)
 		warning("remote host doesn't support Kerberos");
 	    if (errno == ENOENT)
 		warning("can't provide Kerberos auth data");
-	    use_kerberos = 0;
-	    sv_port=get_shell_port(use_kerberos, doencrypt);
-	    goto try_connect;
+	    newargv = malloc((argc + 2) * sizeof(*newargv));
+	    if (newargv == NULL)
+		err(1, "malloc");
+	    newargv[i] = argv[i];
+	    ++i;
+	    if (argv[i][0] != '-') {
+		newargv[i] = argv[i];
+		++i;
+	    }
+	    newargv[i++] = "-K";
+	    for(; i <= argc; ++i)
+		newargv[i] = argv[i - 1];
+	    newargv[argc + 1] = NULL;
+	    execv(_PATH_RSH, newargv);
 	}
     } else {
 	if (doencrypt)
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
index 75ca1df..1a30793 100644
--- a/crypto/kerberosIV/appl/bsd/rshd.c
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -42,7 +42,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $");
+RCSID("$Id: rshd.c,v 1.58 1999/06/17 18:49:43 assar Exp $");
 
 extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
 extern int __check_rhosts_file;
@@ -197,7 +197,7 @@ doit(struct sockaddr_in *fromp)
     int one = 1;
     const char *errorhost = "";
     char *errorstr;
-    char *cp, sig, buf[BUFSIZ];
+    char *cp, sig, buf[DES_RW_MAXWRITE];
     char cmdbuf[NCARGS+1], locuser[16], remuser[16];
     char remotehost[2 * MaxHostNameLen + 1];
 
@@ -279,7 +279,7 @@ doit(struct sockaddr_in *fromp)
     }
 
     if (vacuous) {
-	error("rshd: remote host requires Kerberos authentication\n");
+	error("rshd: Remote host requires Kerberos authentication.\n");
 	exit(1);
     }
 
@@ -298,7 +298,7 @@ doit(struct sockaddr_in *fromp)
 	    if (getsockname(0, (struct sockaddr *)&local_addr,
 			    &rc) < 0) {
 		syslog(LOG_ERR, "getsockname: %m");
-		error("rlogind: getsockname: %m");
+		error("rshd: getsockname: %m");
 		exit(1);
 	    }
 	    authopts = KOPT_DO_MUTUAL;
@@ -369,9 +369,9 @@ doit(struct sockaddr_in *fromp)
     } else
 
 	if (errorstr ||
-	    pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+	    (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
 	    iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
-		     remuser, locuser) < 0) {
+		     remuser, locuser) < 0)) {
 	    if (__rcmd_errstr)
 		syslog(LOG_INFO|LOG_AUTH,
 		       "%s@%s as %s: permission denied (%s). cmd='%.80s'",
@@ -560,19 +560,18 @@ doit(struct sockaddr_in *fromp)
     if (setpcred (pwd->pw_name, NULL) == -1)
 	syslog(LOG_ERR, "setpcred() failure: %m");
 #endif /* HAVE_SETPCRED */
+    if(do_osfc2_magic(pwd->pw_uid))
+	exit(1);
     setgid((gid_t)pwd->pw_gid);
     initgroups(pwd->pw_name, pwd->pw_gid);
     setuid((uid_t)pwd->pw_uid);
-    strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
+    strcat_truncate(homedir, pwd->pw_dir, sizeof(homedir));
 
-    /* Need to extend path to find rcp */
-    strncat(path, BINDIR, sizeof(path)-1);
-    strncat(path, ":", sizeof(path)-1);
-    strncat(path, _PATH_DEFPATH, sizeof(path)-1);
-    path[sizeof(path)-1] = '\0';
+    /* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */
+    snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
 
-    strncat(shell, pwd->pw_shell, sizeof(shell)-7);
-    strncat(username, pwd->pw_name, sizeof(username)-6);
+    strcat_truncate(shell, pwd->pw_shell, sizeof(shell));
+    strcat_truncate(username, pwd->pw_name, sizeof(username));
     cp = strrchr(pwd->pw_shell, '/');
     if (cp)
 	cp++;
@@ -594,7 +593,7 @@ doit(struct sockaddr_in *fromp)
     if (k_hasafs()) {
 	if (new_pag)
 	    k_setpag();	/* Put users process in an new pag */
-	k_afsklog(0, 0);
+	krb_afslog(0, 0);
     }
     execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
     err(1, pwd->pw_shell);
@@ -620,8 +619,8 @@ error(const char *fmt, ...)
 	len = 1;
     } else
 	len = 0;
-    len = vsnprintf (bp, sizeof(buf) - len, fmt, ap);
-    write (STDERR_FILENO, buf, len);
+    len += vsnprintf(bp, sizeof(buf) - len, fmt, ap);
+    write(STDERR_FILENO, buf, len);
     va_end(ap);
 }
 
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
index 8c610e1..d0da21d 100644
--- a/crypto/kerberosIV/appl/bsd/su.c
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -33,7 +33,7 @@
 
 #include "bsd_locl.h"
 
-RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $");
+RCSID ("$Id: su.c,v 1.66 1999/03/11 13:57:58 joda Exp $");
 
 #ifdef SYSV_SHADOW
 #include "sysv_shadow.h"
@@ -112,7 +112,7 @@ main (int argc, char **argv)
     if (errno)
 	prio = 0;
     setpriority (PRIO_PROCESS, 0, -2);
-    openlog ("su", LOG_CONS, 0);
+    openlog ("su", LOG_CONS, LOG_AUTH);
 
     /* get current login name and shell */
     ruid = getuid ();
@@ -123,13 +123,17 @@ main (int argc, char **argv)
     if (pwd == NULL)
 	errx (1, "who are you?");
     username = strdup (pwd->pw_name);
-    if (asme)
-	if (pwd->pw_shell && *pwd->pw_shell)
-	    shell = strcpy (shellbuf, pwd->pw_shell);
-	else {
+    if (username == NULL)
+	errx (1, "strdup: out of memory");
+    if (asme) {
+	if (pwd->pw_shell && *pwd->pw_shell) {
+	    strcpy_truncate (shellbuf, pwd->pw_shell, sizeof(shellbuf));
+	    shell = shellbuf;
+	} else {
 	    shell = _PATH_BSHELL;
 	    iscsh = NO;
 	}
+    }
 
     /* get target login information, default to root */
     user = *argv ? *argv : "root";
@@ -229,6 +233,8 @@ main (int argc, char **argv)
 	    char *t = getenv ("TERM");
 
 	    environ = malloc (10 * sizeof (char *));
+	    if (environ == NULL)
+		err (1, "malloc");
 	    environ[0] = NULL;
 	    setenv ("PATH", _PATH_DEFPATH, 1);
 	    if (t)
@@ -250,13 +256,13 @@ main (int argc, char **argv)
 	    *np-- = "-m";
     }
     if (asthem) {
-	avshellbuf[0] = '-';
-	strcpy (avshellbuf + 1, avshell);
+	snprintf (avshellbuf, sizeof(avshellbuf),
+		  "-%s", avshell);
 	avshell = avshellbuf;
     } else if (iscsh == YES) {
 	/* csh strips the first character... */
-	avshellbuf[0] = '_';
-	strcpy (avshellbuf + 1, avshell);
+	snprintf (avshellbuf, sizeof(avshellbuf),
+		  "_%s", avshell);
 	avshell = avshellbuf;
     }
     *np = avshell;
@@ -272,7 +278,7 @@ main (int argc, char **argv)
 
 	if (k_setpag () != 0)
 	    warn ("setpag");
-	code = k_afsklog (0, 0);
+	code = krb_afslog (0, 0);
 	if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
 	    warnx ("afsklog: %s", krb_get_err_text (code));
     }
@@ -334,6 +340,15 @@ kerberos (char *username, char *user, int uid)
     setenv ("KRBTKFILE", krbtkfile, 1);
     krb_set_tkt_string (krbtkfile);
     /*
+     * Set real as well as effective ID to 0 for the moment,
+     * to make the kerberos library do the right thing.
+     */
+    if (setuid(0) < 0) {
+        warn("setuid");
+	return (1);
+    }
+
+    /*
      * Little trick here -- if we are su'ing to root, we need to get a ticket
      * for "xxx.root", where xxx represents the name of the person su'ing.
      * Otherwise (non-root case), we need to get a ticket for "yyy.", where
@@ -388,13 +403,12 @@ kerberos (char *username, char *user, int uid)
     }
     setpriority (PRIO_PROCESS, 0, -2);
 
-    if (k_gethostname (hostname, sizeof (hostname)) == -1) {
+    if (gethostname (hostname, sizeof (hostname)) == -1) {
 	warn ("gethostname");
 	dest_tkt ();
 	return (1);
     }
-    strncpy (savehost, krb_get_phost (hostname), sizeof (savehost));
-    savehost[sizeof (savehost) - 1] = '\0';
+    strcpy_truncate (savehost, krb_get_phost (hostname), sizeof (savehost));
 
     kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
 
diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c
index cb36b84..e6b28a7 100644
--- a/crypto/kerberosIV/appl/bsd/sysv_default.c
+++ b/crypto/kerberosIV/appl/bsd/sysv_default.c
@@ -2,7 +2,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $");
+RCSID("$Id: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $");
 
 #include "sysv_default.h"
 
@@ -21,7 +21,7 @@ char   *default_hz	= 0;
 char   *default_path	= _PATH_DEFPATH;
 char   *default_supath	= _PATH_DEFSUPATH;
 char   *default_ulimit	= 0;
-char   *default_timeout	= "60";
+char   *default_timeout	= "180";
 char   *default_umask	= default_umask_value;
 char   *default_sleep	= "4";
 char   *default_maxtrys	= "5";
@@ -48,7 +48,7 @@ static struct sysv_default {
 
 #define trim(s) { \
 	char   *cp = s + strlen(s); \
-	while (cp > s && isspace(cp[-1])) \
+	while (cp > s && isspace((unsigned char)cp[-1])) \
 	    cp--; \
 	*cp = 0; \
 }
diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c
index f5e782d..3df800e 100644
--- a/crypto/kerberosIV/appl/bsd/sysv_environ.c
+++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c
@@ -2,7 +2,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $");
+RCSID("$Id: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $");
 
 #ifdef HAVE_ULIMIT_H
 #include <ulimit.h>
@@ -86,7 +86,6 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd,
 		 char *term, int pflag)
 {
     unsigned umask_val;
-    long    limit_val;
     char    buf[BUFSIZ];
     int     count = 0;
     struct censored *cp;
@@ -153,7 +152,7 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd,
 	char *sep = "/";
 	if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/')
 	    sep = "";
-	k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
+	roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
     }
     setenv("MAIL", buf, 1);
     setenv("LOGNAME", pwd->pw_name, 1);
@@ -182,6 +181,8 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd,
     }
 #ifdef HAVE_ULIMIT
     if (default_ulimit) {
+	long    limit_val;
+
 	if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val)
 	    if (ulimit(UL_SETFSIZE, limit_val) < 0)
 	        warn ("ulimit(UL_SETFSIZE, %ld)", limit_val);
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
index 6839441..99794bd 100644
--- a/crypto/kerberosIV/appl/bsd/sysv_shadow.c
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c
@@ -2,7 +2,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $");
+RCSID("$Id: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $");
 
 #ifdef SYSV_SHADOW
 
@@ -16,7 +16,7 @@ sysv_expire(struct spwd *spwd)
     long    today;
 
     tzset();
-    today = time(0);
+    today = time(0)/(60*60*24);	/* In days since Jan. 1, 1970 */
 
     if (spwd->sp_expire > 0) {
 	if (today > spwd->sp_expire) {
diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
index 4f07b49..339035b 100644
--- a/crypto/kerberosIV/appl/bsd/sysv_shadow.h
+++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h
@@ -1,5 +1,5 @@
-/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */
+/* $Id: sysv_shadow.h,v 1.7 1999/03/13 21:15:43 assar Exp $ */
 
 #include <shadow.h>
 
-extern sysv_expire(struct spwd *);
+int sysv_expire(struct spwd *);
diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c
index da3f96a..8c1a2d3 100644
--- a/crypto/kerberosIV/appl/bsd/utmp_login.c
+++ b/crypto/kerberosIV/appl/bsd/utmp_login.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,8 +38,9 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $");
+RCSID("$Id: utmp_login.c,v 1.15 1999/03/29 17:57:16 joda Exp $");
 
+#ifdef HAVE_UTMP_H
 void
 prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
 {
@@ -50,11 +51,11 @@ prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
     strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
     strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
 
-# ifdef HAVE_UT_USER
+# ifdef HAVE_STRUCT_UTMP_UT_USER
     strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
 # endif
 
-# ifdef HAVE_UT_ADDR
+# ifdef HAVE_STRUCT_UTMP_UT_ADDR
     if (hostname[0]) {
         struct hostent *he;
 	if ((he = gethostbyname(hostname)))
@@ -63,22 +64,23 @@ prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
     }
 # endif
 
-# ifdef HAVE_UT_HOST
+# ifdef HAVE_STRUCT_UTMP_UT_HOST
     strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
 # endif
 
-# ifdef HAVE_UT_TYPE
+# ifdef HAVE_STRUCT_UTMP_UT_TYPE
     utmp->ut_type = USER_PROCESS;
 # endif
 
-# ifdef HAVE_UT_PID
+# ifdef HAVE_STRUCT_UTMP_UT_PID
     utmp->ut_pid = getpid();
 # endif
 
-# ifdef HAVE_UT_ID
+# ifdef HAVE_STRUCT_UTMP_UT_ID
     strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
 # endif
 }
+#endif
 
 #ifdef HAVE_UTMPX_H
 void utmp_login(char *tty, char *username, char *hostname) { return; }
diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c
index 005eca5..acc6a154 100644
--- a/crypto/kerberosIV/appl/bsd/utmpx_login.c
+++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c
@@ -2,7 +2,7 @@
 
 #include "bsd_locl.h"
 
-RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $");
+RCSID("$Id: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $");
 
 /* utmpx_login - update utmp and wtmp after login */
 
@@ -17,12 +17,12 @@ utmpx_update(struct utmpx *ut, char *line, char *user, char *host)
     char *clean_tty = clean_ttyname(line);
 
     strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
-#ifdef HAVE_UT_ID
+#ifdef HAVE_STRUCT_UTMPX_UT_ID
     strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
 #endif
     strncpy(ut->ut_user, user, sizeof(ut->ut_user));
     strncpy(ut->ut_host, host, sizeof(ut->ut_host));
-#ifdef HAVE_UT_SYSLEN
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
     ut->ut_syslen = strlen(host) + 1;
     if (ut->ut_syslen > sizeof(ut->ut_host))
         ut->ut_syslen = sizeof(ut->ut_host);
diff --git a/crypto/kerberosIV/appl/ftp/ChangeLog b/crypto/kerberosIV/appl/ftp/ChangeLog
new file mode 100644
index 0000000..422f4a5
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ChangeLog
@@ -0,0 +1,196 @@
+1999-08-18  Assar Westerlund  <assar@sics.se>
+
+	* ftp/cmds.c (getit): be more suspicious when parsing the result
+ 	of MDTM.  Do the comparison of timestamps correctly.
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* ftp/krb4.c (krb4_auth): type correctness
+
+1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* ftp/ftp.c (sendrequest): lmode != rmode
+	
+1999-05-21  Assar Westerlund  <assar@sics.se>
+
+	* ftp/extern.h (sendrequest): update prototype
+
+	* ftp/cmds.c: update calls to sendrequest and recvrequest to send
+ 	"b" when appropriate
+
+	* ftp/ftp.c (sendrequest): add argument for mode to open file in.
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y: rename getline -> ftpd_getline
+
+	* ftp/main.c (makeargv): fill in unused slots with NULL
+
+Thu Apr  8 15:06:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
+ 	config.h)
+
+Wed Apr  7 16:15:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
+ 	error message; return AUTH_{CONTINUE,ERROR}, where appropriate
+
+	* ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
+
+	* ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
+ 	just continue with the next mechanism, this fixes the case of
+ 	having GSSAPI fail because of non-existant of expired tickets
+
+	* ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
+
+Thu Apr  1 16:59:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: don't run check-local
+
+	* ftp/Makefile.am: don't run check-local
+
+Mon Mar 22 22:15:18 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
+
+	* ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
+
+Thu Mar 18 12:07:09 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: clean ftpcmd.c
+
+	* ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
+
+	* ftpd/ftpd.c: move include of krb5.h here
+
+	* ftpd/Makefile.am: include Makefile.am.common
+
+	* Makefile.am: include Makefile.am.common
+
+	* ftp/Makefile.am: include Makefile.am.common
+
+	* common/Makefile.am: include Makefile.am.common
+
+Tue Mar 16 22:28:37 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
+
+	* ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
+
+Thu Mar 11 14:54:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftp/Makefile.in: WFLAGS
+
+	* ftp/ruserpass.c: add some if-braces
+
+Wed Mar 10 20:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
+
+Mon Mar  8 21:29:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/ftpd.c: re-add version in greeting message
+
+Mon Mar  1 10:49:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb 22 19:20:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* common/Makefile.in: remove glob
+
+Sat Feb 13 17:19:35 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH.  We have a
+ 	fnmatch implementation in roken and therefore always have it.
+
+	* ftp/ftp.c (copy_stream): initialize `werr'
+
+Wed Jan 13 23:52:57 1999  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
+ 	the end of the rules to ensure we don't generate several
+ 	(independent) error messages.  once again, having a yacc-grammar
+ 	for FTP with embedded actions doesn't strike me as the most
+ 	optimal way of doing it.
+
+Tue Dec  1 14:44:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: link with extra libs for aix
+
+Sun Nov 22 10:28:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/ftpd.c (retrying): support on-the-fly decompression
+
+	* ftpd/Makefile.in (WFLAGS): set
+
+	* ftp/ruserpass.c (guess_domain): new function
+	(ruserpass): use it
+
+	* common/Makefile.in (WFLAGS): set
+
+	* Makefile.in (WFLAGS): set
+
+Sat Nov 21 23:13:03 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c: some more type correctness.
+
+	* ftp/gssapi.c (gss_adat): more braces to shut up warnings
+
+Wed Nov 18 21:47:55 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/main.c (main): new option `-p' for enable passive mode.
+
+Mon Nov  2 01:57:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/ftp.c (getreply): remove extra `break'
+
+	* ftp/gssapi.c (gss_auth): fixo typo(copyo?)
+
+	* ftp/security.c (sec_login): fix loop and return value
+
+Tue Sep  1 16:56:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/cmds.c (quote1): fix % quoting bug
+
+Fri Aug 14 17:10:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
+
+Tue Jun 30 18:07:15 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/security.c (auth): free `app_data'
+	(sec_end): only destroy if it was initialized
+
+Tue Jun  9 21:01:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/krb4.c: pass client address to krb_rd_req
+
+Sat May 16 00:02:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftpd/Makefile.am: link with DBLIB
+
+Tue May 12 14:15:32 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/gssapi.c: Save client name for userok().
+
+	* ftpd/gss_userok.c: Userok for gssapi.
+
+Fri May  1 07:15:01 1998  Assar Westerlund  <assar@sics.se>
+
+	* ftp/ftp.c: unifdef -DHAVE_H_ERRNO
+
+Fri Mar 27 00:46:07 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Make compile w/o krb4.
+
+Thu Mar 26 03:49:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/*, ftpd/*: Changes for new framework.
+
+	* ftp/gssapi.c: GSS-API backend for the new security framework.
+
+	* ftp/krb4.c: Updated for new framework.
+
+	* ftp/security.{c,h}: New unified security framework.
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.am b/crypto/kerberosIV/appl/ftp/Makefile.am
new file mode 100644
index 0000000..f8831a3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/Makefile.am
@@ -0,0 +1,5 @@
+# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = common ftp ftpd
diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in
index 6d0c420..68546ab 100644
--- a/crypto/kerberosIV/appl/ftp/Makefile.in
+++ b/crypto/kerberosIV/appl/ftp/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $
+# $Id: Makefile.in,v 1.12 1999/03/10 19:01:11 joda Exp $
 
 srcdir		= @srcdir@
 top_srcdir	= @top_srcdir@
@@ -11,7 +11,8 @@ SHELL		= /bin/sh
 CC 	= @CC@
 RANLIB 	= @RANLIB@
 DEFS 	= @DEFS@
-CFLAGS 	= @CFLAGS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 
@@ -39,3 +40,5 @@ distclean:
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
 	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.am b/crypto/kerberosIV/appl/ftp/common/Makefile.am
new file mode 100644
index 0000000..2ab5801
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.am
@@ -0,0 +1,12 @@
+# $Id: Makefile.am,v 1.7 1999/03/20 13:58:14 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) 
+
+noinst_LIBRARIES = libcommon.a
+
+libcommon_a_SOURCES = \
+	sockbuf.c \
+	buffer.c \
+	common.h
diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in
index 9ce1aa5..b00bd0a 100644
--- a/crypto/kerberosIV/appl/ftp/common/Makefile.in
+++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $
+# $Id: Makefile.in,v 1.23 1999/03/10 19:01:11 joda Exp $
 
 SHELL		= /bin/sh
 
@@ -10,16 +10,17 @@ CC 	= @CC@
 AR	= ar
 RANLIB 	= @RANLIB@
 DEFS 	= @DEFS@
-CFLAGS 	= @CFLAGS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 
 prefix 	= @prefix@
 
-SOURCES = base64.c glob.c sockbuf.c buffer.c
+SOURCES = sockbuf.c buffer.c
 OBJECTS = $(libcommon_OBJS)
 
-libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o
+libcommon_OBJS = sockbuf.o buffer.o
 
 LIBNAME = $(LIBPREFIX)common
 LIBEXT = a
@@ -29,7 +30,7 @@ LIB = $(LIBNAME).$(LIBEXT)
 all: $(LIB)
 
 .c.o:
-	$(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $<
+	$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
 
 $(LIB): $(libcommon_OBJS)
 	rm -f $@
@@ -50,3 +51,5 @@ distclean:
 	rm -f Makefile
 
 $(OBJECTS): ../../../include/config.h
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c
index 5b7829a..97e2815 100644
--- a/crypto/kerberosIV/appl/ftp/common/buffer.c
+++ b/crypto/kerberosIV/appl/ftp/common/buffer.c
@@ -38,9 +38,10 @@
 
 #include "common.h"
 #include <stdio.h>
+#include <err.h>
 #include "roken.h"
 
-RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $");
+RCSID("$Id: buffer.c,v 1.2 1997/12/14 23:51:45 assar Exp $");
 
 /*
  * Allocate a buffer enough to handle st->st_blksize, if
diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.am b/crypto/kerberosIV/appl/ftp/ftp/Makefile.am
new file mode 100644
index 0000000..081465a
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.am
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.12 1999/04/09 18:22:08 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4)
+
+bin_PROGRAMS = ftp
+
+CHECK_LOCAL = 
+
+if KRB4
+krb4_sources = krb4.c kauth.c
+endif
+if KRB5
+krb5_sources = gssapi.c
+endif
+
+ftp_SOURCES = \
+	cmds.c \
+	cmdtab.c \
+	extern.h \
+	ftp.c \
+	ftp_locl.h \
+	ftp_var.h \
+	main.c \
+	pathnames.h \
+	ruserpass.c \
+	domacro.c \
+	globals.c \
+	security.c \
+	security.h \
+	$(krb4_sources) \
+	$(krb5_sources)
+
+EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
+
+LDADD = \
+	../common/libcommon.a \
+	$(LIB_gssapi) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_roken) \
+	$(LIB_readline)
diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
index 62bde3b..637d553 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
+++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in
@@ -1,5 +1,5 @@
 # 
-# $Id: Makefile.in,v 1.24 1997/03/23 13:03:55 assar Exp $
+# $Id: Makefile.in,v 1.32 1999/03/11 13:58:09 joda Exp $
 #
 
 SHELL		= /bin/sh
@@ -8,13 +8,14 @@ srcdir		= @srcdir@
 top_srcdir	= @top_srcdir@
 VPATH		= @srcdir@
 
-topdir		= ../../..
+top_builddir		= ../../..
 
 CC 	= @CC@
 RANLIB 	= @RANLIB@
 DEFS 	= @DEFS@
-CFLAGS 	= @CFLAGS@
-CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(topdir) -I$(top_srcdir) -I$(topdir)/include -I$(top_srcdir)/include -I$(srcdir)/../common  @INCLUDE_readline@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
+WFLAGS	= @WFLAGS@
+CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/../common  @INCLUDE_readline@
 LD_FLAGS = @LD_FLAGS@
 LIB_tgetent = @LIB_tgetent@
 LIBS	 = @LIBS@ @LIB_readline@
@@ -30,17 +31,35 @@ libdir = @libdir@
 transform=@program_transform_name@
 EXECSUFFIX=@EXECSUFFIX@
 
-INCTOP = $(topdir)/include
+INCTOP = $(top_builddir)/include
 
-LIBTOP = $(topdir)/lib
+LIBTOP = $(top_builddir)/lib
 
 PROGS = ftp$(EXECSUFFIX)
 
-ftp_OBJS = cmds.o cmdtab.o ftp.o krb4.o main.o ruserpass.o domacro.o \
-	globals.o kauth.o
-
-ftp_SOURCES = cmds.c cmdtab.c ftp.c krb4.c main.c ruserpass.c \
-	domacro.c globals.c kauth.c
+ftp_SOURCES =		\
+	cmds.c		\
+	cmdtab.c	\
+	domacro.c	\
+	ftp.c		\
+	globals.c	\
+	kauth.c		\
+	krb4.c		\
+	main.c		\
+	ruserpass.c	\
+	security.c
+
+ftp_OBJS =		\
+	cmds.o		\
+	cmdtab.o	\
+	domacro.o	\
+	ftp.o		\
+	globals.o	\
+	kauth.o		\
+	krb4.o		\
+	main.o		\
+	ruserpass.o	\
+	security.o
 
 OBJECTS = $(ftp_OBJS)
 SOURCES = $(ftp_SOURCES)
@@ -48,29 +67,36 @@ SOURCES = $(ftp_SOURCES)
 all: $(PROGS)
 
 .c.o:
-	$(CC) -c $(CFLAGS) $(CPPFLAGS) $(DEFS) $<
+	$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(bindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 
-ftp$(EXECSUFFIX): $(ftp_OBJS) # ../common/libcommon.a
+ftp$(EXECSUFFIX): $(ftp_OBJS)
 	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken
 
-TAGS: $(SOURCES)
+TAGS:	$(SOURCES)
 	etags $(SOURCES)
 
-clean cleandir:
-	rm -f *~ *.o core ftp \#*
+clean:
+	rm -f *~ *.o core ftp$(EXECSUFFIX) \#*
+
+mostlyclean: clean
 
-distclean: 
+distclean: clean
 	rm -f Makefile
 
+realclean: distclean
+	rm -f TAGS
+
 $(OBJECTS): ../../../include/config.h
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
index 5e1980b..1571fc8 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/cmds.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.23 1997/06/01 22:52:37 assar Exp $");
+RCSID("$Id: cmds.c,v 1.34.2.1 1999/08/18 18:19:44 assar Exp $");
 
 typedef void (*sighand)(int);
 
@@ -119,12 +119,17 @@ setpeer(int argc, char **argv)
 		/*
 		 * Set up defaults for FTP.
 		 */
-		strcpy(typename, "ascii"), type = TYPE_A;
+		strcpy_truncate(typename, "ascii", sizeof(typename));
+		type = TYPE_A;
 		curtype = TYPE_A;
-		strcpy(formname, "non-print"), form = FORM_N;
-		strcpy(modename, "stream"), mode = MODE_S;
-		strcpy(structname, "file"), stru = STRU_F;
-		strcpy(bytename, "8"), bytesize = 8;
+		strcpy_truncate(formname, "non-print", sizeof(formname));
+		form = FORM_N;
+		strcpy_truncate(modename, "stream", sizeof(modename));
+		mode = MODE_S;
+		strcpy_truncate(structname, "file", sizeof(structname));
+		stru = STRU_F;
+		strcpy_truncate(bytename, "8", sizeof(bytename));
+		bytesize = 8;
 		if (autologin)
 			login(argv[1]);
 
@@ -165,7 +170,7 @@ setpeer(int argc, char **argv)
 			 * for text files unless changed by the user.
 			 */
 			type = 0;
-			strcpy(typename, "binary");
+			strcpy_truncate(typename, "binary", sizeof(typename));
 			if (overbose)
 			    printf("Using %s mode to transfer files.\n",
 				typename);
@@ -238,7 +243,7 @@ settype(int argc, char **argv)
 	else
 		comret = command("TYPE %s", p->t_mode);
 	if (comret == COMPLETE) {
-		strcpy(typename, p->t_name);
+		strcpy_truncate(typename, p->t_name, sizeof(typename));
 		curtype = type = p->t_type;
 	}
 }
@@ -398,7 +403,8 @@ usage:
 		argv[2] = domap(argv[2]);
 	}
 	sendrequest(cmd, argv[1], argv[2],
-	    argv[1] != oldargv1 || argv[2] != oldargv2);
+		    curtype == TYPE_I ? "rb" : "r",
+		    argv[1] != oldargv1 || argv[2] != oldargv2);
 }
 
 /* ARGSUSED */
@@ -428,133 +434,150 @@ mabort(int signo)
 void
 mput(int argc, char **argv)
 {
-	int i;
-	RETSIGTYPE (*oldintr)();
-	int ointer;
-	char *tp;
+    int i;
+    RETSIGTYPE (*oldintr)();
+    int ointer;
+    char *tp;
 
-	if (argc < 2 && !another(&argc, &argv, "local-files")) {
-		printf("usage: %s local-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	if (proxy) {
-		char *cp, *tp2, tmpbuf[MaxPathLen];
+    if (argc < 2 && !another(&argc, &argv, "local-files")) {
+	printf("usage: %s local-files\n", argv[0]);
+	code = -1;
+	return;
+    }
+    mname = argv[0];
+    mflag = 1;
+    oldintr = signal(SIGINT, mabort);
+    setjmp(jabort);
+    if (proxy) {
+	char *cp, *tp2, tmpbuf[MaxPathLen];
 
-		while ((cp = remglob(argv,0)) != NULL) {
-			if (*cp == 0) {
-				mflag = 0;
-				continue;
-			}
-			if (mflag && confirm(argv[0], cp)) {
-				tp = cp;
-				if (mcase) {
-					while (*tp && !islower(*tp)) {
-						tp++;
-					}
-					if (!*tp) {
-						tp = cp;
-						tp2 = tmpbuf;
-						while ((*tp2 = *tp) != '\0') {
-						     if (isupper(*tp2)) {
-						        *tp2 = 'a' + *tp2 - 'A';
-						     }
-						     tp++;
-						     tp2++;
-						}
-					}
-					tp = tmpbuf;
-				}
-				if (ntflag) {
-					tp = dotrans(tp);
-				}
-				if (mapflag) {
-					tp = domap(tp);
-				}
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    cp, tp, cp != tp || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
-			}
-		}
-		signal(SIGINT, oldintr);
+	while ((cp = remglob(argv,0)) != NULL) {
+	    if (*cp == 0) {
 		mflag = 0;
-		return;
-	}
-	for (i = 1; i < argc; i++) {
-		char **cpp;
-		glob_t gl;
-		int flags;
-
-		if (!doglob) {
-			if (mflag && confirm(argv[0], argv[i])) {
-				tp = (ntflag) ? dotrans(argv[i]) : argv[i];
-				tp = (mapflag) ? domap(tp) : tp;
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    argv[i], tp, tp != argv[i] || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
+		continue;
+	    }
+	    if (mflag && confirm(argv[0], cp)) {
+		tp = cp;
+		if (mcase) {
+		    while (*tp && !islower(*tp)) {
+			tp++;
+		    }
+		    if (!*tp) {
+			tp = cp;
+			tp2 = tmpbuf;
+			while ((*tp2 = *tp) != '\0') {
+			    if (isupper(*tp2)) {
+				*tp2 = 'a' + *tp2 - 'A';
+			    }
+			    tp++;
+			    tp2++;
 			}
-			continue;
+		    }
+		    tp = tmpbuf;
 		}
-
-		memset(&gl, 0, sizeof(gl));
-		flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-		if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
-			warnx("%s: not found", argv[i]);
-			globfree(&gl);
-			continue;
+		if (ntflag) {
+		    tp = dotrans(tp);
 		}
-		for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
-			if (mflag && confirm(argv[0], *cpp)) {
-				tp = (ntflag) ? dotrans(*cpp) : *cpp;
-				tp = (mapflag) ? domap(tp) : tp;
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    *cpp, tp, *cpp != tp || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
-			}
+		if (mapflag) {
+		    tp = domap(tp);
 		}
-		globfree(&gl);
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    cp, tp,
+			    curtype == TYPE_I ? "rb" : "r",
+			    cp != tp || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
 	}
 	signal(SIGINT, oldintr);
 	mflag = 0;
+	return;
+    }
+    for (i = 1; i < argc; i++) {
+	char **cpp;
+	glob_t gl;
+	int flags;
+
+	if (!doglob) {
+	    if (mflag && confirm(argv[0], argv[i])) {
+		tp = (ntflag) ? dotrans(argv[i]) : argv[i];
+		tp = (mapflag) ? domap(tp) : tp;
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    argv[i],
+			    curtype == TYPE_I ? "rb" : "r",
+			    tp, tp != argv[i] || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
+	    continue;
+	}
+
+	memset(&gl, 0, sizeof(gl));
+	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+	if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
+	    warnx("%s: not found", argv[i]);
+	    globfree(&gl);
+	    continue;
+	}
+	for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
+	    if (mflag && confirm(argv[0], *cpp)) {
+		tp = (ntflag) ? dotrans(*cpp) : *cpp;
+		tp = (mapflag) ? domap(tp) : tp;
+		sendrequest((sunique) ? "STOU" : "STOR",
+			    *cpp, tp,
+			    curtype == TYPE_I ? "rb" : "r",
+			    *cpp != tp || !interactive);
+		if (!mflag && fromatty) {
+		    ointer = interactive;
+		    interactive = 1;
+		    if (confirm("Continue with","mput")) {
+			mflag++;
+		    }
+		    interactive = ointer;
+		}
+	    }
+	}
+	globfree(&gl);
+    }
+    signal(SIGINT, oldintr);
+    mflag = 0;
 }
 
 void
 reget(int argc, char **argv)
 {
-
-	getit(argc, argv, 1, "r+w");
+    getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w");
 }
 
 void
 get(int argc, char **argv)
 {
+    char *mode;
 
-	getit(argc, argv, 0, restart_point ? "r+w" : "w" );
+    if (restart_point)
+	if (curtype == TYPE_I)
+	    mode = "r+wb";
+	else
+	    mode = "r+w";
+    else
+	if (curtype == TYPE_I)
+	    mode = "wb";
+	else
+	    mode = "w";
+
+    getit(argc, argv, 0, mode);
 }
 
 /*
@@ -564,17 +587,17 @@ int
 getit(int argc, char **argv, int restartit, char *mode)
 {
 	int loc = 0;
+	int local_given = 1;
 	char *oldargv1, *oldargv2;
 
 	if (argc == 2) {
 		argc++;
+		local_given = 0;
 		argv[2] = argv[1];
 		loc++;
 	}
-	if (argc < 2 && !another(&argc, &argv, "remote-file"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "local-file")) {
-usage:
+	if ((argc < 2 && !another(&argc, &argv, "remote-file")) ||
+	    (argc < 3 && !another(&argc, &argv, "local-file"))) {
 		printf("usage: %s remote-file [ local-file ]\n", argv[0]);
 		code = -1;
 		return (0);
@@ -619,50 +642,60 @@ usage:
 				return (0);
 			}
 			restart_point = stbuf.st_size;
-		} else {
-			if (ret == 0) {
-				int overbose;
-
-				overbose = verbose;
-				if (debug == 0)
-					verbose = -1;
-				if (command("MDTM %s", argv[1]) == COMPLETE) {
-					int yy, mo, day, hour, min, sec;
-					struct tm *tm;
-					verbose = overbose;
-					sscanf(reply_string,
-					    "%*s %04d%02d%02d%02d%02d%02d",
-					    &yy, &mo, &day, &hour, &min, &sec);
-					tm = gmtime(&stbuf.st_mtime);
-					tm->tm_mon++;
-					if (tm->tm_year > yy%100)
-						return (1);
-					if ((tm->tm_year == yy%100 && 
-					    tm->tm_mon > mo) ||
-					   (tm->tm_mon == mo && 
-					    tm->tm_mday > day) ||
-					   (tm->tm_mday == day && 
-					    tm->tm_hour > hour) ||
-					   (tm->tm_hour == hour && 
-					    tm->tm_min > min) ||
-					   (tm->tm_min == min && 
-					    tm->tm_sec > sec))
-						return (1);
-				} else {
-					printf("%s\n", reply_string);
-					verbose = overbose;
-					return (0);
-				}
+		} else if (ret == 0) {
+			int overbose;
+			int cmdret;
+			int yy, mo, day, hour, min, sec;
+			struct tm *tm;
+
+			overbose = verbose;
+			if (debug == 0)
+				verbose = -1;
+			cmdret = command("MDTM %s", argv[1]);
+			verbose = overbose;
+			if (cmdret != COMPLETE) {
+				printf("%s\n", reply_string);
+				return (0);
+			}
+			if (sscanf(reply_string,
+				   "%*s %04d%02d%02d%02d%02d%02d",
+				   &yy, &mo, &day, &hour, &min, &sec)
+			    != 6) {
+				printf ("bad MDTM result\n");
+				return (0);
 			}
+
+			tm = gmtime(&stbuf.st_mtime);
+			tm->tm_mon++;
+			tm->tm_year += 1900;
+
+			if ((tm->tm_year > yy) ||
+			    (tm->tm_year == yy && 
+			     tm->tm_mon > mo) ||
+			    (tm->tm_mon == mo && 
+			     tm->tm_mday > day) ||
+			    (tm->tm_mday == day && 
+			     tm->tm_hour > hour) ||
+			    (tm->tm_hour == hour && 
+			     tm->tm_min > min) ||
+			    (tm->tm_min == min && 
+			     tm->tm_sec > sec))
+				return (1);
 		}
 	}
 
 	recvrequest("RETR", argv[2], argv[1], mode,
-	    argv[1] != oldargv1 || argv[2] != oldargv2);
+		    argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
 	restart_point = 0;
 	return (0);
 }
 
+static int
+suspicious_filename(const char *fn)
+{
+    return strstr(fn, "../") != NULL || *fn == '/';
+}
+
 /*
  * Get multiple files.
  */
@@ -687,6 +720,8 @@ mget(int argc, char **argv)
 			mflag = 0;
 			continue;
 		}
+		if (mflag && suspicious_filename(cp))
+		    printf("*** Suspicious filename: %s\n", cp);
 		if (mflag && confirm(argv[0], cp)) {
 			tp = cp;
 			if (mcase) {
@@ -701,8 +736,9 @@ mget(int argc, char **argv)
 			if (mapflag) {
 				tp = domap(tp);
 			}
-			recvrequest("RETR", tp, cp, "w",
-			    tp != cp || !interactive);
+			recvrequest("RETR", tp, cp,
+				    curtype == TYPE_I ? "wb" : "w",
+				    tp != cp || !interactive, 0);
 			if (!mflag && fromatty) {
 				ointer = interactive;
 				interactive = 1;
@@ -720,61 +756,71 @@ mget(int argc, char **argv)
 char *
 remglob(char **argv, int doswitch)
 {
-	char temp[16];
-	static char buf[MaxPathLen];
-	static FILE *ftemp = NULL;
-	static char **args;
-	int oldverbose, oldhash;
-	char *cp, *mode;
+    char temp[16];
+    static char buf[MaxPathLen];
+    static FILE *ftemp = NULL;
+    static char **args;
+    int oldverbose, oldhash;
+    char *cp, *mode;
 
-	if (!mflag) {
-		if (!doglob) {
-			args = NULL;
-		}
-		else {
-			if (ftemp) {
-				fclose(ftemp);
-				ftemp = NULL;
-			}
-		}
-		return (NULL);
-	}
+    if (!mflag) {
 	if (!doglob) {
-		if (args == NULL)
-			args = argv;
-		if ((cp = *++args) == NULL)
-			args = NULL;
-		return (cp);
+	    args = NULL;
 	}
-	if (ftemp == NULL) {
-		strcpy(temp, _PATH_TMP_XXX);
-		mktemp(temp);
-		oldverbose = verbose, verbose = 0;
-		oldhash = hash, hash = 0;
-		if (doswitch) {
-			pswitch(!proxy);
-		}
-		for (mode = "w"; *++argv != NULL; mode = "a")
-			recvrequest ("NLST", temp, *argv, mode, 0);
-		if (doswitch) {
-			pswitch(!proxy);
-		}
-		verbose = oldverbose; hash = oldhash;
-		ftemp = fopen(temp, "r");
-		unlink(temp);
-		if (ftemp == NULL) {
-			printf("can't find list of remote files, oops\n");
-			return (NULL);
-		}
-	}
-	if (fgets(buf, sizeof (buf), ftemp) == NULL) {
+	else {
+	    if (ftemp) {
 		fclose(ftemp);
 		ftemp = NULL;
-		return (NULL);
+	    }
 	}
+	return (NULL);
+    }
+    if (!doglob) {
+	if (args == NULL)
+	    args = argv;
+	if ((cp = *++args) == NULL)
+	    args = NULL;
+	return (cp);
+    }
+    if (ftemp == NULL) {
+	int fd;
+	strcpy_truncate(temp, _PATH_TMP_XXX, sizeof(temp));
+	fd = mkstemp(temp);
+	if(fd < 0){
+	    warn("unable to create temporary file %s", temp);
+	    return NULL;
+	}
+	close(fd);
+	oldverbose = verbose, verbose = 0;
+	oldhash = hash, hash = 0;
+	if (doswitch) {
+	    pswitch(!proxy);
+	}
+	for (mode = "w"; *++argv != NULL; mode = "a")
+	    recvrequest ("NLST", temp, *argv, mode, 0, 0);
+	if (doswitch) {
+	    pswitch(!proxy);
+	}
+	verbose = oldverbose; hash = oldhash;
+	ftemp = fopen(temp, "r");
+	unlink(temp);
+	if (ftemp == NULL) {
+	    printf("can't find list of remote files, oops\n");
+	    return (NULL);
+	}
+    }
+    while(fgets(buf, sizeof (buf), ftemp)) {
 	if ((cp = strchr(buf, '\n')) != NULL)
-		*cp = '\0';
-	return (buf);
+	    *cp = '\0';
+	if(!interactive && suspicious_filename(buf)){
+	    printf("Ignoring remote globbed file `%s'\n", buf);
+	    continue;
+	}
+	return buf;
+    }
+    fclose(ftemp);
+    ftemp = NULL;
+    return (NULL);
 }
 
 char *
@@ -1036,38 +1082,38 @@ delete(int argc, char **argv)
 void
 mdelete(int argc, char **argv)
 {
-	sighand oldintr;
-	int ointer;
-	char *cp;
+    sighand oldintr;
+    int ointer;
+    char *cp;
 
-	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-		printf("usage: %s remote-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	while ((cp = remglob(argv,0)) != NULL) {
-		if (*cp == '\0') {
-			mflag = 0;
-			continue;
-		}
-		if (mflag && confirm(argv[0], cp)) {
-			command("DELE %s", cp);
-			if (!mflag && fromatty) {
-				ointer = interactive;
-				interactive = 1;
-				if (confirm("Continue with", "mdelete")) {
-					mflag++;
-				}
-				interactive = ointer;
-			}
+    if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+	printf("usage: %s remote-files\n", argv[0]);
+	code = -1;
+	return;
+    }
+    mname = argv[0];
+    mflag = 1;
+    oldintr = signal(SIGINT, mabort);
+    setjmp(jabort);
+    while ((cp = remglob(argv,0)) != NULL) {
+	if (*cp == '\0') {
+	    mflag = 0;
+	    continue;
+	}
+	if (mflag && confirm(argv[0], cp)) {
+	    command("DELE %s", cp);
+	    if (!mflag && fromatty) {
+		ointer = interactive;
+		interactive = 1;
+		if (confirm("Continue with", "mdelete")) {
+		    mflag++;
 		}
+		interactive = ointer;
+	    }
 	}
-	signal(SIGINT, oldintr);
-	mflag = 0;
+    }
+    signal(SIGINT, oldintr);
+    mflag = 0;
 }
 
 /*
@@ -1113,11 +1159,12 @@ ls(int argc, char **argv)
 		return;
 	}
 	if (strcmp(argv[2], "-") && *argv[2] != '|')
-		if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) {
-			code = -1;
-			return;
-	}
-	recvrequest(cmd, argv[2], argv[1], "w", 0);
+	    if (!globulize(&argv[2]) || !confirm("output to local-file:", 
+						 argv[2])) {
+		code = -1;
+		return;
+	    }
+	recvrequest(cmd, argv[2], argv[1], "w", 0, 1);
 }
 
 /*
@@ -1154,7 +1201,7 @@ usage:
 	setjmp(jabort);
 	for (i = 1; mflag && i < argc-1; ++i) {
 		*mode = (i == 1) ? 'w' : 'a';
-		recvrequest(cmd, dest, argv[i], mode, 0);
+		recvrequest(cmd, dest, argv[i], mode, 0, 1);
 		if (!mflag && fromatty) {
 			ointer = interactive;
 			interactive = 1;
@@ -1193,8 +1240,8 @@ shell(int argc, char **argv)
 		namep = strrchr(shell,'/');
 		if (namep == NULL)
 			namep = shell;
-		strcpy(shellnam,"-");
-		strcat(shellnam, ++namep);
+		snprintf (shellnam, sizeof(shellnam),
+			  "-%s", ++namep);
 		if (strcmp(namep, "sh") != 0)
 			shellnam[0] = '+';
 		if (debug) {
@@ -1369,22 +1416,19 @@ site(int argc, char **argv)
 void
 quote1(char *initial, int argc, char **argv)
 {
-	int i, len;
-	char buf[BUFSIZ];		/* must be >= sizeof(line) */
+    int i;
+    char buf[BUFSIZ];		/* must be >= sizeof(line) */
 
-	strcpy(buf, initial);
-	if (argc > 1) {
-		len = strlen(buf);
-		len += strlen(strcpy(&buf[len], argv[1]));
-		for (i = 2; i < argc; i++) {
-			buf[len++] = ' ';
-			len += strlen(strcpy(&buf[len], argv[i]));
-		}
-	}
-	if (command(buf) == PRELIM) {
-		while (getreply(0) == PRELIM)
-			continue;
-	}
+    strcpy_truncate(buf, initial, sizeof(buf));
+    for(i = 1; i < argc; i++) {
+	if(i > 1)
+	    strcat_truncate(buf, " ", sizeof(buf));
+	strcat_truncate(buf, argv[i], sizeof(buf));
+    }
+    if (command("%s", buf) == PRELIM) {
+	while (getreply(0) == PRELIM)
+	    continue;
+    }
 }
 
 void
@@ -1467,7 +1511,7 @@ disconnect(int argc, char **argv)
 	}
 	cout = NULL;
 	connected = 0;
-	krb4_quit();
+	sec_end();
 	data = -1;
 	if (!proxy) {
 		macnum = 0;
@@ -1485,7 +1529,7 @@ confirm(char *cmd, char *file)
 	fflush(stdout);
 	if (fgets(line, sizeof line, stdin) == NULL)
 		return (0);
-	return (*line != 'n' && *line != 'N');
+	return (*line == 'y' || *line == 'Y');
 }
 
 void
@@ -1531,12 +1575,11 @@ account(int argc, char **argv)
 	if (argc > 1) {
 		++argv;
 		--argc;
-		strncpy(acct,*argv,49);
-		acct[49] = '\0';
+		strcpy_truncate (acct, *argv, sizeof(acct));
 		while (argc > 1) {
 			--argc;
 			++argv;
-			strncat(acct,*argv, 49-strlen(acct));
+			strcat_truncate(acct, *argv, sizeof(acct));
 		}
 	}
 	else {
@@ -1648,14 +1691,12 @@ setntrans(int argc, char **argv)
 	}
 	ntflag++;
 	code = ntflag;
-	strncpy(ntin, argv[1], 16);
-	ntin[16] = '\0';
+	strcpy_truncate (ntin, argv[1], 17);
 	if (argc == 2) {
 		ntout[0] = '\0';
 		return;
 	}
-	strncpy(ntout, argv[2], 16);
-	ntout[16] = '\0';
+	strcpy_truncate (ntout, argv[2], 17);
 }
 
 char *
@@ -1712,10 +1753,10 @@ setnmap(int argc, char **argv)
 		cp = strchr(altarg, ' ');
 	}
 	*cp = '\0';
-	strncpy(mapin, altarg, MaxPathLen - 1);
+	strcpy_truncate(mapin, altarg, MaxPathLen);
 	while (*++cp == ' ')
 		continue;
-	strncpy(mapout, cp, MaxPathLen - 1);
+	strcpy_truncate(mapout, cp, MaxPathLen);
 }
 
 char *
@@ -1967,7 +2008,9 @@ macdef(int argc, char **argv)
 	if (interactive) {
 		printf("Enter macro line by line, terminating it with a null line\n");
 	}
-	strncpy(macros[macnum].mac_name, argv[1], 8);
+	strcpy_truncate(macros[macnum].mac_name,
+			argv[1],
+			sizeof(macros[macnum].mac_name));
 	if (macnum == 0) {
 		macros[macnum].mac_start = macbuf;
 	}
@@ -2067,7 +2110,7 @@ void
 newer(int argc, char **argv)
 {
 
-	if (getit(argc, argv, -1, "w"))
+	if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w"))
 		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
 			argv[2], argv[1]);
 }
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
index 9567e3c..5dc96ef 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
@@ -105,9 +105,13 @@ char	userhelp[] =	"send new user information";
 char	verbosehelp[] =	"toggle verbose mode";
 
 char	prothelp[] = 	"set protection level";
+#ifdef KRB4
 char	kauthhelp[] = 	"get remote tokens";
 char	klisthelp[] =	"show remote tickets";
-char	aklog[] = 	"obtain remote AFS tokens";
+char	kdestroyhelp[] = "destroy remote tickets";
+char	krbtkfilehelp[] = "set filename of remote tickets";
+char	afsloghelp[] = 	"obtain remote AFS tokens";
+#endif
 
 struct cmd cmdtab[] = {
 	{ "!",		shellhelp,	0,	0,	0,	shell },
@@ -184,8 +188,13 @@ struct cmd cmdtab[] = {
 	{ "?",		helphelp,	0,	0,	1,	help },
 
 	{ "prot", 	prothelp, 	0, 	1, 	0,	sec_prot },
+#ifdef KRB4
 	{ "kauth", 	kauthhelp, 	0, 	1, 	0,	kauth },
 	{ "klist", 	klisthelp, 	0, 	1, 	0,	klist },
+	{ "kdestroy",	kdestroyhelp,	0,	1,	0,	kdestroy },
+	{ "krbtkfile",	krbtkfilehelp,	0,	1,	0,	krbtkfile },
+	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
+#endif
 	
 	{ 0 },
 };
diff --git a/crypto/kerberosIV/appl/ftp/ftp/domacro.c b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
index f5a89b9..432e3e5 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/domacro.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/domacro.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: domacro.c,v 1.5 1996/11/17 20:23:10 assar Exp $");
+RCSID("$Id: domacro.c,v 1.6 1998/06/09 19:24:21 joda Exp $");
 
 void
 domacro(int argc, char **argv)
@@ -56,7 +56,7 @@ domacro(int argc, char **argv)
 		code = -1;
 		return;
 	}
-	strcpy(line2, line);
+	strcpy_truncate(line2, line, sizeof(line2));
 TOP:
 	cp1 = macros[i].mac_start;
 	while (cp1 != macros[i].mac_end) {
diff --git a/crypto/kerberosIV/appl/ftp/ftp/extern.h b/crypto/kerberosIV/appl/ftp/ftp/extern.h
index b830999..5efe918 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/extern.h
+++ b/crypto/kerberosIV/appl/ftp/ftp/extern.h
@@ -33,7 +33,7 @@
  *	@(#)extern.h	8.3 (Berkeley) 10/9/94
  */
 
-/* $Id: extern.h,v 1.13 1997/04/20 05:46:48 assar Exp $ */
+/* $Id: extern.h,v 1.16 1999/05/21 09:21:51 assar Exp $ */
 
 #include <setjmp.h>
 #include <stdlib.h>
@@ -107,7 +107,7 @@ void	pwd (int, char **);
 void	quit (int, char **);
 void	quote (int, char **);
 void	quote1 (char *, int, char **);
-void    recvrequest (char *, char *, char *, char *, int);
+void    recvrequest (char *, char *, char *, char *, int, int);
 void	reget (int, char **);
 char   *remglob (char **, int);
 void	removedir (int, char **);
@@ -117,7 +117,7 @@ void	restart (int, char **);
 void	rmthelp (int, char **);
 void	rmtstatus (int, char **);
 int	ruserpass (char *, char **, char **, char **);
-void    sendrequest (char *, char *, char *, int);
+void    sendrequest (char *, char *, char *, char *, int);
 void	setascii (int, char **);
 void	setbell (int, char **);
 void	setbinary (int, char **);
@@ -165,3 +165,9 @@ extern int	NCMDS;
 extern char 	username[32];
 extern char	myhostname[];
 extern char	*mydomain;
+
+void afslog (int, char **);
+void kauth (int, char **);
+void kdestroy (int, char **);
+void klist (int, char **);
+void krbtkfile (int, char **);
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
index cfabda6..3021a19 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/ftp.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
@@ -32,42 +32,38 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: ftp.c,v 1.44 1997/05/18 20:00:31 assar Exp $");
+RCSID ("$Id: ftp.c,v 1.55 1999/06/02 20:12:22 joda Exp $");
 
-struct	sockaddr_in hisctladdr;
-struct	sockaddr_in data_addr;
-int	data = -1;
-int	abrtflag = 0;
-jmp_buf	ptabort;
-int	ptabflg;
-int	ptflag = 0;
-struct	sockaddr_in myctladdr;
-off_t	restart_point = 0;
+struct sockaddr_in hisctladdr;
+struct sockaddr_in data_addr;
+int data = -1;
+int abrtflag = 0;
+jmp_buf ptabort;
+int ptabflg;
+int ptflag = 0;
+struct sockaddr_in myctladdr;
+off_t restart_point = 0;
 
 
-FILE	*cin, *cout;
+FILE *cin, *cout;
 
-typedef void (*sighand)(int);
+typedef void (*sighand) (int);
 
 char *
-hookup(char *host, int port)
+hookup (char *host, int port)
 {
     struct hostent *hp = 0;
-    int s, len, tos;
-    static char hostnamebuf[80];
+    int s, len;
+    static char hostnamebuf[MaxHostNameLen];
 
-    memset(&hisctladdr, 0, sizeof (hisctladdr));
-    if(inet_aton(host, &hisctladdr.sin_addr)){
+    memset (&hisctladdr, 0, sizeof (hisctladdr));
+    if (inet_aton (host, &hisctladdr.sin_addr)) {
 	hisctladdr.sin_family = AF_INET;
-	strncpy(hostnamebuf, host, sizeof(hostnamebuf));
+	strcpy_truncate (hostnamebuf, host, sizeof (hostnamebuf));
     } else {
-	hp = gethostbyname(host);
+	hp = gethostbyname (host);
 	if (hp == NULL) {
-#ifdef HAVE_H_ERRNO
 	    warnx("%s: %s", host, hstrerror(h_errno));
-#else
-	    warnx("%s: %s", host, "unknown error");
-#endif
 	    code = -1;
 	    return NULL;
 	}
@@ -75,73 +71,75 @@ hookup(char *host, int port)
 	memmove(&hisctladdr.sin_addr,
 		hp->h_addr_list[0],
 		sizeof(hisctladdr.sin_addr));
-	strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
-	hostnamebuf[sizeof(hostnamebuf) - 1] = '\0';
+	strcpy_truncate (hostnamebuf, hp->h_name, sizeof (hostnamebuf));
     }
     hostname = hostnamebuf;
-    s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
+    s = socket (hisctladdr.sin_family, SOCK_STREAM, 0);
     if (s < 0) {
-	warn("socket");
+	warn ("socket");
 	code = -1;
 	return (0);
     }
     hisctladdr.sin_port = port;
-    while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) {
+    while (connect (s, (struct sockaddr *) & hisctladdr, sizeof (hisctladdr)) < 0) {
 	if (hp && hp->h_addr_list[1]) {
 	    int oerrno = errno;
 	    char *ia;
 
-	    ia = inet_ntoa(hisctladdr.sin_addr);
+	    ia = inet_ntoa (hisctladdr.sin_addr);
 	    errno = oerrno;
-	    warn("connect to address %s", ia);
+	    warn ("connect to address %s", ia);
 	    hp->h_addr_list++;
-	    memmove(&hisctladdr.sin_addr,
-		    hp->h_addr_list[0],
-		    sizeof(hisctladdr.sin_addr));
-	    fprintf(stdout, "Trying %s...\n",
-		    inet_ntoa(hisctladdr.sin_addr));
-	    close(s);
-	    s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
+	    memmove (&hisctladdr.sin_addr,
+		     hp->h_addr_list[0],
+		     sizeof (hisctladdr.sin_addr));
+	    fprintf (stdout, "Trying %s...\n",
+		     inet_ntoa (hisctladdr.sin_addr));
+	    close (s);
+	    s = socket (hisctladdr.sin_family, SOCK_STREAM, 0);
 	    if (s < 0) {
-		warn("socket");
+		warn ("socket");
 		code = -1;
 		return (0);
 	    }
 	    continue;
 	}
-	warn("connect");
+	warn ("connect");
 	code = -1;
 	goto bad;
     }
     len = sizeof (myctladdr);
-    if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) {
-	warn("getsockname");
+    if (getsockname (s, (struct sockaddr *) & myctladdr, &len) < 0) {
+	warn ("getsockname");
 	code = -1;
 	goto bad;
     }
 #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    tos = IPTOS_LOWDELAY;
+    {
+	int tos = IPTOS_LOWDELAY;
+
     if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
 	warn("setsockopt TOS (ignored)");
+    }
 #endif
-    cin = fdopen(s, "r");
-    cout = fdopen(s, "w");
+    cin = fdopen (s, "r");
+    cout = fdopen (s, "w");
     if (cin == NULL || cout == NULL) {
-	warnx("fdopen failed.");
+	warnx ("fdopen failed.");
 	if (cin)
-	    fclose(cin);
+	    fclose (cin);
 	if (cout)
-	    fclose(cout);
+	    fclose (cout);
 	code = -1;
 	goto bad;
     }
     if (verbose)
-	printf("Connected to %s.\n", hostname);
-    if (getreply(0) > 2) { 	/* read startup message from server */
+	printf ("Connected to %s.\n", hostname);
+    if (getreply (0) > 2) {	/* read startup message from server */
 	if (cin)
-	    fclose(cin);
+	    fclose (cin);
 	if (cout)
-	    fclose(cout);
+	    fclose (cout);
 	code = -1;
 	goto bad;
     }
@@ -149,21 +147,21 @@ hookup(char *host, int port)
     {
 	int on = 1;
 
-	if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on))
+	if (setsockopt (s, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof (on))
 	    < 0 && debug) {
-	    warn("setsockopt");
+	    warn ("setsockopt");
 	}
     }
-#endif /* SO_OOBINLINE */
+#endif				/* SO_OOBINLINE */
 
     return (hostname);
 bad:
-    close(s);
+    close (s);
     return NULL;
 }
 
 int
-login(char *host)
+login (char *host)
 {
     char tmp[80];
     char defaultpass[128];
@@ -172,94 +170,97 @@ login(char *host)
 
     char *myname = NULL;
     struct passwd *pw = k_getpwuid(getuid());
+
     if (pw != NULL)
 	myname = pw->pw_name;
 
     user = pass = acct = 0;
 
-    if(do_klogin(host))
+    if(sec_login(host))
 	printf("\n*** Using plaintext user and password ***\n\n");
     else{
-	printf("Kerberos authentication successful.\n\n");
+	printf("Authentication successful.\n\n");
     }
 
-    if (ruserpass(host, &user, &pass, &acct) < 0) {
+    if (ruserpass (host, &user, &pass, &acct) < 0) {
 	code = -1;
 	return (0);
     }
     while (user == NULL) {
 	if (myname)
-	    printf("Name (%s:%s): ", host, myname);
+	    printf ("Name (%s:%s): ", host, myname);
 	else
-	    printf("Name (%s): ", host);
-	fgets(tmp, sizeof(tmp) - 1, stdin);
-	tmp[strlen(tmp) - 1] = '\0';
+	    printf ("Name (%s): ", host);
+	fgets (tmp, sizeof (tmp) - 1, stdin);
+	tmp[strlen (tmp) - 1] = '\0';
 	if (*tmp == '\0')
 	    user = myname;
 	else
 	    user = tmp;
     }
-    strcpy(username, user);
+    strcpy_truncate(username, user, sizeof(username));
     n = command("USER %s", user);
     if (n == CONTINUE) {
-	if(auth_complete)
+	if(sec_complete)
 	    pass = myname;
 	else if (pass == NULL) {
 	    char prompt[128];
 	    if(myname && 
 	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
-		snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain);
-		snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass);
+		snprintf(defaultpass, sizeof(defaultpass), 
+			 "%s@%s", myname, mydomain);
+		snprintf(prompt, sizeof(prompt), 
+			 "Password (%s): ", defaultpass);
 	    }else{
-		strcpy(defaultpass, "");
+		*defaultpass = '\0';
 		snprintf(prompt, sizeof(prompt), "Password: ");
 	    }
 	    pass = defaultpass;
-	    des_read_pw_string (tmp, sizeof(tmp), prompt, 0);
-	    if(tmp[0])
+	    des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+	    if (tmp[0])
 		pass = tmp;
 	}
-	n = command("PASS %s", pass);
+	n = command ("PASS %s", pass);
     }
     if (n == CONTINUE) {
 	aflag++;
 	acct = tmp;
-	des_read_pw_string(acct, 128, "Account:", 0);
-	n = command("ACCT %s", acct);
+	des_read_pw_string (acct, 128, "Account:", 0);
+	n = command ("ACCT %s", acct);
     }
     if (n != COMPLETE) {
-	warnx("Login failed.");
+	warnx ("Login failed.");
 	return (0);
     }
     if (!aflag && acct != NULL)
-	command("ACCT %s", acct);
+	command ("ACCT %s", acct);
     if (proxy)
 	return (1);
     for (n = 0; n < macnum; ++n) {
 	if (!strcmp("init", macros[n].mac_name)) {
-	    strcpy(line, "$init");
+	    strcpy_truncate (line, "$init", sizeof (line));
 	    makeargv();
 	    domacro(margc, margv);
 	    break;
 	}
     }
-    sec_set_protection_level();
+    sec_set_protection_level ();
     return (1);
 }
 
 void
-cmdabort(int sig)
+cmdabort (int sig)
 {
 
-    printf("\n");
-    fflush(stdout);
+    printf ("\n");
+    fflush (stdout);
     abrtflag++;
     if (ptflag)
-	longjmp(ptabort,1);
+	longjmp (ptabort, 1);
 }
 
 int
-command(char *fmt, ...)
+command (char *fmt,...)
 {
     va_list ap;
     int r;
@@ -267,7 +268,7 @@ command(char *fmt, ...)
 
     abrtflag = 0;
     if (cout == NULL) {
-	warn("No control connection for command");
+	warn ("No control connection for command");
 	code = -1;
 	return (0);
     }
@@ -281,29 +282,26 @@ command(char *fmt, ...)
 	    vfprintf(stdout, fmt, ap);
 	va_start(ap, fmt);
     }
-    if(auth_complete)
-	krb4_write_enc(cout, fmt, ap);
-    else
-	vfprintf(cout, fmt, ap);
+    sec_vfprintf(cout, fmt, ap);
     va_end(ap);
     if(debug){
 	printf("\n");
 	fflush(stdout);
     }
-    fprintf(cout, "\r\n");
-    fflush(cout);
+    fprintf (cout, "\r\n");
+    fflush (cout);
     cpend = 1;
-    r = getreply(!strcmp(fmt, "QUIT"));
+    r = getreply (!strcmp (fmt, "QUIT"));
     if (abrtflag && oldintr != SIG_IGN)
-	(*oldintr)(SIGINT);
-    signal(SIGINT, oldintr);
+	(*oldintr) (SIGINT);
+    signal (SIGINT, oldintr);
     return (r);
 }
 
-char reply_string[BUFSIZ];		/* last line of previous reply */
+char reply_string[BUFSIZ];	/* last line of previous reply */
 
 int
-getreply(int expecteof)
+getreply (int expecteof)
 {
     char *p;
     char *lead_string;
@@ -311,80 +309,82 @@ getreply(int expecteof)
     struct sigaction sa, osa;
     char buf[1024];
 
-    sigemptyset(&sa.sa_mask);
+    sigemptyset (&sa.sa_mask);
     sa.sa_flags = 0;
     sa.sa_handler = cmdabort;
-    sigaction(SIGINT, &sa, &osa);
-    
+    sigaction (SIGINT, &sa, &osa);
+
     p = buf;
 
-    while(1){
-	c = getc(cin);
-	switch(c){
+    while (1) {
+	c = getc (cin);
+	switch (c) {
 	case EOF:
 	    if (expecteof) {
-		sigaction(SIGINT,&osa, NULL);
+		sigaction (SIGINT, &osa, NULL);
 		code = 221;
 		return 0;
 	    }
-	    lostpeer(0);
+	    lostpeer (0);
 	    if (verbose) {
-		printf("421 Service not available, "
-		       "remote server has closed connection\n");
-		fflush(stdout);
+		printf ("421 Service not available, "
+			"remote server has closed connection\n");
+		fflush (stdout);
 	    }
 	    code = 421;
 	    return (4);
-	    break;
 	case IAC:
-	    c = getc(cin);
-	    if(c == WILL || c == WONT)
-		fprintf(cout, "%c%c%c", IAC, DONT, getc(cin));
-	    if(c == DO || c == DONT)
-		fprintf(cout, "%c%c%c", IAC, WONT, getc(cin));
+	    c = getc (cin);
+	    if (c == WILL || c == WONT)
+		fprintf (cout, "%c%c%c", IAC, DONT, getc (cin));
+	    if (c == DO || c == DONT)
+		fprintf (cout, "%c%c%c", IAC, WONT, getc (cin));
 	    continue;
 	case '\n':
-	    *p++ = 0;
+	    *p++ = '\0';
 	    if(isdigit(buf[0])){
 		sscanf(buf, "%d", &code);
 		if(code == 631){
-		    krb4_read_mic(buf);
+		    sec_read_msg(buf, prot_safe);
 		    sscanf(buf, "%d", &code);
 		    lead_string = "S:";
 		} else if(code == 632){
-		    krb4_read_enc(buf);
+		    sec_read_msg(buf, prot_private);
 		    sscanf(buf, "%d", &code);
 		    lead_string = "P:";
 		}else if(code == 633){
-		    printf("Received confidential reply!\n");
-		}else if(auth_complete)
+		    sec_read_msg(buf, prot_confidential);
+		    sscanf(buf, "%d", &code);
+		    lead_string = "C:";
+		}else if(sec_complete)
 		    lead_string = "!!";
 		else
 		    lead_string = "";
-		if(verbose > 0 || (verbose > -1 && code > 499))
-		    fprintf(stdout, "%s%s\n", lead_string, buf);
-		if(buf[3] == ' '){
-		    strcpy(reply_string, buf);
+		if (verbose > 0 || (verbose > -1 && code > 499))
+		    fprintf (stdout, "%s%s\n", lead_string, buf);
+		if (buf[3] == ' ') {
+		    strcpy (reply_string, buf);
 		    if (code >= 200)
 			cpend = 0;
-		    sigaction(SIGINT, &osa, NULL);
+		    sigaction (SIGINT, &osa, NULL);
 		    if (code == 421)
-			lostpeer(0);
+			lostpeer (0);
 #if 1
-		    if (abrtflag && 
-			osa.sa_handler != cmdabort && 
+		    if (abrtflag &&
+			osa.sa_handler != cmdabort &&
 			osa.sa_handler != SIG_IGN)
-			osa.sa_handler(SIGINT);
+			osa.sa_handler (SIGINT);
 #endif
-		    if(code == 227){
+		    if (code == 227) {
 			char *p, *q;
+
 			pasv[0] = 0;
-			p = strchr(reply_string, '(');
-			if(p){
+			p = strchr (reply_string, '(');
+			if (p) {
 			    p++;
 			    q = strchr(p, ')');
 			    if(q){
-				strncpy(pasv, p, q - p);
+				memcpy (pasv, p, q - p);
 				pasv[q - p] = 0;
 			    }
 			}
@@ -393,7 +393,7 @@ getreply(int expecteof)
 		}
 	    }else{
 		if(verbose > 0 || (verbose > -1 && code > 499)){
-		    if(auth_complete)
+		    if(sec_complete)
 			fprintf(stdout, "!!");
 		    fprintf(stdout, "%s\n", buf);
 		}
@@ -404,13 +404,13 @@ getreply(int expecteof)
 	    *p++ = c;
 	}
     }
-    
+
 }
 
 
 #if 0
 int
-getreply(int expecteof)
+getreply (int expecteof)
 {
     int c, n;
     int dig;
@@ -419,24 +419,24 @@ getreply(int expecteof)
     int pflag = 0;
     char *cp, *pt = pasv;
 
-    oldintr = signal(SIGINT, cmdabort);
+    oldintr = signal (SIGINT, cmdabort);
     for (;;) {
 	dig = n = code = 0;
 	cp = reply_string;
-	while ((c = getc(cin)) != '\n') {
-	    if (c == IAC) {     /* handle telnet commands */
-		switch (c = getc(cin)) {
+	while ((c = getc (cin)) != '\n') {
+	    if (c == IAC) {	/* handle telnet commands */
+		switch (c = getc (cin)) {
 		case WILL:
 		case WONT:
-		    c = getc(cin);
-		    fprintf(cout, "%c%c%c", IAC, DONT, c);
-		    fflush(cout);
+		    c = getc (cin);
+		    fprintf (cout, "%c%c%c", IAC, DONT, c);
+		    fflush (cout);
 		    break;
 		case DO:
 		case DONT:
-		    c = getc(cin);
-		    fprintf(cout, "%c%c%c", IAC, WONT, c);
-		    fflush(cout);
+		    c = getc (cin);
+		    fprintf (cout, "%c%c%c", IAC, WONT, c);
+		    fflush (cout);
 		    break;
 		default:
 		    break;
@@ -446,14 +446,14 @@ getreply(int expecteof)
 	    dig++;
 	    if (c == EOF) {
 		if (expecteof) {
-		    signal(SIGINT,oldintr);
+		    signal (SIGINT, oldintr);
 		    code = 221;
 		    return (0);
 		}
-		lostpeer(0);
+		lostpeer (0);
 		if (verbose) {
-		    printf("421 Service not available, remote server has closed connection\n");
-		    fflush(stdout);
+		    printf ("421 Service not available, remote server has closed connection\n");
+		    fflush (stdout);
 		}
 		code = 421;
 		return (4);
@@ -462,14 +462,14 @@ getreply(int expecteof)
 			      (verbose > -1 && n == '5' && dig > 4))) {
 		if (proxflag &&
 		    (dig == 1 || dig == 5 && verbose == 0))
-		    printf("%s:",hostname);
-		putchar(c);
+		    printf ("%s:", hostname);
+		putchar (c);
 	    }
-	    if (dig < 4 && isdigit(c))
+	    if (dig < 4 && isdigit (c))
 		code = code * 10 + (c - '0');
 	    if (!pflag && code == 227)
 		pflag = 1;
-	    if (dig > 4 && pflag == 1 && isdigit(c))
+	    if (dig > 4 && pflag == 1 && isdigit (c))
 		pflag = 2;
 	    if (pflag == 2) {
 		if (c != '\r' && c != ')')
@@ -486,11 +486,11 @@ getreply(int expecteof)
 	    }
 	    if (n == 0)
 		n = c;
-	    if (cp < &reply_string[sizeof(reply_string) - 1])
+	    if (cp < &reply_string[sizeof (reply_string) - 1])
 		*cp++ = c;
 	}
 	if (verbose > 0 || verbose > -1 && n == '5') {
-	    putchar(c);
+	    putchar (c);
 	    fflush (stdout);
 	}
 	if (continuation && code != originalcode) {
@@ -499,112 +499,114 @@ getreply(int expecteof)
 	    continue;
 	}
 	*cp = '\0';
-	if(auth_complete){
+	if(sec_complete){
 	    if(code == 631)
-		krb4_read_mic(reply_string);
-	    else
-		krb4_read_enc(reply_string);
+		sec_read_msg(reply_string, prot_safe);
+	    else if(code == 632)
+		sec_read_msg(reply_string, prot_private);
+	    else if(code == 633)
+		sec_read_msg(reply_string, prot_confidential);
 	    n = code / 100 + '0';
 	}
-
 	if (n != '1')
 	    cpend = 0;
-	signal(SIGINT,oldintr);
+	signal (SIGINT, oldintr);
 	if (code == 421 || originalcode == 421)
-	    lostpeer(0);
+	    lostpeer (0);
 	if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
-	    (*oldintr)(SIGINT);
+	    (*oldintr) (SIGINT);
 	return (n - '0');
     }
 }
+
 #endif
 
 int
-empty(fd_set *mask, int sec)
+empty (fd_set * mask, int sec)
 {
     struct timeval t;
 
     t.tv_sec = (long) sec;
     t.tv_usec = 0;
-    return (select(32, mask, NULL, NULL, &t));
+    return (select (32, mask, NULL, NULL, &t));
 }
 
-jmp_buf	sendabort;
+jmp_buf sendabort;
 
 static RETSIGTYPE
-abortsend(int sig)
+abortsend (int sig)
 {
 
     mflag = 0;
     abrtflag = 0;
-    printf("\nsend aborted\nwaiting for remote to finish abort\n");
-    fflush(stdout);
-    longjmp(sendabort, 1);
+    printf ("\nsend aborted\nwaiting for remote to finish abort\n");
+    fflush (stdout);
+    longjmp (sendabort, 1);
 }
 
 #define HASHBYTES 1024
 
 static int
-copy_stream(FILE *from, FILE *to)
+copy_stream (FILE * from, FILE * to)
 {
     static size_t bufsize;
     static char *buf;
     int n;
     int bytes = 0;
-    int werr;
+    int werr = 0;
     int hashbytes = HASHBYTES;
     struct stat st;
-    
-#ifdef HAVE_MMAP
+
+#if defined(HAVE_MMAP) && !defined(NO_MMAP)
     void *chunk;
 
 #ifndef MAP_FAILED
 #define MAP_FAILED (-1)
 #endif
 
-    if(fstat(fileno(from), &st) == 0 && S_ISREG(st.st_mode)){
-	chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fileno(from), 0);
-	if (chunk != (void *)MAP_FAILED) {
+    if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
+	chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
+	if (chunk != (void *) MAP_FAILED) {
 	    int res;
 
-	    res = sec_write(fileno(to), chunk, st.st_size);
-	    if (munmap(chunk, st.st_size) < 0)
+	    res = sec_write (fileno (to), chunk, st.st_size);
+	    if (munmap (chunk, st.st_size) < 0)
 		warn ("munmap");
-	    sec_fflush(to);
+	    sec_fflush (to);
 	    return res;
 	}
     }
 #endif
 
     buf = alloc_buffer (buf, &bufsize,
-			fstat(fileno(from), &st) >= 0 ? &st : NULL);
+			fstat (fileno (from), &st) >= 0 ? &st : NULL);
     if (buf == NULL)
 	return -1;
 
-    while((n = read(fileno(from), buf, bufsize)) > 0){
-	werr = sec_write(fileno(to), buf, n);
-	if(werr < 0)
+    while ((n = read (fileno (from), buf, bufsize)) > 0) {
+	werr = sec_write (fileno (to), buf, n);
+	if (werr < 0)
 	    break;
 	bytes += werr;
-	while(hash && bytes > hashbytes){
-	    putchar('#');
+	while (hash && bytes > hashbytes) {
+	    putchar ('#');
 	    hashbytes += HASHBYTES;
 	}
     }
-    sec_fflush(to);
-    if(n < 0)
-	warn("local");
+    sec_fflush (to);
+    if (n < 0)
+	warn ("local");
 
-    if(werr < 0){
-	if(errno != EPIPE)
-	    warn("netout");
+    if (werr < 0) {
+	if (errno != EPIPE)
+	    warn ("netout");
 	bytes = -1;
     }
     return bytes;
 }
 
 void
-sendrequest(char *cmd, char *local, char *remote, int printnames)
+sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
 {
     struct stat st;
     struct timeval start, stop;
@@ -613,124 +615,123 @@ sendrequest(char *cmd, char *local, char *remote, int printnames)
     int (*closefunc) (FILE *);
     RETSIGTYPE (*oldintr)(), (*oldintp)();
     long bytes = 0, hashbytes = HASHBYTES;
-    char *lmode;
+    char *rmode = "w";
 
     if (verbose && printnames) {
-	if (local && *local != '-')
-	    printf("local: %s ", local);
+	if (local && strcmp (local, "-") != 0)
+	    printf ("local: %s ", local);
 	if (remote)
-	    printf("remote: %s\n", remote);
+	    printf ("remote: %s\n", remote);
     }
     if (proxy) {
-	proxtrans(cmd, local, remote);
+	proxtrans (cmd, local, remote);
 	return;
     }
     if (curtype != type)
-	changetype(type, 0);
+	changetype (type, 0);
     closefunc = NULL;
     oldintr = NULL;
     oldintp = NULL;
-    lmode = "w";
-    if (setjmp(sendabort)) {
+
+    if (setjmp (sendabort)) {
 	while (cpend) {
-	    getreply(0);
+	    getreply (0);
 	}
 	if (data >= 0) {
-	    close(data);
+	    close (data);
 	    data = -1;
 	}
 	if (oldintr)
-	    signal(SIGINT,oldintr);
+	    signal (SIGINT, oldintr);
 	if (oldintp)
-	    signal(SIGPIPE,oldintp);
+	    signal (SIGPIPE, oldintp);
 	code = -1;
 	return;
     }
-    oldintr = signal(SIGINT, abortsend);
-    if (strcmp(local, "-") == 0)
+    oldintr = signal (SIGINT, abortsend);
+    if (strcmp (local, "-") == 0)
 	fin = stdin;
     else if (*local == '|') {
-	oldintp = signal(SIGPIPE,SIG_IGN);
-	fin = popen(local + 1, "r");
+	oldintp = signal (SIGPIPE, SIG_IGN);
+	fin = popen (local + 1, lmode);
 	if (fin == NULL) {
-	    warn("%s", local + 1);
-	    signal(SIGINT, oldintr);
-	    signal(SIGPIPE, oldintp);
+	    warn ("%s", local + 1);
+	    signal (SIGINT, oldintr);
+	    signal (SIGPIPE, oldintp);
 	    code = -1;
 	    return;
 	}
 	closefunc = pclose;
     } else {
-	fin = fopen(local, "r");
+	fin = fopen (local, lmode);
 	if (fin == NULL) {
-	    warn("local: %s", local);
-	    signal(SIGINT, oldintr);
+	    warn ("local: %s", local);
+	    signal (SIGINT, oldintr);
 	    code = -1;
 	    return;
 	}
 	closefunc = fclose;
-	if (fstat(fileno(fin), &st) < 0 ||
-	    (st.st_mode&S_IFMT) != S_IFREG) {
-	    fprintf(stdout, "%s: not a plain file.\n", local);
-	    signal(SIGINT, oldintr);
-	    fclose(fin);
+	if (fstat (fileno (fin), &st) < 0 ||
+	    (st.st_mode & S_IFMT) != S_IFREG) {
+	    fprintf (stdout, "%s: not a plain file.\n", local);
+	    signal (SIGINT, oldintr);
+	    fclose (fin);
 	    code = -1;
 	    return;
 	}
     }
-    if (initconn()) {
-	signal(SIGINT, oldintr);
+    if (initconn ()) {
+	signal (SIGINT, oldintr);
 	if (oldintp)
-	    signal(SIGPIPE, oldintp);
+	    signal (SIGPIPE, oldintp);
 	code = -1;
 	if (closefunc != NULL)
-	    (*closefunc)(fin);
+	    (*closefunc) (fin);
 	return;
     }
-    if (setjmp(sendabort))
+    if (setjmp (sendabort))
 	goto abort;
 
     if (restart_point &&
-	(strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) {
+	(strcmp (cmd, "STOR") == 0 || strcmp (cmd, "APPE") == 0)) {
 	int rc;
 
 	switch (curtype) {
 	case TYPE_A:
-	    rc = fseek(fin, (long) restart_point, SEEK_SET);
+	    rc = fseek (fin, (long) restart_point, SEEK_SET);
 	    break;
 	case TYPE_I:
 	case TYPE_L:
-	    rc = lseek(fileno(fin), restart_point, SEEK_SET);
+	    rc = lseek (fileno (fin), restart_point, SEEK_SET);
 	    break;
 	}
 	if (rc < 0) {
-	    warn("local: %s", local);
+	    warn ("local: %s", local);
 	    restart_point = 0;
 	    if (closefunc != NULL)
-		(*closefunc)(fin);
+		(*closefunc) (fin);
 	    return;
 	}
-	if (command("REST %ld", (long) restart_point)
+	if (command ("REST %ld", (long) restart_point)
 	    != CONTINUE) {
 	    restart_point = 0;
 	    if (closefunc != NULL)
-		(*closefunc)(fin);
+		(*closefunc) (fin);
 	    return;
 	}
 	restart_point = 0;
-	lmode = "r+w";
+	rmode = "r+w";
     }
     if (remote) {
-	if (command("%s %s", cmd, remote) != PRELIM) {
-	    signal(SIGINT, oldintr);
+	if (command ("%s %s", cmd, remote) != PRELIM) {
+	    signal (SIGINT, oldintr);
 	    if (oldintp)
-		signal(SIGPIPE, oldintp);
+		signal (SIGPIPE, oldintp);
 	    if (closefunc != NULL)
-		(*closefunc)(fin);
+		(*closefunc) (fin);
 	    return;
 	}
-    } else
-	if (command("%s", cmd) != PRELIM) {
+    } else if (command ("%s", cmd) != PRELIM) {
 	    signal(SIGINT, oldintr);
 	    if (oldintp)
 		signal(SIGPIPE, oldintp);
@@ -738,101 +739,102 @@ sendrequest(char *cmd, char *local, char *remote, int printnames)
 		(*closefunc)(fin);
 	    return;
 	}
-    dout = dataconn(lmode);
+    dout = dataconn(rmode);
     if (dout == NULL)
 	goto abort;
-    set_buffer_size(fileno(dout), 0);
-    gettimeofday(&start, (struct timezone *)0);
-    oldintp = signal(SIGPIPE, SIG_IGN);
+    set_buffer_size (fileno (dout), 0);
+    gettimeofday (&start, (struct timezone *) 0);
+    oldintp = signal (SIGPIPE, SIG_IGN);
     switch (curtype) {
 
     case TYPE_I:
     case TYPE_L:
 	errno = d = c = 0;
-	bytes = copy_stream(fin, dout);
+	bytes = copy_stream (fin, dout);
 	break;
 
     case TYPE_A:
-	while ((c = getc(fin)) != EOF) {
+	while ((c = getc (fin)) != EOF) {
 	    if (c == '\n') {
 		while (hash && (bytes >= hashbytes)) {
-		    putchar('#');
-		    fflush(stdout);
+		    putchar ('#');
+		    fflush (stdout);
 		    hashbytes += HASHBYTES;
 		}
-		if (ferror(dout))
+		if (ferror (dout))
 		    break;
-		sec_putc('\r', dout);
+		sec_putc ('\r', dout);
 		bytes++;
 	    }
-	    sec_putc(c, dout);
+	    sec_putc (c, dout);
 	    bytes++;
 	}
-	sec_fflush(dout);
+	sec_fflush (dout);
 	if (hash) {
 	    if (bytes < hashbytes)
-		putchar('#');
-	    putchar('\n');
-	    fflush(stdout);
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
 	}
-	if (ferror(fin))
-	    warn("local: %s", local);
-	if (ferror(dout)) {
+	if (ferror (fin))
+	    warn ("local: %s", local);
+	if (ferror (dout)) {
 	    if (errno != EPIPE)
-		warn("netout");
+		warn ("netout");
 	    bytes = -1;
 	}
 	break;
     }
     if (closefunc != NULL)
-	(*closefunc)(fin);
-    fclose(dout);
-    gettimeofday(&stop, (struct timezone *)0);
-    getreply(0);
-    signal(SIGINT, oldintr);
+	(*closefunc) (fin);
+    fclose (dout);
+    gettimeofday (&stop, (struct timezone *) 0);
+    getreply (0);
+    signal (SIGINT, oldintr);
     if (oldintp)
-	signal(SIGPIPE, oldintp);
+	signal (SIGPIPE, oldintp);
     if (bytes > 0)
-	ptransfer("sent", bytes, &start, &stop);
+	ptransfer ("sent", bytes, &start, &stop);
     return;
 abort:
-    signal(SIGINT, oldintr);
+    signal (SIGINT, oldintr);
     if (oldintp)
-	signal(SIGPIPE, oldintp);
+	signal (SIGPIPE, oldintp);
     if (!cpend) {
 	code = -1;
 	return;
     }
     if (data >= 0) {
-	close(data);
+	close (data);
 	data = -1;
     }
     if (dout)
-	fclose(dout);
-    getreply(0);
+	fclose (dout);
+    getreply (0);
     code = -1;
     if (closefunc != NULL && fin != NULL)
-	(*closefunc)(fin);
-    gettimeofday(&stop, (struct timezone *)0);
+	(*closefunc) (fin);
+    gettimeofday (&stop, (struct timezone *) 0);
     if (bytes > 0)
-	ptransfer("sent", bytes, &start, &stop);
+	ptransfer ("sent", bytes, &start, &stop);
 }
 
-jmp_buf	recvabort;
+jmp_buf recvabort;
 
 void
-abortrecv(int sig)
+abortrecv (int sig)
 {
 
     mflag = 0;
     abrtflag = 0;
-    printf("\nreceive aborted\nwaiting for remote to finish abort\n");
-    fflush(stdout);
-    longjmp(recvabort, 1);
+    printf ("\nreceive aborted\nwaiting for remote to finish abort\n");
+    fflush (stdout);
+    longjmp (recvabort, 1);
 }
 
 void
-recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
+recvrequest (char *cmd, char *local, char *remote,
+	     char *lmode, int printnames, int local_given)
 {
     FILE *fout, *din = 0;
     int (*closefunc) (FILE *);
@@ -844,72 +846,71 @@ recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
     struct timeval start, stop;
     struct stat st;
 
-    is_retr = strcmp(cmd, "RETR") == 0;
+    is_retr = strcmp (cmd, "RETR") == 0;
     if (is_retr && verbose && printnames) {
-	if (local && *local != '-')
-	    printf("local: %s ", local);
+	if (local && strcmp (local, "-") != 0)
+	    printf ("local: %s ", local);
 	if (remote)
-	    printf("remote: %s\n", remote);
+	    printf ("remote: %s\n", remote);
     }
     if (proxy && is_retr) {
-	proxtrans(cmd, local, remote);
+	proxtrans (cmd, local, remote);
 	return;
     }
     closefunc = NULL;
     oldintr = NULL;
     oldintp = NULL;
     tcrflag = !crflag && is_retr;
-    if (setjmp(recvabort)) {
+    if (setjmp (recvabort)) {
 	while (cpend) {
-	    getreply(0);
+	    getreply (0);
 	}
 	if (data >= 0) {
-	    close(data);
+	    close (data);
 	    data = -1;
 	}
 	if (oldintr)
-	    signal(SIGINT, oldintr);
+	    signal (SIGINT, oldintr);
 	code = -1;
 	return;
     }
-    oldintr = signal(SIGINT, abortrecv);
-    if (strcmp(local, "-") && *local != '|') {
-	if (access(local, 2) < 0) {
-	    char *dir = strrchr(local, '/');
+    oldintr = signal (SIGINT, abortrecv);
+    if (!local_given || (strcmp (local, "-") && *local != '|')) {
+	if (access (local, 2) < 0) {
+	    char *dir = strrchr (local, '/');
 
 	    if (errno != ENOENT && errno != EACCES) {
-		warn("local: %s", local);
-		signal(SIGINT, oldintr);
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
 		code = -1;
 		return;
 	    }
 	    if (dir != NULL)
 		*dir = 0;
-	    d = access(dir ? local : ".", 2);
+	    d = access (dir ? local : ".", 2);
 	    if (dir != NULL)
 		*dir = '/';
 	    if (d < 0) {
-		warn("local: %s", local);
-		signal(SIGINT, oldintr);
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
 		code = -1;
 		return;
 	    }
 	    if (!runique && errno == EACCES &&
-		chmod(local, 0600) < 0) {
-		warn("local: %s", local);
-		signal(SIGINT, oldintr);
-		signal(SIGINT, oldintr);
+		chmod (local, 0600) < 0) {
+		warn ("local: %s", local);
+		signal (SIGINT, oldintr);
+		signal (SIGINT, oldintr);
 		code = -1;
 		return;
 	    }
 	    if (runique && errno == EACCES &&
-		(local = gunique(local)) == NULL) {
-		signal(SIGINT, oldintr);
+		(local = gunique (local)) == NULL) {
+		signal (SIGINT, oldintr);
 		code = -1;
 		return;
 	    }
-	}
-	else if (runique && (local = gunique(local)) == NULL) {
+	} else if (runique && (local = gunique (local)) == NULL) {
 	    signal(SIGINT, oldintr);
 	    code = -1;
 	    return;
@@ -917,98 +918,98 @@ recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
     }
     if (!is_retr) {
 	if (curtype != TYPE_A)
-	    changetype(TYPE_A, 0);
+	    changetype (TYPE_A, 0);
     } else if (curtype != type)
-	changetype(type, 0);
-    if (initconn()) {
-	signal(SIGINT, oldintr);
+	changetype (type, 0);
+    if (initconn ()) {
+	signal (SIGINT, oldintr);
 	code = -1;
 	return;
     }
-    if (setjmp(recvabort))
+    if (setjmp (recvabort))
 	goto abort;
     if (is_retr && restart_point &&
-	command("REST %ld", (long) restart_point) != CONTINUE)
+	command ("REST %ld", (long) restart_point) != CONTINUE)
 	return;
     if (remote) {
-	if (command("%s %s", cmd, remote) != PRELIM) {
-	    signal(SIGINT, oldintr);
+	if (command ("%s %s", cmd, remote) != PRELIM) {
+	    signal (SIGINT, oldintr);
 	    return;
 	}
     } else {
-	if (command("%s", cmd) != PRELIM) {
-	    signal(SIGINT, oldintr);
+	if (command ("%s", cmd) != PRELIM) {
+	    signal (SIGINT, oldintr);
 	    return;
 	}
     }
-    din = dataconn("r");
+    din = dataconn ("r");
     if (din == NULL)
 	goto abort;
-    set_buffer_size(fileno(din), 1);
-    if (strcmp(local, "-") == 0)
+    set_buffer_size (fileno (din), 1);
+    if (local_given && strcmp (local, "-") == 0)
 	fout = stdout;
-    else if (*local == '|') {
-	oldintp = signal(SIGPIPE, SIG_IGN);
-	fout = popen(local + 1, "w");
+    else if (local_given && *local == '|') {
+	oldintp = signal (SIGPIPE, SIG_IGN);
+	fout = popen (local + 1, "w");
 	if (fout == NULL) {
-	    warn("%s", local+1);
+	    warn ("%s", local + 1);
 	    goto abort;
 	}
 	closefunc = pclose;
     } else {
-	fout = fopen(local, lmode);
+	fout = fopen (local, lmode);
 	if (fout == NULL) {
-	    warn("local: %s", local);
+	    warn ("local: %s", local);
 	    goto abort;
 	}
 	closefunc = fclose;
     }
     buf = alloc_buffer (buf, &bufsize,
-			fstat(fileno(fout), &st) >= 0 ? &st : NULL);
+			fstat (fileno (fout), &st) >= 0 ? &st : NULL);
     if (buf == NULL)
 	goto abort;
 
-    gettimeofday(&start, (struct timezone *)0);
+    gettimeofday (&start, (struct timezone *) 0);
     switch (curtype) {
 
     case TYPE_I:
     case TYPE_L:
 	if (restart_point &&
-	    lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
-	    warn("local: %s", local);
+	    lseek (fileno (fout), restart_point, SEEK_SET) < 0) {
+	    warn ("local: %s", local);
 	    if (closefunc != NULL)
-		(*closefunc)(fout);
+		(*closefunc) (fout);
 	    return;
 	}
 	errno = d = 0;
-	while ((c = sec_read(fileno(din), buf, bufsize)) > 0) {
-	    if ((d = write(fileno(fout), buf, c)) != c)
+	while ((c = sec_read (fileno (din), buf, bufsize)) > 0) {
+	    if ((d = write (fileno (fout), buf, c)) != c)
 		break;
 	    bytes += c;
 	    if (hash) {
 		while (bytes >= hashbytes) {
-		    putchar('#');
+		    putchar ('#');
 		    hashbytes += HASHBYTES;
 		}
-		fflush(stdout);
+		fflush (stdout);
 	    }
 	}
 	if (hash && bytes > 0) {
 	    if (bytes < HASHBYTES)
-		putchar('#');
-	    putchar('\n');
-	    fflush(stdout);
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
 	}
 	if (c < 0) {
 	    if (errno != EPIPE)
-		warn("netin");
+		warn ("netin");
 	    bytes = -1;
 	}
 	if (d < c) {
 	    if (d < 0)
-		warn("local: %s", local);
+		warn ("local: %s", local);
 	    else
-		warnx("%s: short write", local);
+		warnx ("%s: short write", local);
 	}
 	break;
 
@@ -1016,38 +1017,37 @@ recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
 	if (restart_point) {
 	    int i, n, ch;
 
-	    if (fseek(fout, 0L, SEEK_SET) < 0)
+	    if (fseek (fout, 0L, SEEK_SET) < 0)
 		goto done;
 	    n = restart_point;
 	    for (i = 0; i++ < n;) {
-		if ((ch = sec_getc(fout)) == EOF)
+		if ((ch = sec_getc (fout)) == EOF)
 		    goto done;
 		if (ch == '\n')
 		    i++;
 	    }
-	    if (fseek(fout, 0L, SEEK_CUR) < 0) {
-	    done:
-		warn("local: %s", local);
+	    if (fseek (fout, 0L, SEEK_CUR) < 0) {
+	done:
+		warn ("local: %s", local);
 		if (closefunc != NULL)
-		    (*closefunc)(fout);
+		    (*closefunc) (fout);
 		return;
 	    }
 	}
-
 	while ((c = sec_getc(din)) != EOF) {
 	    if (c == '\n')
 		bare_lfs++;
 	    while (c == '\r') {
 		while (hash && (bytes >= hashbytes)) {
-		    putchar('#');
-		    fflush(stdout);
+		    putchar ('#');
+		    fflush (stdout);
 		    hashbytes += HASHBYTES;
 		}
 		bytes++;
-		if ((c = sec_getc(din)) != '\n' || tcrflag) {
-		    if (ferror(fout))
+		if ((c = sec_getc (din)) != '\n' || tcrflag) {
+		    if (ferror (fout))
 			goto break2;
-		    putc('\r', fout);
+		    putc ('\r', fout);
 		    if (c == '\0') {
 			bytes++;
 			goto contin2;
@@ -1056,69 +1056,68 @@ recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames)
 			goto contin2;
 		}
 	    }
-	    putc(c, fout);
+	    putc (c, fout);
 	    bytes++;
-	contin2:	;
+    contin2:;
 	}
-    break2:
+break2:
 	if (bare_lfs) {
-	    printf("WARNING! %d bare linefeeds received in ASCII mode\n",
-		   bare_lfs);
-	    printf("File may not have transferred correctly.\n");
+	    printf ("WARNING! %d bare linefeeds received in ASCII mode\n",
+		    bare_lfs);
+	    printf ("File may not have transferred correctly.\n");
 	}
 	if (hash) {
 	    if (bytes < hashbytes)
-		putchar('#');
-	    putchar('\n');
-	    fflush(stdout);
+		putchar ('#');
+	    putchar ('\n');
+	    fflush (stdout);
 	}
-	if (ferror(din)) {
+	if (ferror (din)) {
 	    if (errno != EPIPE)
-		warn("netin");
+		warn ("netin");
 	    bytes = -1;
 	}
-	if (ferror(fout))
-	    warn("local: %s", local);
+	if (ferror (fout))
+	    warn ("local: %s", local);
 	break;
     }
     if (closefunc != NULL)
-	(*closefunc)(fout);
-    signal(SIGINT, oldintr);
+	(*closefunc) (fout);
+    signal (SIGINT, oldintr);
     if (oldintp)
-	signal(SIGPIPE, oldintp);
-    fclose(din);
-    gettimeofday(&stop, (struct timezone *)0);
-    getreply(0);
+	signal (SIGPIPE, oldintp);
+    fclose (din);
+    gettimeofday (&stop, (struct timezone *) 0);
+    getreply (0);
     if (bytes > 0 && is_retr)
-	ptransfer("received", bytes, &start, &stop);
+	ptransfer ("received", bytes, &start, &stop);
     return;
 abort:
 
     /* abort using RFC959 recommended IP,SYNC sequence  */
 
     if (oldintp)
-	signal(SIGPIPE, oldintr);
-    signal(SIGINT, SIG_IGN);
+	signal (SIGPIPE, oldintr);
+    signal (SIGINT, SIG_IGN);
     if (!cpend) {
 	code = -1;
-	signal(SIGINT, oldintr);
+	signal (SIGINT, oldintr);
 	return;
     }
-
     abort_remote(din);
     code = -1;
     if (data >= 0) {
-	close(data);
+	close (data);
 	data = -1;
     }
     if (closefunc != NULL && fout != NULL)
-	(*closefunc)(fout);
+	(*closefunc) (fout);
     if (din)
-	fclose(din);
-    gettimeofday(&stop, (struct timezone *)0);
+	fclose (din);
+    gettimeofday (&stop, (struct timezone *) 0);
     if (bytes > 0)
-	ptransfer("received", bytes, &start, &stop);
-    signal(SIGINT, oldintr);
+	ptransfer ("received", bytes, &start, &stop);
+    signal (SIGINT, oldintr);
 }
 
 /*
@@ -1126,112 +1125,110 @@ abort:
  * otherwise the server's connect may fail.
  */
 int
-initconn(void)
+initconn (void)
 {
     int result, len, tmpno = 0;
     int on = 1;
     int a0, a1, a2, a3, p0, p1;
 
     if (passivemode) {
-	data = socket(AF_INET, SOCK_STREAM, 0);
+	data = socket (AF_INET, SOCK_STREAM, 0);
 	if (data < 0) {
-	    perror("ftp: socket");
-	    return(1);
+	    perror ("ftp: socket");
+	    return (1);
 	}
 #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
 	if ((options & SO_DEBUG) &&
-	    setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on,
-		       sizeof (on)) < 0)
-	    perror("ftp: setsockopt (ignored)");
+	    setsockopt (data, SOL_SOCKET, SO_DEBUG, (char *) &on,
+			sizeof (on)) < 0)
+	    perror ("ftp: setsockopt (ignored)");
 #endif
-	if (command("PASV") != COMPLETE) {
-	    printf("Passive mode refused.\n");
+	if (command ("PASV") != COMPLETE) {
+	    printf ("Passive mode refused.\n");
 	    goto bad;
 	}
 
 	/*
-	 * What we've got at this point is a string of comma
-	 * separated one-byte unsigned integer values.
-	 * The first four are the an IP address. The fifth is
-	 * the MSB of the port number, the sixth is the LSB.
-	 * From that we'll prepare a sockaddr_in.
+	 * What we've got at this point is a string of comma separated
+	 * one-byte unsigned integer values. The first four are the an IP
+	 * address. The fifth is the MSB of the port number, the sixth is the
+	 * LSB. From that we'll prepare a sockaddr_in.
 	 */
 
-	if (sscanf(pasv,"%d,%d,%d,%d,%d,%d",
-		   &a0, &a1, &a2, &a3, &p0, &p1) != 6) {
-	    printf("Passive mode address scan failure. "
-		   "Shouldn't happen!\n");
+	if (sscanf (pasv, "%d,%d,%d,%d,%d,%d",
+		    &a0, &a1, &a2, &a3, &p0, &p1) != 6) {
+	    printf ("Passive mode address scan failure. "
+		    "Shouldn't happen!\n");
 	    goto bad;
 	}
-	if(a0 < 0 || a0 > 255 || 
-	   a1 < 0 || a1 > 255 || 
-	   a2 < 0 || a2 > 255 || 
-	   a3 < 0 || a3 > 255 || 
-	   p0 < 0 || p0 > 255 || 
-	   p1 < 0 || p1 > 255){
-	    printf("Can't parse passive mode string.\n");
+	if (a0 < 0 || a0 > 255 ||
+	    a1 < 0 || a1 > 255 ||
+	    a2 < 0 || a2 > 255 ||
+	    a3 < 0 || a3 > 255 ||
+	    p0 < 0 || p0 > 255 ||
+	    p1 < 0 || p1 > 255) {
+	    printf ("Can't parse passive mode string.\n");
 	    goto bad;
 	}
-	
 	memset(&data_addr, 0, sizeof(data_addr));
 	data_addr.sin_family = AF_INET;
-	data_addr.sin_addr.s_addr = htonl((a0 << 24) | (a1 << 16) | 
-					  (a2 << 8) | a3);
-	data_addr.sin_port = htons((p0 << 8) | p1);
+	data_addr.sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
+					   (a2 << 8) | a3);
+	data_addr.sin_port = htons ((p0 << 8) | p1);
 
-	if (connect(data, (struct sockaddr *)&data_addr,
-		    sizeof(data_addr)) < 0) {
-	    perror("ftp: connect");
+	if (connect (data, (struct sockaddr *) & data_addr,
+		     sizeof (data_addr)) < 0) {
+	    perror ("ftp: connect");
 	    goto bad;
 	}
 #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
 	on = IPTOS_THROUGHPUT;
-	if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on,
-		       sizeof(int)) < 0)
-	    perror("ftp: setsockopt TOS (ignored)");
+	if (setsockopt (data, IPPROTO_IP, IP_TOS, (char *) &on,
+			sizeof (int)) < 0)
+	    perror ("ftp: setsockopt TOS (ignored)");
 #endif
-	return(0);
+	return (0);
     }
-
 noport:
     data_addr = myctladdr;
     if (sendport)
-	data_addr.sin_port = 0;	/* let system pick one */ 
+	data_addr.sin_port = 0;	/* let system pick one */
     if (data != -1)
-	close(data);
-    data = socket(AF_INET, SOCK_STREAM, 0);
+	close (data);
+    data = socket (AF_INET, SOCK_STREAM, 0);
     if (data < 0) {
-	warn("socket");
+	warn ("socket");
 	if (tmpno)
 	    sendport = 1;
 	return (1);
     }
 #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
     if (!sendport)
-	if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) {
-	    warn("setsockopt (reuse address)");
+	if (setsockopt (data, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof (on)) < 0) {
+	    warn ("setsockopt (reuse address)");
 	    goto bad;
 	}
 #endif
-    if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) {
-	warn("bind");
+    if (bind (data, (struct sockaddr *) & data_addr, sizeof (data_addr)) < 0) {
+	warn ("bind");
 	goto bad;
     }
 #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
     if (options & SO_DEBUG &&
-	setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0)
-	warn("setsockopt (ignored)");
+     setsockopt (data, SOL_SOCKET, SO_DEBUG, (char *) &on, sizeof (on)) < 0)
+	warn ("setsockopt (ignored)");
 #endif
     len = sizeof (data_addr);
-    if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) {
-	warn("getsockname");
+    if (getsockname (data, (struct sockaddr *) & data_addr, &len) < 0) {
+	warn ("getsockname");
 	goto bad;
     }
-    if (listen(data, 1) < 0)
-	warn("listen");
+    if (listen (data, 1) < 0)
+	warn ("listen");
     if (sendport) {
 	unsigned int a = ntohl(data_addr.sin_addr.s_addr);
 	unsigned int p = ntohs(data_addr.sin_port);
+
 	result = command("PORT %d,%d,%d,%d,%d,%d", 
 			 (a >> 24) & 0xff,
 			 (a >> 16) & 0xff,
@@ -1250,88 +1247,88 @@ noport:
 	sendport = 1;
 #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
     on = IPTOS_THROUGHPUT;
-    if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
-	warn("setsockopt TOS (ignored)");
+    if (setsockopt (data, IPPROTO_IP, IP_TOS, (char *) &on, sizeof (int)) < 0)
+	warn ("setsockopt TOS (ignored)");
 #endif
     return (0);
 bad:
-    close(data), data = -1;
+    close (data), data = -1;
     if (tmpno)
 	sendport = 1;
     return (1);
 }
 
 FILE *
-dataconn(char *lmode)
+dataconn (char *lmode)
 {
     struct sockaddr_in from;
     int s, fromlen = sizeof (from), tos;
 
     if (passivemode)
-	return (fdopen(data, lmode));
+	return (fdopen (data, lmode));
 
-    s = accept(data, (struct sockaddr *) &from, &fromlen);
+    s = accept (data, (struct sockaddr *) & from, &fromlen);
     if (s < 0) {
-	warn("accept");
-	close(data), data = -1;
+	warn ("accept");
+	close (data), data = -1;
 	return (NULL);
     }
-    close(data);
+    close (data);
     data = s;
 #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
     tos = IPTOS_THROUGHPUT;
-    if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
-	warn("setsockopt TOS (ignored)");
+    if (setsockopt (s, IPPROTO_IP, IP_TOS, (char *) &tos, sizeof (int)) < 0)
+	warn ("setsockopt TOS (ignored)");
 #endif
-    return (fdopen(data, lmode));
+    return (fdopen (data, lmode));
 }
 
 void
-ptransfer(char *direction, long int bytes, 
-	  struct timeval *t0, struct timeval *t1)
+ptransfer (char *direction, long int bytes,
+	   struct timeval * t0, struct timeval * t1)
 {
     struct timeval td;
     float s;
     float bs;
     int prec;
     char *unit;
-    
+
     if (verbose) {
 	td.tv_sec = t1->tv_sec - t0->tv_sec;
 	td.tv_usec = t1->tv_usec - t0->tv_usec;
-	if(td.tv_usec < 0){
+	if (td.tv_usec < 0) {
 	    td.tv_sec--;
 	    td.tv_usec += 1000000;
 	}
 	s = td.tv_sec + (td.tv_usec / 1000000.);
-	bs = bytes / (s?s:1);
-	if(bs >= 1048576){
+	bs = bytes / (s ? s : 1);
+	if (bs >= 1048576) {
 	    bs /= 1048576;
 	    unit = "M";
 	    prec = 2;
-	}else if(bs >= 1024){
+	} else if (bs >= 1024) {
 	    bs /= 1024;
 	    unit = "k";
 	    prec = 1;
-	}else{
+	} else {
 	    unit = "";
 	    prec = 0;
 	}
-	
-	printf("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
-	       bytes, direction, s, prec, bs, unit);
+
+	printf ("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
+		bytes, direction, s, prec, bs, unit);
     }
 }
 
 void
-psabort(int sig)
+psabort (int sig)
 {
 
     abrtflag++;
 }
 
 void
-pswitch(int flag)
+pswitch (int flag)
 {
     sighand oldintr;
     static struct comvars {
@@ -1357,7 +1354,7 @@ pswitch(int flag)
     struct comvars *ip, *op;
 
     abrtflag = 0;
-    oldintr = signal(SIGINT, psabort);
+    oldintr = signal (SIGINT, psabort);
     if (flag) {
 	if (proxy)
 	    return;
@@ -1374,8 +1371,7 @@ pswitch(int flag)
     ip->connect = connected;
     connected = op->connect;
     if (hostname) {
-	strncpy(ip->name, hostname, sizeof(ip->name) - 1);
-	ip->name[strlen(ip->name)] = '\0';
+	strcpy_truncate (ip->name, hostname, sizeof (ip->name));
     } else
 	ip->name[0] = 0;
     hostname = op->name;
@@ -1401,48 +1397,44 @@ pswitch(int flag)
     mcase = op->mcse;
     ip->ntflg = ntflag;
     ntflag = op->ntflg;
-    strncpy(ip->nti, ntin, 16);
-    (ip->nti)[strlen(ip->nti)] = '\0';
-    strcpy(ntin, op->nti);
-    strncpy(ip->nto, ntout, 16);
-    (ip->nto)[strlen(ip->nto)] = '\0';
-    strcpy(ntout, op->nto);
+    strcpy_truncate (ip->nti, ntin, sizeof (ip->nti));
+    strcpy_truncate (ntin, op->nti, 17);
+    strcpy_truncate (ip->nto, ntout, sizeof (ip->nto));
+    strcpy_truncate (ntout, op->nto, 17);
     ip->mapflg = mapflag;
     mapflag = op->mapflg;
-    strncpy(ip->mi, mapin, MaxPathLen - 1);
-    (ip->mi)[strlen(ip->mi)] = '\0';
-    strcpy(mapin, op->mi);
-    strncpy(ip->mo, mapout, MaxPathLen - 1);
-    (ip->mo)[strlen(ip->mo)] = '\0';
-    strcpy(mapout, op->mo);
+    strcpy_truncate (ip->mi, mapin, MaxPathLen);
+    strcpy_truncate (mapin, op->mi, MaxPathLen);
+    strcpy_truncate (ip->mo, mapout, MaxPathLen);
+    strcpy_truncate (mapout, op->mo, MaxPathLen);
     signal(SIGINT, oldintr);
     if (abrtflag) {
 	abrtflag = 0;
-	(*oldintr)(SIGINT);
+	(*oldintr) (SIGINT);
     }
 }
 
 void
-abortpt(int sig)
+abortpt (int sig)
 {
 
-    printf("\n");
-    fflush(stdout);
+    printf ("\n");
+    fflush (stdout);
     ptabflg++;
     mflag = 0;
     abrtflag = 0;
-    longjmp(ptabort, 1);
+    longjmp (ptabort, 1);
 }
 
 void
-proxtrans(char *cmd, char *local, char *remote)
+proxtrans (char *cmd, char *local, char *remote)
 {
     sighand oldintr;
     int secndflag = 0, prox_type, nfnd;
     char *cmd2;
     fd_set mask;
 
-    if (strcmp(cmd, "RETR"))
+    if (strcmp (cmd, "RETR"))
 	cmd2 = "RETR";
     else
 	cmd2 = runique ? "STOU" : "STOR";
@@ -1453,148 +1445,147 @@ proxtrans(char *cmd, char *local, char *remote)
 	    prox_type = TYPE_A;
     }
     if (curtype != prox_type)
-	changetype(prox_type, 1);
-    if (command("PASV") != COMPLETE) {
-	printf("proxy server does not support third party transfers.\n");
+	changetype (prox_type, 1);
+    if (command ("PASV") != COMPLETE) {
+	printf ("proxy server does not support third party transfers.\n");
 	return;
     }
-    pswitch(0);
+    pswitch (0);
     if (!connected) {
-	printf("No primary connection\n");
-	pswitch(1);
+	printf ("No primary connection\n");
+	pswitch (1);
 	code = -1;
 	return;
     }
     if (curtype != prox_type)
-	changetype(prox_type, 1);
-    if (command("PORT %s", pasv) != COMPLETE) {
-	pswitch(1);
+	changetype (prox_type, 1);
+    if (command ("PORT %s", pasv) != COMPLETE) {
+	pswitch (1);
 	return;
     }
-    if (setjmp(ptabort))
+    if (setjmp (ptabort))
 	goto abort;
-    oldintr = signal(SIGINT, abortpt);
-    if (command("%s %s", cmd, remote) != PRELIM) {
-	signal(SIGINT, oldintr);
-	pswitch(1);
+    oldintr = signal (SIGINT, abortpt);
+    if (command ("%s %s", cmd, remote) != PRELIM) {
+	signal (SIGINT, oldintr);
+	pswitch (1);
 	return;
     }
-    sleep(2);
-    pswitch(1);
+    sleep (2);
+    pswitch (1);
     secndflag++;
-    if (command("%s %s", cmd2, local) != PRELIM)
+    if (command ("%s %s", cmd2, local) != PRELIM)
 	goto abort;
     ptflag++;
-    getreply(0);
-    pswitch(0);
-    getreply(0);
-    signal(SIGINT, oldintr);
-    pswitch(1);
+    getreply (0);
+    pswitch (0);
+    getreply (0);
+    signal (SIGINT, oldintr);
+    pswitch (1);
     ptflag = 0;
-    printf("local: %s remote: %s\n", local, remote);
+    printf ("local: %s remote: %s\n", local, remote);
     return;
 abort:
-    signal(SIGINT, SIG_IGN);
+    signal (SIGINT, SIG_IGN);
     ptflag = 0;
-    if (strcmp(cmd, "RETR") && !proxy)
-	pswitch(1);
-    else if (!strcmp(cmd, "RETR") && proxy)
-	pswitch(0);
-    if (!cpend && !secndflag) {  /* only here if cmd = "STOR" (proxy=1) */
-	if (command("%s %s", cmd2, local) != PRELIM) {
-	    pswitch(0);
+    if (strcmp (cmd, "RETR") && !proxy)
+	pswitch (1);
+    else if (!strcmp (cmd, "RETR") && proxy)
+	pswitch (0);
+    if (!cpend && !secndflag) {	/* only here if cmd = "STOR" (proxy=1) */
+	if (command ("%s %s", cmd2, local) != PRELIM) {
+	    pswitch (0);
 	    if (cpend)
-		abort_remote((FILE *) NULL);
+		abort_remote ((FILE *) NULL);
 	}
-	pswitch(1);
+	pswitch (1);
 	if (ptabflg)
 	    code = -1;
-	signal(SIGINT, oldintr);
+	signal (SIGINT, oldintr);
 	return;
     }
     if (cpend)
-	abort_remote((FILE *) NULL);
-    pswitch(!proxy);
-    if (!cpend && !secndflag) {  /* only if cmd = "RETR" (proxy=1) */
-	if (command("%s %s", cmd2, local) != PRELIM) {
-	    pswitch(0);
+	abort_remote ((FILE *) NULL);
+    pswitch (!proxy);
+    if (!cpend && !secndflag) {	/* only if cmd = "RETR" (proxy=1) */
+	if (command ("%s %s", cmd2, local) != PRELIM) {
+	    pswitch (0);
 	    if (cpend)
-		abort_remote((FILE *) NULL);
-	    pswitch(1);
+		abort_remote ((FILE *) NULL);
+	    pswitch (1);
 	    if (ptabflg)
 		code = -1;
-	    signal(SIGINT, oldintr);
+	    signal (SIGINT, oldintr);
 	    return;
 	}
     }
     if (cpend)
-	abort_remote((FILE *) NULL);
-    pswitch(!proxy);
+	abort_remote ((FILE *) NULL);
+    pswitch (!proxy);
     if (cpend) {
-	FD_ZERO(&mask);
-	FD_SET(fileno(cin), &mask);
-	if ((nfnd = empty(&mask, 10)) <= 0) {
+	FD_ZERO (&mask);
+	FD_SET (fileno (cin), &mask);
+	if ((nfnd = empty (&mask, 10)) <= 0) {
 	    if (nfnd < 0) {
-		warn("abort");
+		warn ("abort");
 	    }
 	    if (ptabflg)
 		code = -1;
-	    lostpeer(0);
+	    lostpeer (0);
 	}
-	getreply(0);
-	getreply(0);
+	getreply (0);
+	getreply (0);
     }
     if (proxy)
-	pswitch(0);
-    pswitch(1);
+	pswitch (0);
+    pswitch (1);
     if (ptabflg)
 	code = -1;
-    signal(SIGINT, oldintr);
+    signal (SIGINT, oldintr);
 }
 
 void
-reset(int argc, char **argv)
+reset (int argc, char **argv)
 {
     fd_set mask;
     int nfnd = 1;
 
-    FD_ZERO(&mask);
+    FD_ZERO (&mask);
     while (nfnd > 0) {
-	FD_SET(fileno(cin), &mask);
-	if ((nfnd = empty(&mask,0)) < 0) {
-	    warn("reset");
+	FD_SET (fileno (cin), &mask);
+	if ((nfnd = empty (&mask, 0)) < 0) {
+	    warn ("reset");
 	    code = -1;
 	    lostpeer(0);
-	}
-	else if (nfnd) {
+	} else if (nfnd) {
 	    getreply(0);
 	}
     }
 }
 
 char *
-gunique(char *local)
+gunique (char *local)
 {
     static char new[MaxPathLen];
-    char *cp = strrchr(local, '/');
-    int d, count=0;
+    char *cp = strrchr (local, '/');
+    int d, count = 0;
     char ext = '1';
 
     if (cp)
 	*cp = '\0';
-    d = access(cp ? local : ".", 2);
+    d = access (cp ? local : ".", 2);
     if (cp)
 	*cp = '/';
     if (d < 0) {
-	warn("local: %s", local);
+	warn ("local: %s", local);
 	return NULL;
     }
-    strcpy(new, local);
+    strcpy_truncate (new, local, sizeof(new));
     cp = new + strlen(new);
     *cp++ = '.';
     while (!d) {
 	if (++count == 100) {
-	    printf("runique: can't find unique file name.\n");
+	    printf ("runique: can't find unique file name.\n");
 	    return NULL;
 	}
 	*cp++ = ext;
@@ -1603,7 +1594,7 @@ gunique(char *local)
 	    ext = '0';
 	else
 	    ext++;
-	if ((d = access(new, 0)) < 0)
+	if ((d = access (new, 0)) < 0)
 	    break;
 	if (ext != '0')
 	    cp--;
@@ -1618,7 +1609,7 @@ gunique(char *local)
 }
 
 void
-abort_remote(FILE *din)
+abort_remote (FILE * din)
 {
     char buf[BUFSIZ];
     int nfnd;
@@ -1628,31 +1619,31 @@ abort_remote(FILE *din)
      * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
      * after urgent byte rather than before as is protocol now
      */
-    snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC);
-    if (send(fileno(cout), buf, 3, MSG_OOB) != 3)
-	warn("abort");
-    fprintf(cout,"%cABOR\r\n", DM);
-    fflush(cout);
-    FD_ZERO(&mask);
-    FD_SET(fileno(cin), &mask);
-    if (din) { 
-	FD_SET(fileno(din), &mask);
-    }
-    if ((nfnd = empty(&mask, 10)) <= 0) {
+    snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
+    if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
+	warn ("abort");
+    fprintf (cout, "%cABOR\r\n", DM);
+    fflush (cout);
+    FD_ZERO (&mask);
+    FD_SET (fileno (cin), &mask);
+    if (din) {
+	FD_SET (fileno (din), &mask);
+    }
+    if ((nfnd = empty (&mask, 10)) <= 0) {
 	if (nfnd < 0) {
-	    warn("abort");
+	    warn ("abort");
 	}
 	if (ptabflg)
 	    code = -1;
-	lostpeer(0);
+	lostpeer (0);
     }
-    if (din && FD_ISSET(fileno(din), &mask)) {
-	while (read(fileno(din), buf, BUFSIZ) > 0)
-	    /* LOOP */;
+    if (din && FD_ISSET (fileno (din), &mask)) {
+	while (read (fileno (din), buf, BUFSIZ) > 0)
+	     /* LOOP */ ;
     }
-    if (getreply(0) == ERROR && code == 552) {
+    if (getreply (0) == ERROR && code == 552) {
 	/* 552 needed for nic style abort */
-	getreply(0);
+	getreply (0);
     }
-    getreply(0);
+    getreply (0);
 }
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
index 6ead793..5ae44b1 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: ftp_locl.h,v 1.29 1997/05/20 18:40:28 bg Exp $ */
+/* $Id: ftp_locl.h,v 1.33 1998/06/13 00:06:40 assar Exp $ */
 
 #ifndef __FTP_LOCL_H__
 #define __FTP_LOCL_H__
@@ -45,8 +45,6 @@
 #include <config.h>
 #endif
 
-#include <sys/cdefs.h>
-
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
@@ -121,7 +119,12 @@
 
 #ifdef SOCKS
 #include <socks.h>
-extern int LIBPREFIX(fclose)      __P((FILE *));
+extern int LIBPREFIX(fclose)      (FILE *);
+
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+
 #endif
 
 #include "ftp_var.h"
@@ -129,13 +132,9 @@ extern int LIBPREFIX(fclose)      __P((FILE *));
 #include "common.h"
 #include "pathnames.h"
 
-#include <des.h>
-
-#include <krb.h>
-
-#include "krb4.h"
-
 #include "roken.h"
+#include "security.h"
+#include <des.h> /* for des_read_pw_string */
 
 #if defined(__sun__) && !defined(__svr4)
 int fclose(FILE*);
diff --git a/crypto/kerberosIV/appl/ftp/ftp/gssapi.c b/crypto/kerberosIV/appl/ftp/ftp/gssapi.c
new file mode 100644
index 0000000..bc001a4
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/gssapi.c
@@ -0,0 +1,334 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <gssapi.h>
+
+RCSID("$Id: gssapi.c,v 1.7 1999/04/10 15:08:39 assar Exp $");
+
+struct gss_data {
+    gss_ctx_id_t context_hdl;
+    char *client_name;
+};
+
+static int
+gss_init(void *app_data)
+{
+    struct gss_data *d = app_data;
+    d->context_hdl = GSS_C_NO_CONTEXT;
+    return 0;
+}
+
+static int
+gss_check_prot(void *app_data, int level)
+{
+    if(level == prot_confidential)
+	return -1;
+    return 0;
+}
+
+static int
+gss_decode(void *app_data, void *buf, int len, int level)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    gss_qop_t qop_state;
+    int conf_state;
+    struct gss_data *d = app_data;
+
+    input.length = len;
+    input.value = buf;
+    maj_stat = gss_unwrap (&min_stat,
+			   d->context_hdl,
+			   &input,
+			   &output,
+			   &conf_state,
+			   &qop_state);
+    if(GSS_ERROR(maj_stat))
+	return -1;
+    memmove(buf, output.value, output.length);
+    return output.length;
+}
+
+static int
+gss_overhead(void *app_data, int level, int len)
+{
+    return 100; /* dunno? */
+}
+
+
+static int
+gss_encode(void *app_data, void *from, int length, int level, void **to)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc input, output;
+    int conf_state;
+    struct gss_data *d = app_data;
+
+    input.length = length;
+    input.value = from;
+    maj_stat = gss_wrap (&min_stat,
+			 d->context_hdl,
+			 level == prot_private,
+			 GSS_C_QOP_DEFAULT,
+			 &input,
+			 &conf_state,
+			 &output);
+    *to = output.value;
+    return output.length;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+static int
+gss_adat(void *app_data, void *buf, size_t len)
+{
+    char *p = NULL;
+    gss_buffer_desc input_token, output_token;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t client_name;
+    struct gss_data *d = app_data;
+
+    gss_channel_bindings_t bindings = malloc(sizeof(*bindings));
+    bindings->initiator_addrtype = GSS_C_AF_INET;
+    bindings->initiator_address.length = 4;
+    bindings->initiator_address.value = &his_addr.sin_addr;
+    bindings->acceptor_addrtype = GSS_C_AF_INET;
+    bindings->acceptor_address.length = 4;
+    bindings->acceptor_address.value = &ctrl_addr.sin_addr;
+    bindings->application_data.length = 0;
+    bindings->application_data.value = NULL;
+
+    input_token.value = buf;
+    input_token.length = len;
+    
+    maj_stat = gss_accept_sec_context (&min_stat,
+				       &d->context_hdl,
+				       GSS_C_NO_CREDENTIAL,
+				       &input_token,
+				       bindings,
+				       &client_name,
+				       NULL,
+				       &output_token,
+				       NULL,
+				       NULL,
+				       NULL);
+
+    if(output_token.length) {
+	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
+	    reply(535, "Out of memory base64-encoding.");
+	    return -1;
+	}
+    }
+    if(maj_stat == GSS_S_COMPLETE){
+	char *name;
+	gss_buffer_desc export_name;
+	maj_stat = gss_export_name(&min_stat, client_name, &export_name);
+	if(maj_stat != 0) {
+	    reply(500, "Error exporting name");
+	    goto out;
+	}
+	name = realloc(export_name.value, export_name.length + 1);
+	if(name == NULL) {
+	    reply(500, "Out of memory");
+	    free(export_name.value);
+	    goto out;
+	}
+	name[export_name.length] = '\0';
+	d->client_name = name;
+	if(p)
+	    reply(235, "ADAT=%s", p);
+	else
+	    reply(235, "ADAT Complete");
+	sec_complete = 1;
+
+    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
+	if(p)
+	    reply(335, "ADAT=%s", p);
+	else
+	    reply(335, "OK, need more data");
+    } else
+	reply(535, "foo?");
+out:
+    free(p);
+    return 0;
+}
+
+int gss_userok(void*, char*);
+
+struct sec_server_mech gss_server_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init, /* init */
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+    /* */
+    NULL,
+    gss_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    gss_userok
+};
+
+#else /* FTP_SERVER */
+
+extern struct sockaddr_in hisctladdr, myctladdr;
+
+static int
+gss_auth(void *app_data, char *host)
+{
+    
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc name;
+    gss_name_t target_name;
+    gss_buffer_desc input, output_token;
+    int context_established = 0;
+    char *p;
+    int n;
+    gss_channel_bindings_t bindings;
+    struct gss_data *d = app_data;
+	    
+    name.length = asprintf((char**)&name.value, "ftp@%s", host);
+    maj_stat = gss_import_name(&min_stat,
+			       &name,
+			       GSS_C_NT_HOSTBASED_SERVICE,
+			       &target_name);
+    free(name.value);
+    
+
+    input.length = 0;
+    input.value = NULL;
+
+    bindings = malloc(sizeof(*bindings));
+    bindings->initiator_addrtype = GSS_C_AF_INET;
+    bindings->initiator_address.length = 4;
+    bindings->initiator_address.value = &myctladdr.sin_addr;
+    bindings->acceptor_addrtype = GSS_C_AF_INET;
+    bindings->acceptor_address.length = 4;
+    bindings->acceptor_address.value = &hisctladdr.sin_addr;
+    bindings->application_data.length = 0;
+    bindings->application_data.value = NULL;
+
+    while(!context_established) {
+	maj_stat = gss_init_sec_context(&min_stat,
+					GSS_C_NO_CREDENTIAL,
+					&d->context_hdl,
+					target_name,
+					GSS_C_NO_OID,
+					GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
+					0,
+					bindings,
+					&input,
+					NULL,
+					&output_token,
+					NULL,
+					NULL);
+	if (GSS_ERROR(maj_stat)) {
+	    int new_stat;
+	    int msg_ctx = 0;
+	    gss_buffer_desc status_string;
+	    
+	    gss_display_status(&new_stat,
+			       min_stat,
+			       GSS_C_MECH_CODE,
+			       GSS_C_NO_OID,
+			       &msg_ctx,
+			       &status_string);
+	    printf("Error initializing security context: %s\n", 
+		   (char*)status_string.value);
+	    gss_release_buffer(&new_stat, &status_string);
+	    return AUTH_CONTINUE;
+	}
+
+	gss_release_buffer(&min_stat, &input);
+	if (output_token.length != 0) {
+	    base64_encode(output_token.value, output_token.length, &p);
+	    gss_release_buffer(&min_stat, &output_token);
+	    n = command("ADAT %s", p);
+	    free(p);
+	}
+	if (GSS_ERROR(maj_stat)) {
+	    if (d->context_hdl != GSS_C_NO_CONTEXT)
+		gss_delete_sec_context (&min_stat,
+					&d->context_hdl,
+					GSS_C_NO_BUFFER);
+	    break;
+	}
+	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+	    p = strstr(reply_string, "ADAT=");
+	    if(p == NULL){
+		printf("Error: expected ADAT in reply.\n");
+		return AUTH_ERROR;
+	    } else {
+		p+=5;
+		input.value = malloc(strlen(p));
+		input.length = base64_decode(p, input.value);
+	    }
+	} else {
+	    if(code != 235) {
+		printf("Unrecognized response code: %d\n", code);
+		return AUTH_ERROR;
+	    }
+	    context_established = 1;
+	}
+    }
+    return AUTH_OK;
+}
+
+struct sec_client_mech gss_client_mech = {
+    "GSSAPI",
+    sizeof(struct gss_data),
+    gss_init,
+    gss_auth,
+    NULL, /* end */
+    gss_check_prot,
+    gss_overhead,
+    gss_encode,
+    gss_decode,
+};
+
+#endif /* FTP_SERVER */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/kauth.c b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
index 8bc9b9b..434dfb8 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/kauth.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/kauth.c
@@ -37,9 +37,11 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: kauth.c,v 1.14 1997/05/11 04:08:04 assar Exp $");
+#include <krb.h>
+RCSID("$Id: kauth.c,v 1.17 1998/03/26 02:55:38 joda Exp $");
 
-void kauth(int argc, char **argv)
+void
+kauth(int argc, char **argv)
 {
     int ret;
     char buf[1024];
@@ -120,7 +122,11 @@ void kauth(int argc, char **argv)
     memset(key, 0, sizeof(key));
     memset(schedule, 0, sizeof(schedule));
     memset(passwd, 0, sizeof(passwd));
-    base64_encode(tktcopy.dat, tktcopy.length, &p);
+    if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
+	printf("Out of memory base64-encoding.\n");
+	code = -1;
+	return;
+    }
     memset (tktcopy.dat, 0, tktcopy.length);
     ret = command("SITE KAUTH %s %s", name, p);
     free(p);
@@ -131,7 +137,8 @@ void kauth(int argc, char **argv)
     code = 0;
 }
 
-void klist(int argc, char **argv)
+void
+klist(int argc, char **argv)
 {
     int ret;
     if(argc != 1){
@@ -143,3 +150,45 @@ void klist(int argc, char **argv)
     ret = command("SITE KLIST");
     code = (ret == COMPLETE);
 }
+
+void
+kdestroy(int argc, char **argv)
+{
+    int ret;
+    if (argc != 1) {
+	printf("usage: %s\n", argv[0]);
+	code = -1;
+	return;
+    }
+    ret = command("SITE KDESTROY");
+    code = (ret == COMPLETE);
+}
+
+void
+krbtkfile(int argc, char **argv)
+{
+    int ret;
+    if(argc != 2) {
+	printf("usage: %s tktfile\n", argv[0]);
+	code = -1;
+	return;
+    }
+    ret = command("SITE KRBTKFILE %s", argv[1]);
+    code = (ret == COMPLETE);
+}
+
+void
+afslog(int argc, char **argv)
+{
+    int ret;
+    if(argc > 2) {
+	printf("usage: %s [cell]\n", argv[0]);
+	code = -1;
+	return;
+    }
+    if(argc == 2)
+	ret = command("SITE AFSLOG %s", argv[1]);
+    else
+	ret = command("SITE AFSLOG");
+    code = (ret == COMPLETE);
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.c b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
index 872c5bc..5b9b9b8 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/krb4.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,532 +36,260 @@
  * SUCH DAMAGE.
  */
 
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
 #include "ftp_locl.h"
-
-RCSID("$Id: krb4.c,v 1.18 1997/05/11 04:08:05 assar Exp $");
-
-static KTEXT_ST krb4_adat;
-
-static des_cblock key;
-static des_key_schedule schedule;
-
-static char *data_buffer;
-
-extern struct sockaddr_in hisctladdr, myctladdr;
-
-int auth_complete;
-
-static int command_prot;
-
-static int auth_pbsz;
-static int data_prot;
-
-static int request_data_prot;
-
-
-static struct {
-    int level;
-    char *name;
-} level_names[] = {
-    { prot_clear, "clear" },
-    { prot_safe, "safe" },
-    { prot_confidential, "confidential" },
-    { prot_private, "private" }
+#endif
+#include <krb.h>
+
+RCSID("$Id: krb4.c,v 1.30 1999/06/15 03:50:28 assar Exp $");
+
+#ifdef FTP_SERVER
+#define LOCAL_ADDR ctrl_addr
+#define REMOTE_ADDR his_addr
+#else
+#define LOCAL_ADDR myctladdr
+#define REMOTE_ADDR hisctladdr
+#endif
+extern struct sockaddr_in LOCAL_ADDR, REMOTE_ADDR;
+
+struct krb4_data {
+    des_cblock key;
+    des_key_schedule schedule;
+    char name[ANAME_SZ];
+    char instance[INST_SZ];
+    char realm[REALM_SZ];
 };
 
-static char *level_to_name(int level)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(level_names[i].level == level)
-	    return level_names[i].name;
-    return "unknown";
-}
-
-static int name_to_level(char *name)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(!strncasecmp(level_names[i].name, name, strlen(name)))
-	    return level_names[i].level;
-    return -1;
-}
-
-void sec_status(void)
-{
-    if(auth_complete){
-	printf("Using KERBEROS_V4 for authentication.\n");
-
-	command_prot = prot_private; /* this variable is not used */
-
-	printf("Using %s command channel.\n", 
-	       level_to_name(command_prot));
-
-	printf("Using %s data channel.\n", 
-	       level_to_name(data_prot));
-	if(auth_pbsz > 0)
-	    printf("Protection buffer size: %d.\n", auth_pbsz);
-    }else{
-	printf("Not using any security mechanism.\n");
-    }
-}
-
 static int
-sec_prot_internal(int level)
+krb4_check_prot(void *app_data, int level)
 {
-    int ret;
-    char *p;
-    int s = 1048576;
-
-    int old_verbose = verbose;
-    verbose = 0;
-
-    if(!auth_complete){
-	printf("No security data exchange has taken place.\n");
+    if(level == prot_confidential)
 	return -1;
-    }
-
-    if(level){
-	ret = command("PBSZ %d", s);
-	if(ret != COMPLETE){
-	    printf("Failed to set protection buffer size.\n");
-	    return -1;
-	}
-	auth_pbsz = s;
-	p = strstr(reply_string, "PBSZ=");
-	if(p)
-	    sscanf(p, "PBSZ=%d", &s);
-	if(s < auth_pbsz)
-	    auth_pbsz = s;
-	if(data_buffer)
-	    free(data_buffer);
-	data_buffer = malloc(auth_pbsz);
-    }
-    verbose = old_verbose;
-    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
-    if(ret != COMPLETE){
-	printf("Failed to set protection level.\n");
-	return -1;
-    }
-    
-    data_prot = level;
     return 0;
 }
 
-
-void
-sec_prot(int argc, char **argv)
+static int
+krb4_decode(void *app_data, void *buf, int len, int level)
 {
-    int level = -1;
-
-    if(argc != 2){
-	printf("usage: %s (clear | safe | confidential | private)\n",
-	       argv[0]);
-	code = -1;
-	return;
-    }
-    if(!auth_complete){
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-    level = name_to_level(argv[1]);
-    
-    if(level == -1){
-	printf("usage: %s (clear | safe | confidential | private)\n",
-	       argv[0]);
-	code = -1;
-	return;
-    }
+    MSG_DAT m;
+    int e;
+    struct krb4_data *d = app_data;
     
-    if(level == prot_confidential){
-	printf("Confidential protection is not defined with Kerberos.\n");
-	code = -1;
-	return;
-    }
-
-    if(sec_prot_internal(level) < 0){
-	code = -1;
-	return;
-    }
-    code = 0;
-}
-
-void
-sec_set_protection_level(void)
-{
-    if(auth_complete && data_prot != request_data_prot)
-	sec_prot_internal(request_data_prot);
-}
-
-
-int
-sec_request_prot(char *level)
-{
-    int l = name_to_level(level);
-    if(l == -1)
-	return -1;
-    request_data_prot = l;
-    return 0;
-}
-
-
-int sec_getc(FILE *F)
-{
-    if(auth_complete && data_prot)
-	return krb4_getc(F);
+    if(level == prot_safe)
+	e = krb_rd_safe(buf, len, &d->key, &REMOTE_ADDR, &LOCAL_ADDR, &m);
     else
-	return getc(F);
+	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
+			&REMOTE_ADDR, &LOCAL_ADDR, &m);
+    if(e){
+	return -1;
+    }
+    memmove(buf, m.app_data, m.app_length);
+    return m.app_length;
 }
 
-int sec_read(int fd, void *data, int length)
+static int
+krb4_overhead(void *app_data, int level, int len)
 {
-    if(auth_complete && data_prot)
-	return krb4_read(fd, data, length);
-    else
-	return read(fd, data, length);
+    return 31;
 }
 
 static int
-krb4_recv(int fd)
+krb4_encode(void *app_data, void *from, int length, int level, void **to)
 {
-    int len;
-    MSG_DAT m;
-    int kerror;
-    
-    krb_net_read(fd, &len, sizeof(len));
-    len = ntohl(len);
-    krb_net_read(fd, data_buffer, len);
-    if(data_prot == prot_safe)
-	kerror = krb_rd_safe(data_buffer, len, &key, 
-			     &hisctladdr, &myctladdr, &m);
+    struct krb4_data *d = app_data;
+    *to = malloc(length + 31);
+    if(level == prot_safe)
+	return krb_mk_safe(from, *to, length, &d->key, 
+			   &LOCAL_ADDR, &REMOTE_ADDR);
+    else if(level == prot_private)
+	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
+			   &LOCAL_ADDR, &REMOTE_ADDR);
     else
-	kerror = krb_rd_priv(data_buffer, len, schedule, &key, 
-			     &hisctladdr, &myctladdr, &m);
-    if(kerror){
 	return -1;
-    }
-    memmove(data_buffer, m.app_data, m.app_length);
-    return m.app_length;
 }
 
+#ifdef FTP_SERVER
 
-int krb4_getc(FILE *F)
+static int
+krb4_adat(void *app_data, void *buf, size_t len)
 {
-    static int bytes;
-    static int index;
-    if(bytes == 0){
-	bytes = krb4_recv(fileno(F));
-	index = 0;
-    }
-    if(bytes){
-	bytes--;
-	return (unsigned char)data_buffer[index++];
+    KTEXT_ST tkt;
+    AUTH_DAT auth_dat;
+    char *p;
+    int kerror;
+    u_int32_t cs;
+    char msg[35]; /* size of encrypted block */
+    int tmp_len;
+    struct krb4_data *d = app_data;
+    char inst[INST_SZ];
+
+    memcpy(tkt.dat, buf, len);
+    tkt.length = len;
+
+    k_getsockinst(0, inst, sizeof(inst));
+    kerror = krb_rd_req(&tkt, "ftp", inst, 
+			his_addr.sin_addr.s_addr, &auth_dat, "");
+    if(kerror == RD_AP_UNDEC){
+	k_getsockinst(0, inst, sizeof(inst));
+	kerror = krb_rd_req(&tkt, "rcmd", inst, 
+			    his_addr.sin_addr.s_addr, &auth_dat, "");
     }
-    return EOF;
-}
-
-int krb4_read(int fd, char *data, int length)
-{
-    static int left;
-    static int index;
-    static int eof;
-    int len = left;
-    int rx = 0;
 
-    if(eof){
-	eof = 0;
-	return 0;
+    if(kerror){
+	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+	return -1;
     }
     
-    if(left){
-	if(length < len)
-	    len = length;
-	memmove(data, data_buffer + index, len);
-	length -= len;
-	index += len;
-	rx += len;
-	left -= len;
+    memcpy(d->key, auth_dat.session, sizeof(d->key));
+    des_set_key(&d->key, d->schedule);
+
+    strcpy_truncate(d->name, auth_dat.pname, sizeof(d->name));
+    strcpy_truncate(d->instance, auth_dat.pinst, sizeof(d->instance));
+    strcpy_truncate(d->realm, auth_dat.prealm, sizeof(d->instance));
+
+    cs = auth_dat.checksum + 1;
+    {
+	unsigned char tmp[4];
+	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
+	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, &LOCAL_ADDR, &REMOTE_ADDR);
     }
-    
-    while(length){
-	len = krb4_recv(fd);
-	if(len == 0){
-	    if(rx)
-		eof = 1;
-	    return rx;
-	}
-	if(len > length){
-	    left = len - length;
-	    len = index = length;
-	}
-	memmove(data, data_buffer, len);
-	length -= len;
-	data += len;
-	rx += len;
+    if(tmp_len < 0){
+	reply(535, "Error creating reply: %s.", strerror(errno));
+	return -1;
     }
-    return rx;
-}
-
-
-static int
-krb4_encode(char *from, char *to, int length)
-{
-    if(data_prot == prot_safe)
-	return krb_mk_safe(from, to, length, &key, 
-			   &myctladdr, &hisctladdr);
-    else
-	return krb_mk_priv(from, to, length, schedule, &key, 
-			   &myctladdr, &hisctladdr);
-}
-
-static int
-krb4_overhead(int len)
-{
-    if(data_prot == prot_safe)
-	return 31;
-    else
-	return 26;
-}
-
-static char p_buf[1024];
-static int p_index;
-
-int
-sec_putc(int c, FILE *F)
-{
-    if(data_prot){
-	if((c == '\n' && p_index) || p_index == sizeof(p_buf)){
-	    sec_write(fileno(F), p_buf, p_index);
-	    p_index = 0;
-	}
-	p_buf[p_index++] = c;
-	return c;
+    len = tmp_len;
+    if(base64_encode(msg, len, &p) < 0) {
+	reply(535, "Out of memory base64-encoding.");
+	return -1;
     }
-    return putc(c, F);
+    reply(235, "ADAT=%s", p);
+    sec_complete = 1;
+    free(p);
+    return 0;
 }
 
 static int
-sec_send(int fd, char *from, int length)
+krb4_userok(void *app_data, char *user)
 {
-    int bytes;
-    bytes = krb4_encode(from, data_buffer, length);
-    bytes = htonl(bytes);
-    krb_net_write(fd, &bytes, sizeof(bytes));
-    krb_net_write(fd, data_buffer, ntohl(bytes));
-    return length;
+    struct krb4_data *d = app_data;
+    return krb_kuserok(d->name, d->instance, d->realm, user);
 }
 
-int
-sec_fflush(FILE *F)
-{
-    if(data_prot){
-	if(p_index){
-	    sec_write(fileno(F), p_buf, p_index);
-	    p_index = 0;
-	}
-	sec_send(fileno(F), NULL, 0);
-    }
-    fflush(F);
-    return 0;
-}
+struct sec_server_mech krb4_server_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    NULL, /* init */
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode,
+    /* */
+    NULL,
+    krb4_adat,
+    NULL, /* pbsz */
+    NULL, /* ccc */
+    krb4_userok
+};
 
-int
-sec_write(int fd, char *data, int length)
-{
-    int len = auth_pbsz;
-    int tx = 0;
-      
-    if(data_prot == prot_clear)
-	return write(fd, data, length);
-
-    len -= krb4_overhead(len);
-    while(length){
-	if(length < len)
-	    len = length;
-	sec_send(fd, data, len);
-	length -= len;
-	data += len;
-	tx += len;
-    }
-    return tx;
-}
+#else /* FTP_SERVER */
 
 static int
-do_auth(char *service, char *host, int checksum)
+mk_auth(struct krb4_data *d, KTEXT adat, 
+	char *service, char *host, int checksum)
 {
     int ret;
     CREDENTIALS cred;
     char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-    strcpy(sname, service);
-    strcpy(inst, krb_get_phost(host));
-    strcpy(realm, krb_realmofhost(host));
-    ret = krb_mk_req(&krb4_adat, sname, inst, realm, checksum);
+
+    strcpy_truncate(sname, service, sizeof(sname));
+    strcpy_truncate(inst, krb_get_phost(host), sizeof(inst));
+    strcpy_truncate(realm, krb_realmofhost(host), sizeof(realm));
+    ret = krb_mk_req(adat, sname, inst, realm, checksum);
     if(ret)
 	return ret;
-    strcpy(sname, service);
-    strcpy(inst, krb_get_phost(host));
-    strcpy(realm, krb_realmofhost(host));
+    strcpy_truncate(sname, service, sizeof(sname));
+    strcpy_truncate(inst, krb_get_phost(host), sizeof(inst));
+    strcpy_truncate(realm, krb_realmofhost(host), sizeof(realm));
     ret = krb_get_cred(sname, inst, realm, &cred);
-    memmove(&key, &cred.session, sizeof(des_cblock));
-    des_key_sched(&key, schedule);
+    memmove(&d->key, &cred.session, sizeof(des_cblock));
+    des_key_sched(&d->key, d->schedule);
     memset(&cred, 0, sizeof(cred));
     return ret;
 }
 
-
-int
-do_klogin(char *host)
+static int
+krb4_auth(void *app_data, char *host)
 {
     int ret;
     char *p;
     int len;
-    char adat[1024];
+    KTEXT_ST adat;
     MSG_DAT msg_data;
     int checksum;
-
-    int old_verbose = verbose;
-
-    verbose = 0;
-    printf("Trying KERBEROS_V4...\n");
-    ret = command("AUTH KERBEROS_V4");
-    if(ret != CONTINUE){
-	if(code == 504){
-	    printf("Kerberos 4 is not supported by the server.\n");
-	}else if(code == 534){
-	    printf("KERBEROS_V4 rejected as security mechanism.\n");
-	}else if(ret == ERROR)
-	    printf("The server doesn't understand the FTP "
-		   "security extensions.\n");
-	verbose = old_verbose;
-	return -1;
-    }
+    u_int32_t cs;
+    struct krb4_data *d = app_data;
 
     checksum = getpid();
-    ret = do_auth("ftp", host, checksum);
+    ret = mk_auth(d, &adat, "ftp", host, checksum);
     if(ret == KDC_PR_UNKNOWN)
-	ret = do_auth("rcmd", host, checksum);
+	ret = mk_auth(d, &adat, "rcmd", host, checksum);
     if(ret){
 	printf("%s\n", krb_get_err_text(ret));
-	verbose = old_verbose;
-	return ret;
+	return AUTH_CONTINUE;
     }
 
-    base64_encode(krb4_adat.dat, krb4_adat.length, &p);
+    if(base64_encode(adat.dat, adat.length, &p) < 0) {
+	printf("Out of memory base64-encoding.\n");
+	return AUTH_CONTINUE;
+    }
     ret = command("ADAT %s", p);
     free(p);
 
     if(ret != COMPLETE){
 	printf("Server didn't accept auth data.\n");
-	verbose = old_verbose;
-	return -1;
+	return AUTH_ERROR;
     }
 
     p = strstr(reply_string, "ADAT=");
     if(!p){
 	printf("Remote host didn't send adat reply.\n");
-	verbose = old_verbose;
-	return -1;
+	return AUTH_ERROR;
     }
-    p+=5;
-    len = base64_decode(p, adat);
+    p += 5;
+    len = base64_decode(p, adat.dat);
     if(len < 0){
 	printf("Failed to decode base64 from server.\n");
-	verbose = old_verbose;
-	return -1;
+	return AUTH_ERROR;
     }
-    ret = krb_rd_safe(adat, len, &key, 
+    adat.length = len;
+    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
 		      &hisctladdr, &myctladdr, &msg_data);
     if(ret){
 	printf("Error reading reply from server: %s.\n", 
 	       krb_get_err_text(ret));
-	verbose = old_verbose;
-	return -1;
+	return AUTH_ERROR;
     }
-    { 
-	/* the draft doesn't tell what size the return has */
-	int i;
-	u_int32_t cs = 0;
-	for(i = 0; i < msg_data.app_length; i++)
-	    cs = (cs<<8) + msg_data.app_data[i];
-	if(cs - checksum != 1){
-	    printf("Bad checksum returned from server.\n");
-	    verbose = old_verbose;
-	    return -1;
-	}
+    krb_get_int(msg_data.app_data, &cs, 4, 0);
+    if(cs - checksum != 1){
+	printf("Bad checksum returned from server.\n");
+	return AUTH_ERROR;
     }
-    auth_complete = 1;
-    verbose = old_verbose;
-    return 0;
-}
-
-void
-krb4_quit(void)
-{
-  auth_complete = 0;
-}
-
-int krb4_write_enc(FILE *F, char *fmt, va_list ap)
-{
-    int len;
-    char *p;
-    char buf[1024];
-    char enc[1024];
-
-    vsnprintf(buf, sizeof(buf), fmt, ap);
-    len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key, 
-		      &myctladdr, &hisctladdr);
-    base64_encode(enc, len, &p);
-
-    fprintf(F, "ENC %s", p);
-    free (p);
-    return 0;
+    return AUTH_OK;
 }
 
+struct sec_client_mech krb4_client_mech = {
+    "KERBEROS_V4",
+    sizeof(struct krb4_data),
+    NULL, /* init */
+    krb4_auth,
+    NULL, /* end */
+    krb4_check_prot,
+    krb4_overhead,
+    krb4_encode,
+    krb4_decode
+};
 
-int krb4_read_msg(char *s, int priv)
-{
-    int len;
-    int ret;
-    char buf[1024];
-    MSG_DAT m;
-    int code;
-    
-    len = base64_decode(s + 4, buf);
-    if(priv)
-	ret = krb_rd_priv(buf, len, schedule, &key, 
-			  &hisctladdr, &myctladdr, &m);
-    else
-	ret = krb_rd_safe(buf, len, &key, &hisctladdr, &myctladdr, &m);
-    if(ret){
-	printf("%s\n", krb_get_err_text(ret));
-	return -1;
-    }
-	
-    m.app_data[m.app_length] = 0;
-    if(m.app_data[3] == '-')
-      code = 0;
-    else
-      sscanf((char*)m.app_data, "%d", &code);
-    strncpy(s, (char*)m.app_data, strlen((char*)m.app_data));
-    
-    s[m.app_length] = 0;
-    len = strlen(s);
-    if(s[len-1] == '\n')
-	s[len-1] = 0;
-    
-    return code;
-}
-
-int
-krb4_read_mic(char *s)
-{
-    return krb4_read_msg(s, 0);
-}
-
-int
-krb4_read_enc(char *s)
-{
-    return krb4_read_msg(s, 1);
-}
-
+#endif /* FTP_SERVER */
diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c
index 4d1b6a5..5b0fe36 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/main.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/main.c
@@ -36,7 +36,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: main.c,v 1.20 1997/04/20 16:14:55 joda Exp $");
+RCSID("$Id: main.c,v 1.25 1999/05/08 02:22:09 assar Exp $");
 
 int
 main(int argc, char **argv)
@@ -54,8 +54,9 @@ main(int argc, char **argv)
 	doglob = 1;
 	interactive = 1;
 	autologin = 1;
+	passivemode = 0; /* passive mode not active */
 
-	while ((ch = getopt(argc, argv, "dgintv")) != EOF) {
+	while ((ch = getopt(argc, argv, "dginptv")) != EOF) {
 		switch (ch) {
 		case 'd':
 			options |= SO_DEBUG;
@@ -74,6 +75,9 @@ main(int argc, char **argv)
 			autologin = 0;
 			break;
 
+		case 'p':
+		        passivemode = 1;
+			break;
 		case 't':
 			trace++;
 			break;
@@ -84,7 +88,7 @@ main(int argc, char **argv)
 
 		default:
 		    fprintf(stderr,
-			    "usage: ftp [-dgintv] [host [port]]\n");
+			    "usage: ftp [-dginptv] [host [port]]\n");
 		    exit(1);
 		}
 	}
@@ -96,7 +100,6 @@ main(int argc, char **argv)
 		verbose++;
 	cpend = 0;	/* no pending replies */
 	proxy = 0;	/* proxy not active */
-	passivemode = 0; /* passive mode not active */
 	crflag = 1;	/* strip c.r. on ascii gets */
 	sendport = -1;	/* not using ports */
 	/*
@@ -104,8 +107,8 @@ main(int argc, char **argv)
 	 */
 	pw = k_getpwuid(getuid());
 	if (pw != NULL) {
+		strcpy_truncate(homedir, pw->pw_dir, sizeof(homedir));
 		home = homedir;
-		strcpy(home, pw->pw_dir);
 	}
 	if (argc > 0) {
 	    char *xargv[5];
@@ -174,6 +177,7 @@ lostpeer(int sig)
     }
     proxflag = 0;
     pswitch(0);
+    sec_end();
     SIGRETURN(0);
 }
 
@@ -242,8 +246,7 @@ cmdscanner(int top)
 	    p = readline("ftp> ");
 	    if(p == NULL)
 		quit(0, 0);
-	    strncpy(line, p, sizeof(line));
-	    line[sizeof(line) - 1] = 0;
+	    strcpy_truncate(line, p, sizeof(line));
 	    add_history(p);
 	    free(p);
 	} else{
@@ -337,12 +340,16 @@ makeargv(void)
 	for (margc = 0; ; margc++) {
 		/* Expand array if necessary */
 		if (margc == margvlen) {
+			int i;
+
 			margv = (margvlen == 0)
 				? (char **)malloc(20 * sizeof(char *))
 				: (char **)realloc(margv,
 					(margvlen + 20)*sizeof(char *));
 			if (margv == NULL)
 				errx(1, "cannot realloc argv array");
+			for(i = margvlen; i < margvlen + 20; ++i)
+				margv[i] = NULL;
 			margvlen += 20;
 			argp = margv + margc;
 		}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
index 8cea6d4..043e6fb 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
@@ -32,7 +32,7 @@
  */
 
 #include "ftp_locl.h"
-RCSID("$Id: ruserpass.c,v 1.10 1997/05/02 14:27:55 assar Exp $");
+RCSID("$Id: ruserpass.c,v 1.15 1999/03/11 13:54:58 joda Exp $");
 
 static	int token (void);
 static	FILE *cfile;
@@ -63,175 +63,213 @@ static struct toktab {
 	{ NULL,		0 }
 };
 
+/*
+ * Write a copy of the hostname into `hostname, sz' and return a guess
+ * as to the `domain' of that hostname.
+ */
+
+static char *
+guess_domain (char *hostname, size_t sz)
+{
+    struct hostent *he;
+    char *dot;
+    char *a;
+    char **aliases;
+
+    if (gethostname (hostname, sz) < 0) {
+	strcpy_truncate (hostname, "", sz);
+	return "";
+    }
+    dot = strchr (hostname, '.');
+    if (dot != NULL)
+	return dot + 1;
+
+    he = gethostbyname (hostname);
+    if (he == NULL)
+	return hostname;
+
+    dot = strchr (he->h_name, '.');
+    if (dot != NULL) {
+	strcpy_truncate (hostname, he->h_name, sz);
+	return dot + 1;
+    }
+    for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) {
+	dot = strchr (a, '.');
+	if (dot != NULL) {
+	    strcpy_truncate (hostname, a, sz);
+	    return dot + 1;
+	}
+    }
+    return hostname;
+}
+
 int
 ruserpass(char *host, char **aname, char **apass, char **aacct)
 {
-	char *hdir, buf[BUFSIZ], *tmp;
-	int t, i, c, usedefault = 0;
-	struct stat stb;
+    char *hdir, buf[BUFSIZ], *tmp;
+    int t, i, c, usedefault = 0;
+    struct stat stb;
 
-	if(k_gethostname(myhostname, MaxHostNameLen) < 0)
-	    strcpy(myhostname, "");
-	if((mydomain = strchr(myhostname, '.')) == NULL)
-	    mydomain = myhostname;
-	else
-	    mydomain++;
-	hdir = getenv("HOME");
-	if (hdir == NULL)
-		hdir = ".";
-	snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
-	cfile = fopen(buf, "r");
-	if (cfile == NULL) {
-		if (errno != ENOENT)
-			warn("%s", buf);
-		return (0);
-	}
+    mydomain = guess_domain (myhostname, MaxHostNameLen);
+
+    hdir = getenv("HOME");
+    if (hdir == NULL)
+	hdir = ".";
+    snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+    cfile = fopen(buf, "r");
+    if (cfile == NULL) {
+	if (errno != ENOENT)
+	    warn("%s", buf);
+	return (0);
+    }
 
 next:
-	while ((t = token())) switch(t) {
+    while ((t = token())) switch(t) {
 
-	case DEFAULT:
-		usedefault = 1;
-		/* FALL THROUGH */
+    case DEFAULT:
+	usedefault = 1;
+	/* FALL THROUGH */
 
-	case MACH:
-		if (!usedefault) {
-			if (token() != ID)
-				continue;
-			/*
-			 * Allow match either for user's input host name
-			 * or official hostname.  Also allow match of 
-			 * incompletely-specified host in local domain.
-			 */
-			if (strcasecmp(host, tokval) == 0)
-				goto match;
-			if (strcasecmp(hostname, tokval) == 0)
-				goto match;
-			if ((tmp = strchr(hostname, '.')) != NULL &&
-			    tmp++ &&
-			    strcasecmp(tmp, mydomain) == 0 &&
-			    strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
-			    tokval[tmp - hostname] == '\0')
-				goto match;
-			if ((tmp = strchr(host, '.')) != NULL &&
-			    tmp++ &&
-			    strcasecmp(tmp, mydomain) == 0 &&
-			    strncasecmp(host, tokval, tmp - host) == 0 &&
-			    tokval[tmp - host] == '\0')
-				goto match;
-			continue;
-		}
-	match:
-		while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+    case MACH:
+	if (!usedefault) {
+	    if (token() != ID)
+		continue;
+	    /*
+	     * Allow match either for user's input host name
+	     * or official hostname.  Also allow match of 
+	     * incompletely-specified host in local domain.
+	     */
+	    if (strcasecmp(host, tokval) == 0)
+		goto match;
+	    if (strcasecmp(hostname, tokval) == 0)
+		goto match;
+	    if ((tmp = strchr(hostname, '.')) != NULL &&
+		tmp++ &&
+		strcasecmp(tmp, mydomain) == 0 &&
+		strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
+		tokval[tmp - hostname] == '\0')
+		goto match;
+	    if ((tmp = strchr(host, '.')) != NULL &&
+		tmp++ &&
+		strcasecmp(tmp, mydomain) == 0 &&
+		strncasecmp(host, tokval, tmp - host) == 0 &&
+		tokval[tmp - host] == '\0')
+		goto match;
+	    continue;
+	}
+    match:
+	while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
 
-		case LOGIN:
-			if (token())
-				if (*aname == 0) { 
-					*aname = strdup(tokval);
-				} else {
-					if (strcmp(*aname, tokval))
-						goto next;
-				}
-			break;
-		case PASSWD:
-			if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
-			    fstat(fileno(cfile), &stb) >= 0 &&
-			    (stb.st_mode & 077) != 0) {
-	warnx("Error: .netrc file is readable by others.");
-	warnx("Remove password or make file unreadable by others.");
-				goto bad;
-			}
-			if (token() && *apass == 0) {
-				*apass = strdup(tokval);
-			}
-			break;
-		case ACCOUNT:
-			if (fstat(fileno(cfile), &stb) >= 0
-			    && (stb.st_mode & 077) != 0) {
-	warnx("Error: .netrc file is readable by others.");
-	warnx("Remove account or make file unreadable by others.");
-				goto bad;
-			}
-			if (token() && *aacct == 0) {
-				*aacct = strdup(tokval);
-			}
-			break;
-		case MACDEF:
-			if (proxy) {
-				fclose(cfile);
-				return (0);
-			}
-			while ((c=getc(cfile)) != EOF && c == ' ' || c == '\t');
-			if (c == EOF || c == '\n') {
-				printf("Missing macdef name argument.\n");
-				goto bad;
-			}
-			if (macnum == 16) {
-				printf("Limit of 16 macros have already been defined\n");
-				goto bad;
-			}
-			tmp = macros[macnum].mac_name;
-			*tmp++ = c;
-			for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
-			    !isspace(c); ++i) {
-				*tmp++ = c;
-			}
-			if (c == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-				goto bad;
-			}
-			*tmp = '\0';
-			if (c != '\n') {
-				while ((c=getc(cfile)) != EOF && c != '\n');
-			}
-			if (c == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-				goto bad;
-			}
-			if (macnum == 0) {
-				macros[macnum].mac_start = macbuf;
-			}
-			else {
-				macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
-			}
-			tmp = macros[macnum].mac_start;
-			while (tmp != macbuf + 4096) {
-				if ((c=getc(cfile)) == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-					goto bad;
-				}
-				*tmp = c;
-				if (*tmp == '\n') {
-					if (*(tmp-1) == '\0') {
-					   macros[macnum++].mac_end = tmp - 1;
-					   break;
-					}
-					*tmp = '\0';
-				}
-				tmp++;
-			}
-			if (tmp == macbuf + 4096) {
-				printf("4K macro buffer exceeded\n");
-				goto bad;
-			}
-			break;
-		case PROT:
-		    token();
-		    if(sec_request_prot(tokval) < 0)
-			warnx("Unknown protection level \"%s\"", tokval);
-		    break;
-		default:
-			warnx("Unknown .netrc keyword %s", tokval);
+	case LOGIN:
+	    if (token()) {
+		if (*aname == 0) { 
+		    *aname = strdup(tokval);
+		} else {
+		    if (strcmp(*aname, tokval))
+			goto next;
+		}
+	    }
+	    break;
+	case PASSWD:
+	    if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
+		fstat(fileno(cfile), &stb) >= 0 &&
+		(stb.st_mode & 077) != 0) {
+		warnx("Error: .netrc file is readable by others.");
+		warnx("Remove password or make file unreadable by others.");
+		goto bad;
+	    }
+	    if (token() && *apass == 0) {
+		*apass = strdup(tokval);
+	    }
+	    break;
+	case ACCOUNT:
+	    if (fstat(fileno(cfile), &stb) >= 0
+		&& (stb.st_mode & 077) != 0) {
+		warnx("Error: .netrc file is readable by others.");
+		warnx("Remove account or make file unreadable by others.");
+		goto bad;
+	    }
+	    if (token() && *aacct == 0) {
+		*aacct = strdup(tokval);
+	    }
+	    break;
+	case MACDEF:
+	    if (proxy) {
+		fclose(cfile);
+		return (0);
+	    }
+	    while ((c=getc(cfile)) != EOF && 
+		   (c == ' ' || c == '\t'));
+	    if (c == EOF || c == '\n') {
+		printf("Missing macdef name argument.\n");
+		goto bad;
+	    }
+	    if (macnum == 16) {
+		printf("Limit of 16 macros have already been defined\n");
+		goto bad;
+	    }
+	    tmp = macros[macnum].mac_name;
+	    *tmp++ = c;
+	    for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
+		     !isspace(c); ++i) {
+		*tmp++ = c;
+	    }
+	    if (c == EOF) {
+		printf("Macro definition missing null line terminator.\n");
+		goto bad;
+	    }
+	    *tmp = '\0';
+	    if (c != '\n') {
+		while ((c=getc(cfile)) != EOF && c != '\n');
+	    }
+	    if (c == EOF) {
+		printf("Macro definition missing null line terminator.\n");
+		goto bad;
+	    }
+	    if (macnum == 0) {
+		macros[macnum].mac_start = macbuf;
+	    }
+	    else {
+		macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
+	    }
+	    tmp = macros[macnum].mac_start;
+	    while (tmp != macbuf + 4096) {
+		if ((c=getc(cfile)) == EOF) {
+		    printf("Macro definition missing null line terminator.\n");
+		    goto bad;
+		}
+		*tmp = c;
+		if (*tmp == '\n') {
+		    if (*(tmp-1) == '\0') {
+			macros[macnum++].mac_end = tmp - 1;
 			break;
+		    }
+		    *tmp = '\0';
 		}
-		goto done;
+		tmp++;
+	    }
+	    if (tmp == macbuf + 4096) {
+		printf("4K macro buffer exceeded\n");
+		goto bad;
+	    }
+	    break;
+	case PROT:
+	    token();
+	    if(sec_request_prot(tokval) < 0)
+		warnx("Unknown protection level \"%s\"", tokval);
+	    break;
+	default:
+	    warnx("Unknown .netrc keyword %s", tokval);
+	    break;
 	}
+	goto done;
+    }
 done:
-	fclose(cfile);
-	return (0);
+    fclose(cfile);
+    return (0);
 bad:
-	fclose(cfile);
-	return (-1);
+    fclose(cfile);
+    return (-1);
 }
 
 static int
diff --git a/crypto/kerberosIV/appl/ftp/ftp/security.c b/crypto/kerberosIV/appl/ftp/ftp/security.c
new file mode 100644
index 0000000..96d598f
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/security.c
@@ -0,0 +1,730 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+
+RCSID("$Id: security.c,v 1.8 1999/04/07 14:16:48 joda Exp $");
+
+static enum protection_level command_prot;
+static enum protection_level data_prot;
+static size_t buffer_size;
+
+struct buffer {
+    void *data;
+    size_t size;
+    size_t index;
+    int eof_flag;
+};
+
+static struct buffer in_buffer, out_buffer;
+int sec_complete;
+
+static struct {
+    enum protection_level level;
+    const char *name;
+} level_names[] = {
+    { prot_clear, "clear" },
+    { prot_safe, "safe" },
+    { prot_confidential, "confidential" },
+    { prot_private, "private" }
+};
+
+static const char *
+level_to_name(enum protection_level level)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(level_names[i].level == level)
+	    return level_names[i].name;
+    return "unknown";
+}
+
+#ifndef FTP_SERVER /* not used in server */
+static enum protection_level 
+name_to_level(const char *name)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(!strncasecmp(level_names[i].name, name, strlen(name)))
+	    return level_names[i].level;
+    return (enum protection_level)-1;
+}
+#endif
+
+#ifdef FTP_SERVER
+
+static struct sec_server_mech *mechs[] = {
+#ifdef KRB5
+    &gss_server_mech,
+#endif
+#ifdef KRB4
+    &krb4_server_mech,
+#endif
+    NULL
+};
+
+static struct sec_server_mech *mech;
+
+#else
+
+static struct sec_client_mech *mechs[] = {
+#ifdef KRB5
+    &gss_client_mech,
+#endif
+#ifdef KRB4
+    &krb4_client_mech,
+#endif
+    NULL
+};
+
+static struct sec_client_mech *mech;
+
+#endif
+
+static void *app_data;
+
+int
+sec_getc(FILE *F)
+{
+    if(sec_complete && data_prot) {
+	char c;
+	if(sec_read(fileno(F), &c, 1) == 0)
+	    return EOF;
+	return c;
+    } else
+	return getc(F);
+}
+
+static int
+block_read(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = read(fd, p, len);
+	if(b <= 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+block_write(int fd, void *buf, size_t len)
+{
+    unsigned char *p = buf;
+    int b;
+    while(len) {
+	b = write(fd, p, len);
+	if(b < 0)
+	    return -1;
+	len -= b;
+	p += b;
+    }
+    return p - (unsigned char*)buf;
+}
+
+static int
+sec_get_data(int fd, struct buffer *buf, int level)
+{
+    int len;
+    
+    if(block_read(fd, &len, sizeof(len)) < 0)
+	return -1;
+    len = ntohl(len);
+    buf->data = realloc(buf->data, len);
+    if(block_read(fd, buf->data, len) < 0)
+	return -1;
+    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
+    buf->index = 0;
+    return 0;
+}
+
+static size_t
+buffer_read(struct buffer *buf, void *data, size_t len)
+{
+    len = min(len, buf->size - buf->index);
+    memcpy(data, (char*)buf->data + buf->index, len);
+    buf->index += len;
+    return len;
+}
+
+static size_t
+buffer_write(struct buffer *buf, void *data, size_t len)
+{
+    if(buf->index + len > buf->size) {
+	void *tmp;
+	if(buf->data == NULL)
+	    tmp = malloc(1024);
+	else
+	    tmp = realloc(buf->data, buf->index + len);
+	if(tmp == NULL)
+	    return -1;
+	buf->data = tmp;
+	buf->size = buf->index + len;
+    }
+    memcpy((char*)buf->data + buf->index, data, len);
+    buf->index += len;
+    return len;
+}
+
+int
+sec_read(int fd, void *data, int length)
+{
+    size_t len;
+    int rx = 0;
+
+    if(sec_complete == 0 || data_prot == 0)
+	return read(fd, data, length);
+
+    if(in_buffer.eof_flag){
+	in_buffer.eof_flag = 0;
+	return 0;
+    }
+    
+    len = buffer_read(&in_buffer, data, length);
+    length -= len;
+    rx += len;
+    data = (char*)data + len;
+    
+    while(length){
+	if(sec_get_data(fd, &in_buffer, data_prot) < 0)
+	    return -1;
+	if(in_buffer.size == 0) {
+	    if(rx)
+		in_buffer.eof_flag = 1;
+	    return rx;
+	}
+	len = buffer_read(&in_buffer, data, length);
+	length -= len;
+	rx += len;
+	data = (char*)data + len;
+    }
+    return rx;
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+    int bytes;
+    void *buf;
+    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
+    bytes = htonl(bytes);
+    block_write(fd, &bytes, sizeof(bytes));
+    block_write(fd, buf, ntohl(bytes));
+    free(buf);
+    return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+    if(data_prot != prot_clear) {
+	if(out_buffer.index > 0){
+	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	    out_buffer.index = 0;
+	}
+	sec_send(fileno(F), NULL, 0);
+    }
+    fflush(F);
+    return 0;
+}
+
+int
+sec_write(int fd, char *data, int length)
+{
+    int len = buffer_size;
+    int tx = 0;
+      
+    if(data_prot == prot_clear)
+	return write(fd, data, length);
+
+    len -= (*mech->overhead)(app_data, data_prot, len);
+    while(length){
+	if(length < len)
+	    len = length;
+	sec_send(fd, data, len);
+	length -= len;
+	data += len;
+	tx += len;
+    }
+    return tx;
+}
+
+int
+sec_putc(int c, FILE *F)
+{
+    char ch = c;
+    if(data_prot == prot_clear)
+	return putc(c, F);
+    
+    buffer_write(&out_buffer, &ch, 1);
+    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
+	sec_write(fileno(F), out_buffer.data, out_buffer.index);
+	out_buffer.index = 0;
+    }
+    return c;
+}
+
+int
+sec_read_msg(char *s, int level)
+{
+    int len;
+    char *buf;
+    int code;
+    
+    buf = malloc(strlen(s));
+    len = base64_decode(s + 4, buf); /* XXX */
+    
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len < 0)
+	return -1;
+    
+    buf[len] = '\0';
+
+    if(buf[3] == '-')
+	code = 0;
+    else
+	sscanf(buf, "%d", &code);
+    if(buf[len-1] == '\n')
+	buf[len-1] = '\0';
+    strcpy(s, buf);
+    free(buf);
+    return code;
+}
+
+int
+sec_vfprintf(FILE *f, const char *fmt, va_list ap)
+{
+    char *buf;
+    void *enc;
+    int len;
+    if(!sec_complete)
+	return vfprintf(f, fmt, ap);
+    
+    vasprintf(&buf, fmt, ap);
+    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
+    free(buf);
+    if(len < 0) {
+	printf("Failed to encode command.\n");
+	return -1;
+    }
+    if(base64_encode(enc, len, &buf) < 0){
+	printf("Out of memory base64-encoding.\n");
+	return -1;
+    }
+#ifdef FTP_SERVER
+    if(command_prot == prot_safe)
+	fprintf(f, "631 %s\r\n", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "632 %s\r\n", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "633 %s\r\n", buf);
+#else
+    if(command_prot == prot_safe)
+	fprintf(f, "MIC %s", buf);
+    else if(command_prot == prot_private)
+	fprintf(f, "ENC %s", buf);
+    else if(command_prot == prot_confidential)
+	fprintf(f, "CONF %s", buf);
+#endif
+    free(buf);
+    return 0;
+}
+
+int
+sec_fprintf(FILE *f, const char *fmt, ...)
+{
+    va_list ap;
+    int ret;
+    va_start(ap, fmt);
+    ret = sec_vfprintf(f, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+void
+auth(char *auth_name)
+{
+    int i;
+    for(i = 0; (mech = mechs[i]) != NULL; i++){
+	if(!strcasecmp(auth_name, mech->name)){
+	    app_data = realloc(app_data, mech->size);
+	    if(mech->init && (*mech->init)(app_data) != 0) {
+		reply(431, "Unable to accept %s at this time", mech->name);
+		return;
+	    }
+	    if(mech->auth) {
+		(*mech->auth)(app_data);
+		return;
+	    }
+	    if(mech->adat)
+		reply(334, "Send authorization data.");
+	    else
+		reply(234, "Authorization complete.");
+	    return;
+	}
+    }
+    free (app_data);
+    reply(504, "%s is unknown to me", auth_name);
+}
+
+void
+adat(char *auth_data)
+{
+    if(mech && !sec_complete) {
+	void *buf = malloc(strlen(auth_data));
+	size_t len;
+	len = base64_decode(auth_data, buf);
+	(*mech->adat)(app_data, buf, len);
+	free(buf);
+    } else
+	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
+}
+
+void pbsz(int size)
+{
+    size_t new = size;
+    if(!sec_complete)
+	reply(503, "Incomplete security data exchange.");
+    if(mech->pbsz)
+	new = (*mech->pbsz)(app_data, size);
+    if(buffer_size != new){
+	buffer_size = size;
+    }
+    if(new != size)
+	reply(200, "PBSZ=%lu", (unsigned long)new);
+    else
+	reply(200, "OK");
+}
+
+void
+prot(char *pl)
+{
+    int p = -1;
+
+    if(buffer_size == 0){
+	reply(503, "No protection buffer size negotiated.");
+	return;
+    }
+
+    if(!strcasecmp(pl, "C"))
+	p = prot_clear;
+    else if(!strcasecmp(pl, "S"))
+	p = prot_safe;
+    else if(!strcasecmp(pl, "E"))
+	p = prot_confidential;
+    else if(!strcasecmp(pl, "P"))
+	p = prot_private;
+    else {
+	reply(504, "Unrecognized protection level.");
+	return;
+    }
+    
+    if(sec_complete){
+	if((*mech->check_prot)(app_data, p)){
+	    reply(536, "%s does not support %s protection.", 
+		  mech->name, level_to_name(p));
+	}else{
+	    data_prot = (enum protection_level)p;
+	    reply(200, "Data protection is %s.", level_to_name(p));
+	}
+    }else{
+	reply(503, "Incomplete security data exchange.");
+    }
+}
+
+void ccc(void)
+{
+    if(sec_complete){
+	if(mech->ccc && (*mech->ccc)(app_data) == 0)
+	    command_prot = data_prot = prot_clear;
+	else
+	    reply(534, "You must be joking.");
+    }else
+	reply(503, "Incomplete security data exchange.");
+}
+
+void mec(char *msg, enum protection_level level)
+{
+    void *buf;
+    size_t len;
+    if(!sec_complete) {
+	reply(503, "Incomplete security data exchange.");
+	return;
+    }
+    buf = malloc(strlen(msg) + 2); /* XXX go figure out where that 2
+				      comes from :-) */
+    len = base64_decode(msg, buf);
+    command_prot = level;
+    if(len == (size_t)-1) {
+	reply(501, "Failed to base64-decode command");
+	return;
+    }
+    len = (*mech->decode)(app_data, buf, len, level);
+    if(len == (size_t)-1) {
+	reply(535, "Failed to decode command");
+	return;
+    }
+    ((char*)buf)[len] = '\0';
+    if(strstr((char*)buf, "\r\n") == NULL)
+	strcat((char*)buf, "\r\n");
+    new_ftp_command(buf);
+}
+
+/* ------------------------------------------------------------ */
+
+int
+sec_userok(char *user)
+{
+    if(sec_complete)
+	return (*mech->userok)(app_data, user);
+    return 0;
+}
+
+char *ftp_command;
+
+void
+new_ftp_command(char *command)
+{
+    ftp_command = command;
+}
+
+void
+delete_ftp_command(void)
+{
+    free(ftp_command);
+    ftp_command = NULL;
+}
+
+int
+secure_command(void)
+{
+    return ftp_command != NULL;
+}
+
+#else /* FTP_SERVER */
+
+void
+sec_status(void)
+{
+    if(sec_complete){
+	printf("Using %s for authentication.\n", mech->name);
+	printf("Using %s command channel.\n", level_to_name(command_prot));
+	printf("Using %s data channel.\n", level_to_name(data_prot));
+	if(buffer_size > 0)
+	    printf("Protection buffer size: %lu.\n", 
+		   (unsigned long)buffer_size);
+    }else{
+	printf("Not using any security mechanism.\n");
+    }
+}
+
+static int
+sec_prot_internal(int level)
+{
+    int ret;
+    char *p;
+    unsigned int s = 1048576;
+
+    int old_verbose = verbose;
+    verbose = 0;
+
+    if(!sec_complete){
+	printf("No security data exchange has taken place.\n");
+	return -1;
+    }
+
+    if(level){
+	ret = command("PBSZ %u", s);
+	if(ret != COMPLETE){
+	    printf("Failed to set protection buffer size.\n");
+	    return -1;
+	}
+	buffer_size = s;
+	p = strstr(reply_string, "PBSZ=");
+	if(p)
+	    sscanf(p, "PBSZ=%u", &s);
+	if(s < buffer_size)
+	    buffer_size = s;
+    }
+    verbose = old_verbose;
+    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+    if(ret != COMPLETE){
+	printf("Failed to set protection level.\n");
+	return -1;
+    }
+    
+    data_prot = (enum protection_level)level;
+    return 0;
+}
+
+void
+sec_prot(int argc, char **argv)
+{
+    int level = -1;
+
+    if(argc != 2){
+	printf("usage: %s (clear | safe | confidential | private)\n",
+	       argv[0]);
+	code = -1;
+	return;
+    }
+    if(!sec_complete){
+	printf("No security data exchange has taken place.\n");
+	code = -1;
+	return;
+    }
+    level = name_to_level(argv[1]);
+    
+    if(level == -1){
+	printf("usage: %s (clear | safe | confidential | private)\n",
+	       argv[0]);
+	code = -1;
+	return;
+    }
+    
+    if((*mech->check_prot)(app_data, level)) {
+	printf("%s does not implement %s protection.\n", 
+	       mech->name, level_to_name(level));
+	code = -1;
+	return;
+    }
+    
+    if(sec_prot_internal(level) < 0){
+	code = -1;
+	return;
+    }
+    code = 0;
+}
+
+static enum protection_level request_data_prot;
+
+void
+sec_set_protection_level(void)
+{
+    if(sec_complete && data_prot != request_data_prot)
+	sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+    int l = name_to_level(level);
+    if(l == -1)
+	return -1;
+    request_data_prot = (enum protection_level)l;
+    return 0;
+}
+
+int
+sec_login(char *host)
+{
+    int ret;
+    struct sec_client_mech **m;
+    int old_verbose = verbose;
+
+    verbose = -1; /* shut up all messages this will produce (they
+		     are usually not very user friendly) */
+    
+    for(m = mechs; *m && (*m)->name; m++) {
+	app_data = realloc(app_data, (*m)->size);
+	if((*m)->init && (*(*m)->init)(app_data) != 0) {
+	    printf("Skipping %s...\n", (*m)->name);
+	    continue;
+	}
+	printf("Trying %s...\n", (*m)->name);
+	ret = command("AUTH %s", (*m)->name);
+	if(ret != CONTINUE){
+	    if(code == 504){
+		printf("%s is not supported by the server.\n", (*m)->name);
+	    }else if(code == 534){
+		printf("%s rejected as security mechanism.\n", (*m)->name);
+	    }else if(ret == ERROR) {
+		printf("The server doesn't support the FTP "
+		       "security extensions.\n");
+		verbose = old_verbose;
+		return -1;
+	    }
+	    continue;
+	}
+
+	ret = (*(*m)->auth)(app_data, host);
+	
+	if(ret == AUTH_CONTINUE)
+	    continue;
+	else if(ret != AUTH_OK){
+	    /* mechanism is supposed to output error string */
+	    verbose = old_verbose;
+	    return -1;
+	}
+	mech = *m;
+	sec_complete = 1;
+	command_prot = prot_safe;
+	break;
+    }
+    
+    verbose = old_verbose;
+    return *m == NULL;
+}
+
+void
+sec_end(void)
+{
+    if (mech != NULL) {
+	if(mech->end)
+	    (*mech->end)(app_data);
+	memset(app_data, 0, mech->size);
+	free(app_data);
+    }
+    sec_complete = 0;
+    data_prot = (enum protection_level)0;
+}
+
+#endif /* FTP_SERVER */
+
diff --git a/crypto/kerberosIV/appl/ftp/ftp/security.h b/crypto/kerberosIV/appl/ftp/ftp/security.h
new file mode 100644
index 0000000..adac689
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftp/security.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: security.h,v 1.3 1999/04/07 14:15:20 joda Exp $ */
+
+#ifndef __security_h__
+#define __security_h__
+
+enum protection_level { 
+    prot_clear, 
+    prot_safe, 
+    prot_confidential, 
+    prot_private 
+};
+
+struct sec_client_mech {
+    char *name;
+    size_t size;
+    int (*init)(void *);
+    int (*auth)(void *, char*);
+    void (*end)(void *);
+    int (*check_prot)(void *, int);
+    int (*overhead)(void *, int, int);
+    int (*encode)(void *, void*, int, int, void**);
+    int (*decode)(void *, void*, int, int);
+};
+
+struct sec_server_mech {
+    char *name;
+    size_t size;
+    int (*init)(void *);
+    void (*end)(void *);
+    int (*check_prot)(void *, int);
+    int (*overhead)(void *, int, int);
+    int (*encode)(void *, void*, int, int, void**);
+    int (*decode)(void *, void*, int, int);
+
+    int (*auth)(void *);
+    int (*adat)(void *, void*, size_t);
+    size_t (*pbsz)(void *, size_t);
+    int (*ccc)(void*);
+    int (*userok)(void*, char*);
+};
+
+#define AUTH_OK		0
+#define AUTH_CONTINUE	1
+#define AUTH_ERROR	2
+
+#ifdef FTP_SERVER
+extern struct sec_server_mech krb4_server_mech, gss_server_mech;
+#else
+extern struct sec_client_mech krb4_client_mech, gss_client_mech;
+#endif
+
+extern int sec_complete;
+
+#ifdef FTP_SERVER
+extern char *ftp_command;
+void new_ftp_command(char*);
+void delete_ftp_command(void);
+#endif
+
+/* ---- */
+
+
+int sec_fflush (FILE *);
+int sec_fprintf (FILE *, const char *, ...);
+int sec_getc (FILE *);
+int sec_putc (int, FILE *);
+int sec_read (int, void *, int);
+int sec_read_msg (char *, int);
+int sec_vfprintf (FILE *, const char *, va_list);
+int sec_write (int, char *, int);
+
+#ifdef FTP_SERVER
+void adat (char *);
+void auth (char *);
+void ccc (void);
+void mec (char *, enum protection_level);
+void pbsz (int);
+void prot (char *);
+void delete_ftp_command (void);
+void new_ftp_command (char *);
+int sec_userok (char *);
+int secure_command (void);
+#else
+void sec_end (void);
+int sec_login (char *);
+void sec_prot (int, char **);
+int sec_request_prot (char *);
+void sec_set_protection_level (void);
+void sec_status (void);
+#endif
+
+#endif /* __security_h__ */  
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
new file mode 100644
index 0000000..187fca3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
@@ -0,0 +1,53 @@
+# $Id: Makefile.am,v 1.19 1999/04/25 13:24:55 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+
+libexec_PROGRAMS = ftpd
+
+CHECK_LOCAL = 
+
+if KRB4
+krb4_sources = krb4.c kauth.c
+endif
+if KRB5
+krb5_sources = gssapi.c gss_userok.c
+endif
+
+ftpd_SOURCES =		\
+	extern.h	\
+	ftpcmd.y	\
+	ftpd.c		\
+	ftpd_locl.h	\
+	logwtmp.c	\
+	pathnames.h	\
+	popen.c		\
+	security.c	\
+	$(krb4_sources) \
+	$(krb5_sources)
+
+EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
+
+$(ftpd_OBJECTS): security.h
+
+security.c:
+	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
+
+CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
+
+LDADD = ../common/libcommon.a \
+	$(LIB_kafs) \
+	$(LIB_gssapi) \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(LIB_otp) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_roken) \
+	$(DBLIB)
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
index 55981de..3b555a6 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
+++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
@@ -1,12 +1,12 @@
 # 
-# $Id: Makefile.in,v 1.31 1997/05/02 17:49:27 assar Exp $
+# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
 #
 
 srcdir		= @srcdir@
 top_srcdir	= @top_srcdir@
 VPATH		= @srcdir@
 
-topdir		= ../../..
+top_builddir	= ../../..
 
 SHELL		= /bin/sh
 
@@ -14,7 +14,8 @@ CC 	= @CC@
 YACC	= @YACC@
 RANLIB 	= @RANLIB@
 DEFS 	= @DEFS@
-CFLAGS 	= @CFLAGS@
+WFLAGS = @WFLAGS@
+CFLAGS 	= @CFLAGS@ $(WFLAGS)
 LD_FLAGS = @LD_FLAGS@
 LIBS	= @LIBS@
 LIB_DBM = @LIB_DBM@
@@ -23,6 +24,8 @@ MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 
+LN_S = @LN_S@
+
 prefix 	= @prefix@
 exec_prefix = @exec_prefix@
 libdir = @libdir@
@@ -39,31 +42,42 @@ LIBTOP = $(ATHENA)/lib
 LIBKAFS = @KRB_KAFS_LIB@
 LIBKRB	= -L$(LIBTOP)/krb -lkrb
 LIBDES	= -L$(LIBTOP)/des -ldes
-LIBOTP  = -L$(LIBTOP)/otp -lotp
+LIBOTP  = @LIB_otp@
 LIBROKEN= -L$(LIBTOP)/roken -lroken
 
 PROGS = ftpd$(EXECSUFFIX)
 
-ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c auth.c krb4.c kauth.c
-ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o auth.o krb4.o kauth.o
+ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c security.c krb4.c kauth.c
+ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o security.o krb4.o kauth.o
 
 SOURCES = $(ftpd_SOURCES)
 OBJECTS = $(ftpd_OBJS)
 
 all: $(PROGS)
 
+$(ftpd_OBJS): security.h
+
+security.c:
+	$(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+	$(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+	$(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+	$(LN_S) $(srcdir)/../ftp/gssapi.c .
+
 .c.o:
-	$(CC) -c $(CFLAGS) -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $<
+	$(CC) -c -DFTP_SERVER -I. -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 ftpd$(EXECSUFFIX): $(ftpd_OBJS)
@@ -77,8 +91,12 @@ ftpcmd.c: ftpcmd.y
 TAGS: $(SOURCES)
 	etags $(SOURCES)
 
+CLEANFILES = ftpd$(EXECSUFFIX) ftpcmd.c security.c security.h krb4.c gssapi.c
+
 clean cleandir:
-	rm -f *~ *.o core ftpd ftpcmd.c \#*
+	rm -f *~ *.o core \#* $(CLEANFILES)
 
 distclean: 
 	rm -f Makefile
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/extern.h b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
index f9b800f..e96809e 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/extern.h
+++ b/crypto/kerberosIV/appl/ftp/ftpd/extern.h
@@ -36,6 +36,9 @@
 #ifndef _EXTERN_H_
 #define _EXTERN_H_
 
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -49,8 +52,13 @@
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifndef NBBY
+#define NBBY CHAR_BIT
 #endif
 
 void	abor(void);
@@ -63,8 +71,8 @@ void	fatal(char *);
 int	filename_check(char *);
 int	ftpd_pclose(FILE *);
 FILE   *ftpd_popen(char *, char *, int, int);
-char   *getline(char *, int);
-void	logwtmp(char *, char *, char *);
+char   *ftpd_getline(char *, int);
+void	ftpd_logwtmp(char *, char *, char *);
 void	lreply(int, const char *, ...)
 #ifdef __GNUC__
 __attribute__ ((format (printf, 2, 3)))
@@ -105,6 +113,11 @@ void	yyerror(char *);
 
 void	kauth(char *, char*);
 void	klist(void);
+void	cond_kdestroy(void);
+void	kdestroy(void);
+void	krbtkfile(const char *tkfile);
+void	afslog(const char *cell);
+void	afsunlog(void);
 
 int	find(char *);
 
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
index 9368cdb..be36ea2 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
@@ -42,73 +42,15 @@
 
 %{
 
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: ftpcmd.y,v 1.35 1997/05/25 14:38:49 assar Exp $");
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_FTP_H
-#include <arpa/ftp.h>
-#endif
-
-#include <ctype.h>
-#include <errno.h>
-#include <glob.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <setjmp.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#include <time.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_BSD_BSD_H
-#include <bsd/bsd.h>
-#endif
-
-#include <roken.h>
-
-#ifdef SOCKS
-#include <socks.h>
-extern int LIBPREFIX(fclose)      __P((FILE *));
-#endif
-
-#include "extern.h"
-#include "auth.h"
+#include "ftpd_locl.h"
+RCSID("$Id: ftpcmd.y,v 1.48 1999/05/08 02:22:43 assar Exp $");
 
 off_t	restart_point;
 
 static	int cmd_type;
 static	int cmd_form;
 static	int cmd_bytesz;
-char	cbuf[512];
+char	cbuf[2048];
 char	*fromname;
 
 struct tab {
@@ -122,13 +64,13 @@ struct tab {
 extern struct tab cmdtab[];
 extern struct tab sitetab[];
 
-static char	*copy (char *);
-static void	 help (struct tab *, char *);
+static char		*copy (char *);
+static void		 help (struct tab *, char *);
 static struct tab *
-		 lookup (struct tab *, char *);
-static void	 sizecmd (char *);
-static void	 toolong (int);
-static int	 yylex (void);
+			 lookup (struct tab *, char *);
+static void		 sizecmd (char *);
+static RETSIGTYPE	 toolong (int);
+static int		 yylex (void);
 
 /* This is for bison */
 
@@ -154,7 +96,7 @@ static int	 yylex (void);
 	APPE	MLFL	MAIL	MSND	MSOM	MSAM
 	MRSQ	MRCP	ALLO	REST	RNFR	RNTO
 	ABOR	DELE	CWD	LIST	NLST	SITE
-	STAT	HELP	NOOP	MKD	RMD	PWD
+	sTAT	HELP	NOOP	MKD	RMD	PWD
 	CDUP	STOU	SMNT	SYST	SIZE	MDTM
 
 	UMASK	IDLE	CHMOD
@@ -162,14 +104,15 @@ static int	 yylex (void);
 	AUTH	ADAT	PROT	PBSZ	CCC	MIC
 	CONF	ENC
 
-	KAUTH	KLIST	FIND	URL
+	KAUTH	KLIST	KDESTROY KRBTKFILE AFSLOG
+	FIND	URL
 
 	LEXERR
 
 %token	<s> STRING
 %token	<i> NUMBER
 
-%type	<i> check_login check_login_no_guest octal_number byte_size
+%type	<i> check_login check_login_no_guest check_secure octal_number byte_size
 %type	<i> struct_code mode_code type_code form_code
 %type	<s> pathstring pathname password username
 
@@ -193,38 +136,6 @@ cmd
 			user($3);
 			free($3);
 		}
-	| AUTH SP STRING CRLF
-		{
-			auth($3);
-			free($3);
-		}
-	| ADAT SP STRING CRLF
-		{
-			adat($3);
-			free($3);
-		}
-	| PBSZ SP NUMBER CRLF
-		{
-			pbsz($3);
-		}
-	| PROT SP STRING CRLF
-		{
-			prot($3);
-		}
-	| CCC CRLF
-		{
-			ccc();
-		}
-	| MIC SP STRING CRLF
-		{
-			mic($3);
-			free($3);
-		}
-	| CONF SP STRING CRLF
-		{
-			conf($3);
-			free($3);
-		}
 	| PASS SP password CRLF
 		{
 			pass($3);
@@ -311,100 +222,102 @@ cmd
 		{
 			reply(202, "ALLO command ignored.");
 		}
-	| RETR check_login SP pathname CRLF
+	| RETR SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				retrieve((char *) 0, $4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				retrieve(0, $3);
+			if ($3 != NULL)
+				free($3);
 		}
-	| STOR check_login SP pathname CRLF
+	| STOR SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				do_store($4, "w", 0);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				do_store($3, "w", 0);
+			if ($3 != NULL)
+				free($3);
 		}
-	| APPE check_login SP pathname CRLF
+	| APPE SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				do_store($4, "a", 0);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				do_store($3, "a", 0);
+			if ($3 != NULL)
+				free($3);
 		}
-	| NLST check_login CRLF
+	| NLST CRLF check_login
 		{
-			if ($2)
+			if ($3)
 				send_file_list(".");
 		}
-	| NLST check_login SP STRING CRLF
+	| NLST SP STRING CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				send_file_list($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				send_file_list($3);
+			if ($3 != NULL)
+				free($3);
 		}
-	| LIST check_login CRLF
+	| LIST CRLF check_login
 		{
 #ifdef HAVE_LS_A
 		  char *cmd = "/bin/ls -lA";
 #else
 		  char *cmd = "/bin/ls -la";
 #endif
-			if ($2)
+			if ($3)
 				retrieve(cmd, "");
 			
 		}
-	| LIST check_login SP pathname CRLF
+	| LIST SP pathname CRLF check_login
 		{
 #ifdef HAVE_LS_A
 		  char *cmd = "/bin/ls -lA %s";
 #else
 		  char *cmd = "/bin/ls -la %s";
 #endif
-			if ($2 && $4 != NULL)
-				retrieve(cmd, $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	| STAT check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				statfilecmd($4);
-			if ($4 != NULL)
-				free($4);
-		}
-	| STAT CRLF
-		{
-			if(oobflag){
-				if (file_size != (off_t) -1)
-					reply(213, "Status: %ld of %ld bytes transferred",
-						byte_count, file_size);
-				else
-					reply(213, "Status: %ld bytes transferred", byte_count);
-			}else
-				statcmd();
+			if ($5 && $3 != NULL)
+				retrieve(cmd, $3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| sTAT SP pathname CRLF check_login
+		{
+			if ($5 && $3 != NULL)
+				statfilecmd($3);
+			if ($3 != NULL)
+				free($3);
+		}
+	| sTAT CRLF
+		{
+		    if(oobflag){
+			if (file_size != (off_t) -1)
+			    reply(213, "Status: %lu of %lu bytes transferred",
+				  (unsigned long)byte_count, 
+				  (unsigned long)file_size);
+			else
+			    reply(213, "Status: %lu bytes transferred", 
+				  (unsigned long)byte_count);
+		    }else
+			statcmd();
 	}
-	| DELE check_login_no_guest SP pathname CRLF
+	| DELE SP pathname CRLF check_login_no_guest
 		{
-			if ($2 && $4 != NULL)
-				do_delete($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				do_delete($3);
+			if ($3 != NULL)
+				free($3);
 		}
-	| RNTO check_login_no_guest SP pathname CRLF
+	| RNTO SP pathname CRLF check_login_no_guest
 		{
-			if($2){
+			if($5){
 				if (fromname) {
-					renamecmd(fromname, $4);
+					renamecmd(fromname, $3);
 					free(fromname);
 					fromname = (char *) 0;
 				} else {
 					reply(503, "Bad sequence of commands.");
 				}
 			}
-			if ($4 != NULL)
-				free($4);
+			if ($3 != NULL)
+				free($3);
 		}
 	| ABOR CRLF
 		{
@@ -416,17 +329,17 @@ cmd
 			}else
 				reply(225, "ABOR command successful.");
 		}
-	| CWD check_login CRLF
+	| CWD CRLF check_login
 		{
-			if ($2)
+			if ($3)
 				cwd(pw->pw_dir);
 		}
-	| CWD check_login SP pathname CRLF
+	| CWD SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				cwd($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				cwd($3);
+			if ($3 != NULL)
+				free($3);
 		}
 	| HELP CRLF
 		{
@@ -451,28 +364,28 @@ cmd
 		{
 			reply(200, "NOOP command successful.");
 		}
-	| MKD check_login SP pathname CRLF
+	| MKD SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				makedir($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				makedir($3);
+			if ($3 != NULL)
+				free($3);
 		}
-	| RMD check_login_no_guest SP pathname CRLF
+	| RMD SP pathname CRLF check_login_no_guest
 		{
-			if ($2 && $4 != NULL)
-				removedir($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				removedir($3);
+			if ($3 != NULL)
+				free($3);
 		}
-	| PWD check_login CRLF
+	| PWD CRLF check_login
 		{
-			if ($2)
+			if ($3)
 				pwd();
 		}
-	| CDUP check_login CRLF
+	| CDUP CRLF check_login
 		{
-			if ($2)
+			if ($3)
 				cwd("..");
 		}
 	| SITE SP HELP CRLF
@@ -483,44 +396,40 @@ cmd
 		{
 			help(sitetab, $5);
 		}
-	| SITE SP UMASK check_login CRLF
+	| SITE SP UMASK CRLF check_login
 		{
-			int oldmask;
-
-			if ($4) {
-				oldmask = umask(0);
+			if ($5) {
+				int oldmask = umask(0);
 				umask(oldmask);
 				reply(200, "Current UMASK is %03o", oldmask);
 			}
 		}
-	| SITE SP UMASK check_login_no_guest SP octal_number CRLF
+	| SITE SP UMASK SP octal_number CRLF check_login_no_guest
 		{
-			int oldmask;
-
-			if ($4) {
-				if (($6 == -1) || ($6 > 0777)) {
+			if ($7) {
+				if (($5 == -1) || ($5 > 0777)) {
 					reply(501, "Bad UMASK value");
 				} else {
-					oldmask = umask($6);
+					int oldmask = umask($5);
 					reply(200,
-					    "UMASK set to %03o (was %03o)",
-					    $6, oldmask);
+					      "UMASK set to %03o (was %03o)",
+					      $5, oldmask);
 				}
 			}
 		}
-	| SITE SP CHMOD check_login_no_guest SP octal_number SP pathname CRLF
+	| SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest
 		{
-			if ($4 && $8 != NULL) {
-				if ($6 > 0777)
+			if ($9 && $7 != NULL) {
+				if ($5 > 0777)
 					reply(501,
 				"CHMOD: Mode value must be between 0 and 0777");
-				else if (chmod($8, $6) < 0)
-					perror_reply(550, $8);
+				else if (chmod($7, $5) < 0)
+					perror_reply(550, $7);
 				else
 					reply(200, "CHMOD command successful.");
 			}
-			if ($8 != NULL)
-				free($8);
+			if ($7 != NULL)
+				free($7);
 		}
 	| SITE SP IDLE CRLF
 		{
@@ -543,47 +452,102 @@ cmd
 			}
 		}
 
-	| SITE SP KAUTH check_login SP STRING CRLF
+	| SITE SP KAUTH SP STRING CRLF check_login
 		{
+#ifdef KRB4
 			char *p;
 			
 			if(guest)
 				reply(500, "Can't be done as guest.");
 			else{
-				if($4 && $6 != NULL){
-				    p = strpbrk($6, " \t");
+				if($7 && $5 != NULL){
+				    p = strpbrk($5, " \t");
 				    if(p){
 					*p++ = 0;
-					kauth($6, p + strspn(p, " \t"));
+					kauth($5, p + strspn(p, " \t"));
 				    }else
-					kauth($6, NULL);
+					kauth($5, NULL);
 				}
 			}
-			if($6 != NULL)
-			    free($6);
+			if($5 != NULL)
+			    free($5);
+#else
+			reply(500, "Command not implemented.");
+#endif
 		}
-	| SITE SP KLIST check_login CRLF
+	| SITE SP KLIST CRLF check_login
 		{
-		    if($4)
+#ifdef KRB4
+		    if($5)
 			klist();
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP KDESTROY CRLF check_login
+		{
+#ifdef KRB4
+		    if($5)
+			kdestroy();
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP KRBTKFILE SP STRING CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($7 && $5)
+			krbtkfile($5);
+		    if($5)
+			free($5);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP AFSLOG CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($5)
+			afslog(NULL);
+#else
+		    reply(500, "Command not implemented.");
+#endif
+		}
+	| SITE SP AFSLOG SP STRING CRLF check_login
+		{
+#ifdef KRB4
+		    if(guest)
+			reply(500, "Can't be done as guest.");
+		    else if($7){
+			afslog($5);
+		    }
+		    if($5)
+			free($5);
+#else
+		    reply(500, "Command not implemented.");
+#endif
 		}
-	| SITE SP FIND check_login SP STRING CRLF
+	| SITE SP FIND SP STRING CRLF check_login
 		{
-		    if($4 && $6 != NULL)
-			find($6);
-		    if($6 != NULL)
-			free($6);
+		    if($7 && $5 != NULL)
+			find($5);
+		    if($5 != NULL)
+			free($5);
 		}
 	| SITE SP URL CRLF
 		{
 			reply(200, "http://www.pdc.kth.se/kth-krb/");
 		}
-	| STOU check_login SP pathname CRLF
+	| STOU SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				do_store($4, "w", 1);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				do_store($3, "w", 1);
+			if ($3 != NULL)
+				free($3);
 		}
 	| SYST CRLF
 		{
@@ -601,12 +565,12 @@ cmd
 		 * Return size of file in a format suitable for
 		 * using with RESTART (we just count bytes).
 		 */
-	| SIZE check_login SP pathname CRLF
+	| SIZE SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL)
-				sizecmd($4);
-			if ($4 != NULL)
-				free($4);
+			if ($5 && $3 != NULL)
+				sizecmd($3);
+			if ($3 != NULL)
+				free($3);
 		}
 
 		/*
@@ -618,15 +582,16 @@ cmd
 		 * where xxx is the fractional second (of any precision,
 		 * not necessarily 3 digits)
 		 */
-	| MDTM check_login SP pathname CRLF
+	| MDTM SP pathname CRLF check_login
 		{
-			if ($2 && $4 != NULL) {
+			if ($5 && $3 != NULL) {
 				struct stat stbuf;
-				if (stat($4, &stbuf) < 0)
+				if (stat($3, &stbuf) < 0)
 					reply(550, "%s: %s",
-					    $4, strerror(errno));
+					    $3, strerror(errno));
 				else if (!S_ISREG(stbuf.st_mode)) {
-					reply(550, "%s: not a plain file.", $4);
+					reply(550,
+					      "%s: not a plain file.", $3);
 				} else {
 					struct tm *t;
 					t = gmtime(&stbuf.st_mtime);
@@ -640,8 +605,8 @@ cmd
 					      t->tm_sec);
 				}
 			}
-			if ($4 != NULL)
-				free($4);
+			if ($3 != NULL)
+				free($3);
 		}
 	| QUIT CRLF
 		{
@@ -654,13 +619,13 @@ cmd
 		}
 	;
 rcmd
-	: RNFR check_login_no_guest SP pathname CRLF
+	: RNFR SP pathname CRLF check_login_no_guest
 		{
 			restart_point = (off_t) 0;
-			if ($2 && $4) {
-				fromname = renamefrom($4);
-				if (fromname == (char *) 0 && $4) {
-					free($4);
+			if ($5 && $3) {
+				fromname = renamefrom($3);
+				if (fromname == (char *) 0 && $3) {
+					free($3);
 				}
 			}
 		}
@@ -672,9 +637,41 @@ rcmd
 			      (long)restart_point,
 			      "Send STORE or RETRIEVE to initiate transfer.");
 		}
+	| AUTH SP STRING CRLF
+		{
+			auth($3);
+			free($3);
+		}
+	| ADAT SP STRING CRLF
+		{
+			adat($3);
+			free($3);
+		}
+	| PBSZ SP NUMBER CRLF
+		{
+			pbsz($3);
+		}
+	| PROT SP STRING CRLF
+		{
+			prot($3);
+		}
+	| CCC CRLF
+		{
+			ccc();
+		}
+	| MIC SP STRING CRLF
+		{
+			mec($3, prot_safe);
+			free($3);
+		}
+	| CONF SP STRING CRLF
+		{
+			mec($3, prot_confidential);
+			free($3);
+		}
 	| ENC SP STRING CRLF
 		{
-			enc($3);
+			mec($3, prot_private);
 			free($3);
 		}
 	;
@@ -861,19 +858,24 @@ check_login_no_guest : check_login
 		}
 	;
 
-check_login
-	: /* empty */
+check_login : check_secure
 		{
-		    if(auth_complete && prot_level == prot_clear){
-			reply(533, "Command protection level denied for paranoid reasons.");
-			$$ = 0;
-		    }else
-			if (logged_in)
-			    $$ = 1;
-			else {
+		    if($1) {
+			if(($$ = logged_in) == 0)
 			    reply(530, "Please login with USER and PASS.");
-			    $$ = 0;
-			}
+		    } else
+			$$ = 0;
+		}
+	;
+
+check_secure : /* empty */
+		{
+		    $$ = 1;
+		    if(sec_complete && !secure_command()) {
+			$$ = 0;
+			reply(533, "Command protection level denied "
+			      "for paranoid reasons.");
+		    }
 		}
 	;
 
@@ -925,7 +927,7 @@ struct tab cmdtab[] = {		/* In order defined in RFC 765 */
 	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
 	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
 	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
-	{ "STAT", STAT, OSTR, 1,	"[ <sp> path-name ]" },
+	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
 	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
 	{ "NOOP", NOOP, ARGS, 1,	"" },
 	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
@@ -940,7 +942,7 @@ struct tab cmdtab[] = {		/* In order defined in RFC 765 */
 	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
 	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
 
-	/* extensions from draft-ietf-cat-ftpsec-08 */
+	/* extensions from RFC2228 */
 	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
 	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
 	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
@@ -961,6 +963,9 @@ struct tab sitetab[] = {
 
 	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
 	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
+	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
+	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
+	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
 
 	{ "FIND", FIND, STR1, 1,	"<sp> globexpr" },
 
@@ -979,13 +984,11 @@ lookup(struct tab *p, char *cmd)
 	return (0);
 }
 
-#include <arpa/telnet.h>
-
 /*
- * getline - a hacked up version of fgets to ignore TELNET escape codes.
+ * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
  */
 char *
-getline(char *s, int n)
+ftpd_getline(char *s, int n)
 {
 	int c;
 	char *cs;
@@ -993,7 +996,7 @@ getline(char *s, int n)
 	cs = s;
 /* tmpline may contain saved command from urgent mode interruption */
 	if(ftp_command){
-	  strncpy(s, ftp_command, n);
+	  strcpy_truncate(s, ftp_command, n);
 	  if (debug)
 	    syslog(LOG_DEBUG, "command: %s", s);
 #ifdef XXX
@@ -1001,7 +1004,6 @@ getline(char *s, int n)
 #endif
 	  return s;
 	}
-	prot_level = prot_clear;
 	while ((c = getc(stdin)) != EOF) {
 		c &= 0377;
 		if (c == IAC) {
@@ -1087,15 +1089,15 @@ yylex(void)
 		case CMD:
 			signal(SIGALRM, toolong);
 			alarm((unsigned) ftpd_timeout);
-			if (getline(cbuf, sizeof(cbuf)-1) == NULL) {
+			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
 				reply(221, "You could at least say goodbye.");
 				dologout(0);
 			}
 			alarm(0);
-#ifdef HASSETPROCTITLE
+#ifdef HAVE_SETPROCTITLE
 			if (strncasecmp(cbuf, "PASS", 4) != NULL)
 				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* HASSETPROCTITLE */
+#endif /* HAVE_SETPROCTITLE */
 			if ((cp = strchr(cbuf, '\r'))) {
 				*cp++ = '\n';
 				*cp = '\0';
@@ -1333,16 +1335,21 @@ help(struct tab *ctab, char *s)
 			columns = 1;
 		lines = (NCMDS + columns - 1) / columns;
 		for (i = 0; i < lines; i++) {
-		    strcpy (buf, "   ");
+		    strcpy_truncate (buf, "   ", sizeof(buf));
 		    for (j = 0; j < columns; j++) {
 			c = ctab + j * lines + i;
-			snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf),
-				  "%s%c", c->name, c->implemented ? ' ' : '*');
+			snprintf (buf + strlen(buf),
+				  sizeof(buf) - strlen(buf),
+				  "%s%c",
+				  c->name,
+				  c->implemented ? ' ' : '*');
 			if (c + lines >= &ctab[NCMDS])
 			    break;
 			w = strlen(c->name) + 1;
 			while (w < width) {
-			    strcat(buf, " ");
+			    strcat_truncate (buf,
+					     " ",
+					     sizeof(buf));
 			    w++;
 			}
 		    }
@@ -1375,11 +1382,12 @@ sizecmd(char *filename)
 			reply(550, "%s: not a plain file.", filename);
 		else
 			reply(213, "%lu", (unsigned long)stbuf.st_size);
-		break; }
+		break;
+	}
 	case TYPE_A: {
 		FILE *fin;
 		int c;
-		off_t count;
+		size_t count;
 		struct stat stbuf;
 		fin = fopen(filename, "r");
 		if (fin == NULL) {
@@ -1400,8 +1408,9 @@ sizecmd(char *filename)
 		}
 		fclose(fin);
 
-		reply(213, "%ld", count);
-		break; }
+		reply(213, "%lu", (unsigned long)count);
+		break;
+	}
 	default:
 		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
 	}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h b/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
new file mode 100644
index 0000000..4bb3ad3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: ftpd_locl.h,v 1.5.2.1 1999/07/22 03:24:42 assar Exp $ */
+
+#ifndef __ftpd_locl_h__
+#define __ftpd_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/*
+ * FTP server.
+ */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <arpa/ftp.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <glob.h>
+#include <limits.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <setjmp.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <time.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#include <fnmatch.h>
+
+#ifdef HAVE_BSD_BSD_H
+#include <bsd/bsd.h>
+#endif
+
+#include <err.h>
+
+#include "pathnames.h"
+#include "extern.h"
+#include "common.h"
+
+#include "security.h"
+
+#include "roken.h"
+
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose)      (FILE *);
+#endif
+
+int yyparse();
+
+#ifndef LOG_FTP
+#define LOG_FTP LOG_DAEMON
+#endif
+
+#endif /* __ftpd_locl_h__ */
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c b/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
new file mode 100644
index 0000000..8a1a8e3
--- /dev/null
+++ b/crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "ftpd_locl.h"
+#include <gssapi.h>
+#include <krb5.h>
+
+RCSID("$Id: gss_userok.c,v 1.1 1998/05/12 12:15:22 joda Exp $");
+
+/* XXX a bit too much of krb5 dependency here... 
+   What is the correct way to do this? 
+   */
+
+extern krb5_context gssapi_krb5_context;
+
+/* XXX sync with gssapi.c */
+struct gss_data {
+    gss_ctx_id_t context_hdl;
+    char *client_name;
+};
+
+int gss_userok(void*, char*); /* to keep gcc happy */
+
+int
+gss_userok(void *app_data, char *username)
+{
+    struct gss_data *data = app_data;
+    if(gssapi_krb5_context) {
+	krb5_principal client;
+	krb5_error_code ret;
+	ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
+	if(ret)
+	    return 1;
+	ret = krb5_kuserok(gssapi_krb5_context, client, username);
+	krb5_free_principal(gssapi_krb5_context, client);
+	return !ret;
+    }
+    return 1;
+}
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
index 02d23d6..33795b6 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,34 +36,9 @@
  * SUCH DAMAGE.
  */
 
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: kauth.c,v 1.14 1997/05/07 02:21:30 assar Exp $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <time.h>
-#ifdef HAVE_SYS_TIME_H 
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#include <roken.h>
-
-#include <des.h>
-#include <krb.h>
-#include <kafs.h>
+#include "ftpd_locl.h"
 
-#include "extern.h"
-#include "krb4.h"
-#include "auth.h"
-#include "base64.h"
+RCSID("$Id: kauth.c,v 1.22 1999/06/29 21:19:33 bg Exp $");
 
 static KTEXT_ST cip;
 static unsigned int lifetime;
@@ -71,9 +46,15 @@ static time_t local_time;
 
 static krb_principal pr;
 
+static int do_destroy_tickets = 1;
+
 static int
-save_tkt(char *user, char *instance, char *realm, void *arg, 
-	 int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp)
+save_tkt(const char *user,
+	 const char *instance,
+	 const char *realm,
+	 const void *arg, 
+	 key_proc_t key_proc,
+	 KTEXT *cipp)
 {
     local_time = time(0);
     memmove(&cip, *cipp, sizeof(cip));
@@ -89,11 +70,9 @@ store_ticket(KTEXT cip)
     unsigned char kvno;
     KTEXT_ST tkt;
     int left = cip->length;
-
+    int len;
     int kerror;
     
-    time_t kdc_time;
-
     ptr = (char *) cip->dat;
 
     /* extract session key */
@@ -101,29 +80,32 @@ store_ticket(KTEXT cip)
     ptr += 8;
     left -= 8;
 
-    if (strnlen(ptr, left) == left)
+    len = strnlen(ptr, left);
+    if (len == left)
 	return(INTK_BADPW);
     
     /* extract server's name */
-    strcpy(sp.name, ptr);
-    ptr += strlen(sp.name) + 1;
-    left -= strlen(sp.name) + 1;
+    strcpy_truncate(sp.name, ptr, sizeof(sp.name));
+    ptr += len + 1;
+    left -= len + 1;
 
-    if (strnlen(ptr, left) == left)
+    len = strnlen(ptr, left);
+    if (len == left)
 	return(INTK_BADPW);
-
+    
     /* extract server's instance */
-    strcpy(sp.instance, ptr);
-    ptr += strlen(sp.instance) + 1;
-    left -= strlen(sp.instance) + 1;
+    strcpy_truncate(sp.instance, ptr, sizeof(sp.instance));
+    ptr += len + 1;
+    left -= len + 1;
 
-    if (strnlen(ptr, left) == left)
+    len = strnlen(ptr, left);
+    if (len == left)
 	return(INTK_BADPW);
-
+    
     /* extract server's realm */
-    strcpy(sp.realm,ptr);
-    ptr += strlen(sp.realm) + 1;
-    left -= strlen(sp.realm) + 1;
+    strcpy_truncate(sp.realm, ptr, sizeof(sp.realm));
+    ptr += len + 1;
+    left -= len + 1;
 
     if(left < 3)
 	return INTK_BADPW;
@@ -154,14 +136,18 @@ store_ticket(KTEXT cip)
     
 #if 0
     /* check KDC time stamp */
-    memmove(&kdc_time, ptr, sizeof(kdc_time));
-    if (swap_bytes) swap_u_long(kdc_time);
+    {
+	time_t kdc_time;
 
-    ptr += 4;
+	memmove(&kdc_time, ptr, sizeof(kdc_time));
+	if (swap_bytes) swap_u_long(kdc_time);
+
+	ptr += 4;
     
-    if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
-        return(RD_AP_TIME);		/* XXX should probably be better
+	if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
+	    return(RD_AP_TIME);		/* XXX should probably be better
 					   code */
+	}
     }
 #endif
 
@@ -184,7 +170,8 @@ store_ticket(KTEXT cip)
     return(kerror);
 }
 
-void kauth(char *principal, char *ticket)
+void
+kauth(char *principal, char *ticket)
 {
     char *p;
     int ret;
@@ -209,8 +196,10 @@ void kauth(char *principal, char *ticket)
 	    memset(&cip, 0, sizeof(cip));
 	    return;
 	}
+	do_destroy_tickets = 1;
+
 	if(k_hasafs())
-	    k_afsklog(0, 0);
+	    krb_afslog(0, 0);
 	reply(200, "Tickets will be destroyed on exit.");
 	return;
     }
@@ -226,7 +215,10 @@ void kauth(char *principal, char *ticket)
 	reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
 	return;
     }
-    base64_encode(cip.dat, cip.length, &p);
+    if(base64_encode(cip.dat, cip.length, &p) < 0) {
+	reply(500, "Out of memory while base64-encoding.");
+	return;
+    }
     reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
     free(p);
     memset(&cip, 0, sizeof(cip));
@@ -245,7 +237,8 @@ short_date(int32_t dp)
     return (cp);
 }
 
-void klist(void)
+void
+klist(void)
 {
     int err;
 
@@ -302,6 +295,8 @@ void klist(void)
      * it was done before tf_init.
      */
        
+    lreply(200, "Ticket file: %s", tkt_string());
+
     lreply(200, "Principal: %s", krb_unparse_name(&pr));
     while ((err = tf_get_cred(&c)) == KSUCCESS) {
 	if (header) {
@@ -309,17 +304,63 @@ void klist(void)
 		   "  Issued", "  Expires", "  Principal (kvno)");
 	    header = 0;
 	}
-	strcpy(buf1, short_date(c.issue_date));
+	strcpy_truncate(buf1, short_date(c.issue_date), sizeof(buf1));
 	c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
 	if (time(0) < (unsigned long) c.issue_date)
-	    strcpy(buf2, short_date(c.issue_date));
+	    strcpy_truncate(buf2, short_date(c.issue_date), sizeof(buf2));
 	else
-	    strcpy(buf2, ">>> Expired <<< ");
+	    strcpy_truncate(buf2, ">>> Expired <<< ", sizeof(buf2));
 	lreply(200, "%s  %s  %s (%d)", buf1, buf2,
 	       krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); 
     }
     if (header && err == EOF) {
 	lreply(200, "No tickets in file.");
     }
-    reply(200, "");
+    reply(200, " ");
+}
+
+/*
+ * Only destroy if we created the tickets
+ */
+
+void
+cond_kdestroy(void)
+{
+    if (do_destroy_tickets)
+	dest_tkt();
+    afsunlog();
+}
+
+void
+kdestroy(void)
+{
+    dest_tkt();
+    afsunlog();
+    reply(200, "Tickets destroyed");
+}
+
+void
+krbtkfile(const char *tkfile)
+{
+    do_destroy_tickets = 0;
+    krb_set_tkt_string(tkfile);
+    reply(200, "Using ticket file %s", tkfile);
+}
+
+void
+afslog(const char *cell)
+{
+    if(k_hasafs()) {
+	krb_afslog(cell, 0);
+	reply(200, "afslog done");
+    } else {
+	reply(200, "no AFS present");
+    }
+}
+
+void
+afsunlog(void)
+{
+    if(k_hasafs())
+	k_unlog();
 }
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
index 95ab216..d948a5a 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $");
+RCSID("$Id: logwtmp.c,v 1.13 1999/03/01 09:49:37 joda Exp $");
 #endif
 
 #include <stdio.h>
@@ -74,18 +74,20 @@ RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $");
 #endif
 
 void
-logwtmp(char *line, char *name, char *host)
+ftpd_logwtmp(char *line, char *name, char *host)
 {
     static int init = 0;
-    static int fd, fdx;
-    struct timeval tv;
+    static int fd;
+#ifdef WTMPX_FILE
+    static int fdx;
+#endif
     struct utmp ut;
 #ifdef WTMPX_FILE
     struct utmpx utx;
 #endif
 
     memset(&ut, 0, sizeof(struct utmp));
-#ifdef HAVE_UT_TYPE
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
     if(name[0])
 	ut.ut_type = USER_PROCESS;
     else
@@ -93,10 +95,10 @@ logwtmp(char *line, char *name, char *host)
 #endif
     strncpy(ut.ut_line, line, sizeof(ut.ut_line));
     strncpy(ut.ut_name, name, sizeof(ut.ut_name));
-#ifdef HAVE_UT_PID
+#ifdef HAVE_STRUCT_UTMP_UT_PID
     ut.ut_pid = getpid();
 #endif
-#ifdef HAVE_UT_HOST
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
     strncpy(ut.ut_host, host, sizeof(ut.ut_host));
 #endif
     ut.ut_time = time(NULL);
@@ -105,14 +107,18 @@ logwtmp(char *line, char *name, char *host)
     strncpy(utx.ut_line, line, sizeof(utx.ut_line));
     strncpy(utx.ut_user, name, sizeof(utx.ut_user));
     strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#ifdef HAVE_UT_SYSLEN
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
     utx.ut_syslen = strlen(host) + 1;
     if (utx.ut_syslen > sizeof(utx.ut_host))
         utx.ut_syslen = sizeof(utx.ut_host);
 #endif
-    gettimeofday (&tv, 0);
-    utx.ut_tv.tv_sec = tv.tv_sec;
-    utx.ut_tv.tv_usec = tv.tv_usec;
+    {
+	struct timeval tv;
+
+	gettimeofday (&tv, 0);
+	utx.ut_tv.tv_sec = tv.tv_sec;
+	utx.ut_tv.tv_usec = tv.tv_usec;
+    }
 
     if(name[0])
 	utx.ut_type = USER_PROCESS;
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/popen.c b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
index 58c4985..4bd5e04 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/popen.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/popen.c
@@ -37,7 +37,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: popen.c,v 1.16 1997/06/01 03:14:06 assar Exp $");
+RCSID("$Id: popen.c,v 1.18 1998/06/09 19:24:24 joda Exp $");
 #endif
 
 #include <sys/types.h>
@@ -89,10 +89,10 @@ ftp_rooted(const char *path)
 
     if(!home[0])
 	if((pwd = k_getpwnam("ftp")))
-	    strcpy(home, pwd->pw_dir);
+	    strcpy_truncate(home, pwd->pw_dir, sizeof(home));
     snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
     if(access(newpath, X_OK))
-	strcpy(newpath, path);
+	strcpy_truncate(newpath, path, sizeof(newpath));
     return newpath;
 }
 
@@ -125,8 +125,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 		return (NULL);
 
 	/* break up string into pieces */
+	foo = NULL;
 	for (argc = 0, cp = program;; cp = NULL) {
-		foo = NULL;
 		if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
 			break;
 	}
diff --git a/crypto/kerberosIV/appl/kauth/ChangeLog b/crypto/kerberosIV/appl/kauth/ChangeLog
new file mode 100644
index 0000000..ad849a2
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/ChangeLog
@@ -0,0 +1,24 @@
+Thu Apr 15 15:05:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* kauth.c: add `-v'
+
+Thu Mar 18 11:17:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sun Nov 22 10:30:47 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Tue May 26 17:41:47 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* kauth.c: use krb_enable_debug
+
+Fri May  1 07:15:18 1998  Assar Westerlund  <assar@sics.se>
+
+	* rkinit.c: unifdef -DHAVE_H_ERRNO
+
+Thu Mar 19 16:07:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* kauth.c: Check for negative return value from krb_afslog().
+
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.am b/crypto/kerberosIV/appl/kauth/Makefile.am
new file mode 100644
index 0000000..a5bf0fdaca
--- /dev/null
+++ b/crypto/kerberosIV/appl/kauth/Makefile.am
@@ -0,0 +1,42 @@
+# $Id: Makefile.am,v 1.7 1999/04/09 18:22:45 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+bin_PROGRAMS = kauth
+bin_SCRIPTS = ksrvtgt
+libexec_PROGRAMS = kauthd
+
+EXTRA_DIST = zrefresh ksrvtgt.in
+
+kauth_SOURCES = \
+	kauth.c \
+	kauth.h \
+	rkinit.c \
+	marshall.c \
+	encdata.c
+
+kauthd_SOURCES = \
+	kauthd.c \
+	kauth.h \
+	marshall.c \
+	encdata.c
+
+ksrvtgt: ksrvtgt.in
+	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
+	chmod +x $@
+
+install-exec-local:
+	if test -f $(bindir)/zrefresh -o -r  $(bindir)/zrefresh; then \
+	  true; \
+	else \
+	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
+	fi
+
+LDADD = \
+	$(LIB_kafs)				\
+	$(LIB_krb5)				\
+	$(LIB_krb4)				\
+	$(top_builddir)/lib/des/libdes.la	\
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in
index 97bfdb4..278facc 100644
--- a/crypto/kerberosIV/appl/kauth/Makefile.in
+++ b/crypto/kerberosIV/appl/kauth/Makefile.in
@@ -1,17 +1,19 @@
-# $Id: Makefile.in,v 1.33 1997/04/05 21:24:35 assar Exp $
+# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
 
 SHELL = /bin/sh
 
 srcdir = @srcdir@
 VPATH = @srcdir@
 
-topdir = ../..
+top_builddir = ../..
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -49,28 +51,28 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(bindir) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir)
 	for x in $(PROG_BIN); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
-	if test -f $(bindir)/zrefresh -o -r  $(bindir)/zrefresh; then \
+	if test -f $(DESTDIR)$(bindir)/zrefresh -o -r  $(DESTDIR)$(bindir)/zrefresh; then \
 	  true; \
 	else \
-	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(DESTDIR)$(bindir)/`echo zrefresh | sed '$(transform)'`; \
 	fi
 	for x in $(PROG_LIBEXEC); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROG_BIN); do \
-	  rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
 	done
 	for x in $(PROG_LIBEXEC); do \
-	  rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -89,20 +91,14 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
 LIBROKEN=-L../../lib/roken -lroken
 
 kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 ksrvtgt: ksrvtgt.in
 	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
@@ -110,3 +106,5 @@ ksrvtgt: ksrvtgt.in
 
 
 $(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c
index 84614b0..ae5454e 100644
--- a/crypto/kerberosIV/appl/kauth/kauth.c
+++ b/crypto/kerberosIV/appl/kauth/kauth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -46,12 +46,12 @@
 
 #include "kauth.h"
 
-RCSID("$Id: kauth.c,v 1.75 1997/05/02 15:09:24 assar Exp $");
+RCSID("$Id: kauth.c,v 1.92 1999/06/29 21:19:35 bg Exp $");
 
 krb_principal princ;
-static char srvtab[MaxPathLen + 1];
+static char srvtab[MaxPathLen];
 static int lifetime = DEFAULT_TKT_LIFE;
-static char remote_tktfile[MaxPathLen + 1];
+static char remote_tktfile[MaxPathLen];
 static char remoteuser[100];
 static char *cell = 0;
 
@@ -59,41 +59,31 @@ static void
 usage(void)
 {
     fprintf(stderr,
-	    "Usage: %s [-n <name>] [-r remoteuser] [-t remote ticketfile]"
-	    "[-l lifetime (in minutes) ] [-h hosts... ]"
-	    "[-f srvtab ] [-c AFS cell name ] [command ... ]\n",
+	    "Usage: %s -n <name> [-r remoteuser] [-t remote ticketfile] "
+	    "[-l lifetime (in minutes) ] [-f srvtab ] "
+	    "[-c AFS cell name ] [-h hosts... [--]] [command ... ]\n",
 	    __progname);
     fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n");
     exit(1);
 }
 
-static void
+#define EX_NOEXEC	126
+#define EX_NOTFOUND	127
+
+static int
 doexec(int argc, char **argv)
 {
-    int status;
-    pid_t ret;
-
-    switch (fork()) {
-    case -1:
-	err (1, "fork");
-	break;
-    case 0:
-	/* in child */
-	execvp(argv[0], argv);
-	err (1, "Can't exec program ``%s''", argv[0]);
-	break;
-    default:
-	/* in parent */
-	do {
-	    ret = wait(&status);
-	} while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR));
-	if (ret < 0)
-	    perror("wait");
-	dest_tkt();
-	if (k_hasafs())
-	    k_unlog();	 
-	break;
-    }
+    int ret = simple_execvp(argv[0], argv);
+    if(ret == -2)
+	warn ("fork");
+    if(ret == -3)
+	warn("waitpid");
+    if(ret < 0)
+	return EX_NOEXEC;
+    if(ret == EX_NOEXEC || ret == EX_NOTFOUND)
+	warnx("Can't exec program ``%s''", argv[0]);
+	
+    return ret;
 }
 
 static RETSIGTYPE
@@ -110,7 +100,7 @@ renew(int sig)
 	warnx ("%s", krb_get_err_text(code));
     else if (k_hasafs())
 	{
-	    if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+	    if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
 		warnx ("%s", krb_get_err_text(code));
 	    }
 	}
@@ -139,7 +129,10 @@ zrefresh(void)
 }
 
 static int
-key_to_key(char *user, char *instance, char *realm, void *arg,
+key_to_key(const char *user,
+	   char *instance,
+	   const char *realm,
+	   const void *arg,
 	   des_cblock *key)
 {
     memcpy(key, arg, sizeof(des_cblock));
@@ -154,6 +147,7 @@ main(int argc, char **argv)
     int c;
     char *file;
     int pflag = 0;
+    int version_flag = 0;
     char passwd[100];
     des_cblock key;
     char **host;
@@ -169,17 +163,31 @@ main(int argc, char **argv)
     memset(srvtab, 0, sizeof(srvtab));
     *remoteuser = '\0';
     nhost = 0;
+    host = NULL;
   
-    while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF)
+    /* Look for kerberos name */
+    if (argc > 1 &&
+	argv[1][0] != '-' &&
+	krb_parse_name(argv[1], &princ) == 0)
+      {
+	argc--; argv++;
+	strupr(princ.realm);
+      }
+
+    while ((c = getopt(argc, argv, "r:t:f:hdl:n:c:v")) != EOF)
 	switch (c) {
+	case 'd':
+	    krb_enable_debug();
+	    _kafs_debug = 1;
+	    break;
 	case 'f':
-	    strncpy(srvtab, optarg, sizeof(srvtab));
+	    strcpy_truncate(srvtab, optarg, sizeof(srvtab));
 	    break;
 	case 't':
-	    strncpy(remote_tktfile, optarg, sizeof(remote_tktfile));
+	    strcpy_truncate(remote_tktfile, optarg, sizeof(remote_tktfile));
 	    break;
 	case 'r':
-	    strncpy(remoteuser, optarg, sizeof(remoteuser));
+	    strcpy_truncate(remoteuser, optarg, sizeof(remoteuser));
 	    break;
 	case 'l':
 	    lifetime = atoi(optarg);
@@ -208,31 +216,38 @@ main(int argc, char **argv)
 	    for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
 		++nhost;
 	    break;
+	case 'v':
+	    version_flag++;
+	    print_version(NULL);
+	    break;
 	case '?':
 	default:
 	    usage();
 	    break;
 	}
   
-    /* Look for kerberos name */
-    if (!pflag && optind < argc && krb_parse_name(argv[optind], &princ) == 0) {
-	++optind;	 
-	strupr(princ.realm);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
     }
-
     if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, 
 							    princ.instance, 
 							    princ.realm) < 0)
 	errx (1, "Could not get default principal");
   
-    if (*remoteuser == '\0')
-	strcpy (remoteuser, princ.name);
+    /* With root tickets assume remote user is root */
+    if (*remoteuser == '\0') {
+      if (strcmp(princ.instance, "root") == 0)
+	strcpy_truncate(remoteuser, princ.instance, sizeof(remoteuser));
+      else
+	strcpy_truncate(remoteuser, princ.name, sizeof(remoteuser));
+    }
 
     more_args = argc - optind;
   
     if (princ.realm[0] == '\0')
 	if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
-	    strcpy(princ.realm, KRB_REALM);
+	    strcpy_truncate(princ.realm, KRB_REALM, REALM_SZ);
   
     if (more_args) {
 	int f;
@@ -271,18 +286,10 @@ main(int argc, char **argv)
 	    memset(passwd, 0, sizeof(passwd));
 	    exit(1);
 	}
-	des_string_to_key (passwd, &key);
-	code = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
-			       KRB_TICKET_GRANTING_TICKET,
-			       princ.realm, lifetime,
-			       key_to_key, NULL, key);
-	if(code == INTK_BADPW) {
-	    afs_string_to_key (passwd, princ.realm, &key);
-	    code = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
-				   KRB_TICKET_GRANTING_TICKET,
-				   princ.realm, lifetime,
-				   key_to_key, NULL, key);
-	}
+	code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm, 
+				  KRB_TICKET_GRANTING_TICKET, princ.realm, 
+				  lifetime, passwd, &key);
+	
 	memset(passwd, 0, sizeof(passwd));
     }
     if (code) {
@@ -293,8 +300,12 @@ main(int argc, char **argv)
     if (k_hasafs()) {
 	if (more_args)
 	    k_setpag();
-	if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN)
-	    warnx ("%s", krb_get_err_text(code));
+	if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
+	    if(code > 0)
+		warnx ("%s", krb_get_err_text(code));
+	    else
+		warnx ("failed to store AFS token");
+	}
     }
 
     for(ret = 0; nhost-- > 0; host++)
@@ -303,10 +314,14 @@ main(int argc, char **argv)
     if (ret)
 	return ret;
 
-    if (more_args)
-	doexec(more_args, &argv[optind]);
+    if (more_args) {
+	ret = doexec(more_args, &argv[optind]);
+	dest_tkt();
+	if (k_hasafs())
+	    k_unlog();	 
+    }
     else
 	zrefresh();
   
-    return 0;
+    return ret;
 }
diff --git a/crypto/kerberosIV/appl/kauth/kauth.h b/crypto/kerberosIV/appl/kauth/kauth.h
index 2c48fcc..c5a4517 100644
--- a/crypto/kerberosIV/appl/kauth/kauth.h
+++ b/crypto/kerberosIV/appl/kauth/kauth.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */
+/* $Id: kauth.h,v 1.20 1998/06/13 00:06:45 assar Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -92,6 +92,9 @@
 #endif
 #ifdef SOCKS
 #include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
 #endif
 
 #include <err.h>
@@ -113,6 +116,6 @@ int write_encrypted (int, void*, size_t, des_key_schedule,
 int read_encrypted (int, void*, size_t, void **, des_key_schedule,
 		    des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
 
-unsigned pack_args (char *, krb_principal*, int, char*, char*);
+int pack_args (char *, size_t, krb_principal*, int, const char*, const char*);
 
-int unpack_args (char*, krb_principal*, int*, char*, char*);
+int unpack_args (const char*, krb_principal*, int*, char*, char*);
diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c
index b6a40cf..0018a13 100644
--- a/crypto/kerberosIV/appl/kauth/kauthd.c
+++ b/crypto/kerberosIV/appl/kauth/kauthd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,12 +38,12 @@
 
 #include "kauth.h"
 
-RCSID("$Id: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $");
+RCSID("$Id: kauthd.c,v 1.24 1999/06/29 21:19:35 bg Exp $");
 
 krb_principal princ;
-static char locuser[SNAME_SZ + 1];
+static char locuser[SNAME_SZ];
 static int  lifetime;
-static char tktfile[MaxPathLen + 1];
+static char tktfile[MaxPathLen];
 
 struct remote_args {
      int sock;
@@ -53,8 +53,12 @@ struct remote_args {
 };
 
 static int
-decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg,
-		    key_proc_t key_proc, KTEXT *cipp)
+decrypt_remote_tkt (const char *user,
+		    const char *inst,
+		    const char *realm,
+		    const void *varg,
+		    key_proc_t key_proc,
+		    KTEXT *cipp)
 {
      char buf[BUFSIZ];
      void *ptr;
@@ -78,7 +82,7 @@ doit(int sock)
      int status;
      KTEXT_ST ticket;
      AUTH_DAT auth;
-     char instance[INST_SZ + 1];
+     char instance[INST_SZ];
      des_key_schedule schedule;
      struct sockaddr_in thisaddr, thataddr;
      int addrlen;
diff --git a/crypto/kerberosIV/appl/kauth/marshall.c b/crypto/kerberosIV/appl/kauth/marshall.c
index 4f1bfeb..dc28ae5 100644
--- a/crypto/kerberosIV/appl/kauth/marshall.c
+++ b/crypto/kerberosIV/appl/kauth/marshall.c
@@ -38,60 +38,94 @@
 
 #include "kauth.h"
 
-RCSID("$Id: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $");
+RCSID("$Id: marshall.c,v 1.8 1998/06/09 19:24:26 joda Exp $");
 
-unsigned
-pack_args (char *buf, krb_principal *pr, int lifetime,
-	   char *locuser, char *tktfile)
+int
+pack_args (char *buf,
+	   size_t sz,
+	   krb_principal *pr,
+	   int lifetime,
+	   const char *locuser,
+	   const char *tktfile)
 {
-    char *p;
+    char *p = buf;
+    int len;
 
     p = buf;
-    strcpy (p, pr->name);
-    p += strlen (pr->name) + 1;
-    strcpy (p, pr->instance);
-    p += strlen (pr->instance) + 1;
-    strcpy (p, pr->realm);
-    p += strlen (pr->realm) + 1;
+
+    len = strlen(pr->name);
+    if (len >= sz)
+	return -1;
+    memcpy (p, pr->name, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(pr->instance);
+    if (len >= sz)
+	return -1;
+    memcpy (p, pr->instance, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(pr->realm);
+    if (len >= sz)
+	return -1;
+    memcpy(p, pr->realm, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    if (sz < 1)
+	return -1;
     *p++ = (unsigned char)lifetime;
-    strcpy(p, locuser);
-    p += strlen (locuser) + 1;
-    strcpy(p, tktfile);
-    p += strlen(tktfile) + 1;
+
+    len = strlen(locuser);
+    if (len >= sz)
+	return -1;
+    memcpy (p, locuser, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
+    len = strlen(tktfile);
+    if (len >= sz)
+	return -1;
+    memcpy (p, tktfile, len + 1);
+    p += len + 1;
+    sz -= len + 1;
+
     return p - buf;
 }
 
 int
-unpack_args (char *buf, krb_principal *pr, int *lifetime,
+unpack_args (const char *buf, krb_principal *pr, int *lifetime,
 	     char *locuser, char *tktfile)
 {
     int len;
 
     len = strlen(buf);
-    if (len > SNAME_SZ)
+    if (len >= SNAME_SZ)
 	return -1;
-    strncpy(pr->name, buf, len + 1);
+    strcpy_truncate (pr->name, buf, ANAME_SZ);
     buf += len + 1;
     len = strlen (buf);
-    if (len > INST_SZ)
+    if (len >= INST_SZ)
 	return -1;
-    strncpy (pr->instance, buf, len + 1);
+    strcpy_truncate (pr->instance, buf, INST_SZ);
     buf += len + 1;
     len = strlen (buf);
-    if (len > REALM_SZ)
+    if (len >= REALM_SZ)
 	return -1;
-    strncpy (pr->realm, buf, len + 1);
+    strcpy_truncate (pr->realm, buf, REALM_SZ);
     buf += len + 1;
     *lifetime = (unsigned char)*buf++;
     len = strlen(buf);
-    if (len > SNAME_SZ)
+    if (len >= SNAME_SZ)
 	return -1;
-    strncpy (locuser, buf, len + 1);
+    strcpy_truncate (locuser, buf, SNAME_SZ);
     buf += len + 1;
     len = strlen(buf);
-    if (len > MaxPathLen)
+    if (len >= MaxPathLen)
 	return -1;
-    strncpy (tktfile, buf, len + 1);
+    strcpy_truncate (tktfile, buf, MaxPathLen);
     buf += len + 1;
     return 0;
 }
diff --git a/crypto/kerberosIV/appl/kauth/rkinit.c b/crypto/kerberosIV/appl/kauth/rkinit.c
index ec75d46..d736ddc 100644
--- a/crypto/kerberosIV/appl/kauth/rkinit.c
+++ b/crypto/kerberosIV/appl/kauth/rkinit.c
@@ -38,7 +38,7 @@
 
 #include "kauth.h"
 
-RCSID("$Id: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $");
+RCSID("$Id: rkinit.c,v 1.21 1998/06/09 19:24:26 joda Exp $");
 
 static struct in_addr *
 getalladdrs (char *hostname, unsigned *count)
@@ -53,12 +53,7 @@ getalladdrs (char *hostname, unsigned *count)
     if (hostent == NULL) {
 	warnx ("gethostbyname '%s' failed: %s\n",
 	       hostname,
-#ifdef HAVE_H_ERRNO
-	       hstrerror(h_errno)
-#else
-	       "unknown error"
-#endif
-	       );
+	       hstrerror(h_errno));
 	return NULL;
     }
     maxaddr = 1;
@@ -126,7 +121,12 @@ doit_host (krb_principal *princ, int lifetime, char *locuser,
 	warnx ("%s: %s\n", hostname, krb_get_err_text(status));
 	return 1;
     }
-    inlen = pack_args (buf, princ, lifetime, locuser, tktfile);
+    inlen = pack_args (buf, sizeof(buf),
+		       princ, lifetime, locuser, tktfile);
+    if (inlen < 0) {
+	warn ("cannot marshall arguments to %s", hostname);
+	return 1;
+    }
 
     if (write_encrypted(s, buf, inlen, schedule, &cred.session,
 			&thisaddr, &thataddr) < 0) {
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in
index 690a661..801c3f9 100644
--- a/crypto/kerberosIV/appl/kip/Makefile.in
+++ b/crypto/kerberosIV/appl/kip/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.12 1997/03/23 13:04:03 assar Exp $
+# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $
 
 SHELL = /bin/sh
 
@@ -6,9 +6,11 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -43,23 +45,23 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(bindir) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir)
 	for x in $(PROG_BIN); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 	for x in $(PROG_LIBEXEC); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROG_BIN); do \
-	  rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 	for x in $(PROG_LIBEXEC); do \
-	  rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -78,19 +80,15 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
 LIBROKEN=-L../../lib/roken -lroken
 
 kip$(EXECSUFFIX): $(OBJECTS_KIP)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 $(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c
index e324a28..990583b 100644
--- a/crypto/kerberosIV/appl/kip/kip.c
+++ b/crypto/kerberosIV/appl/kip/kip.c
@@ -38,10 +38,10 @@
 
 #include "kip.h"
 
-RCSID("$Id: kip.c,v 1.15 1997/05/11 10:54:51 assar Exp $");
+RCSID("$Id: kip.c,v 1.17 1998/05/01 05:20:11 assar Exp $");
 
 static void
-usage()
+usage(void)
 {
      fprintf (stderr, "Usage: %s host\n",
 	      __progname);
@@ -69,12 +69,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
      hostent = gethostbyname (host);
      if (hostent == NULL) {
 	 warnx ("gethostbyname '%s': %s", host,
-#ifdef HAVE_H_ERRNO
-		hstrerror(h_errno)
-#else
-		"unknown error"
-#endif
-	     );
+		hstrerror(h_errno));
 	  return -1;
      }
 
@@ -83,8 +78,6 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
      thataddr.sin_port   = k_getportbyname ("kip", "tcp", htons(KIPPORT));
 
      for(p = hostent->h_addr_list; *p; ++p) {
-	 int one = 1;
-
 	 memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
 
 	 s = socket (AF_INET, SOCK_STREAM, 0);
@@ -94,7 +87,12 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
 	 }
 
 #if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
-	 setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
+	 {
+	     int one = 1;
+
+	     setsockopt (s, IPPROTO_TCP, TCP_NODELAY,
+			 (void *)&one, sizeof(one));
+	 }
 #endif
 
 	 if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) {
@@ -151,8 +149,6 @@ doit (char *host)
      des_key_schedule schedule;
      des_cblock iv;
      int other, this;
-     struct ifreq ifreq;
-     int sock;
 
      other = connect_host (host, &iv, schedule);
      if (other < 0)
diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h
index 94e30a5..ed9874a 100644
--- a/crypto/kerberosIV/appl/kip/kip.h
+++ b/crypto/kerberosIV/appl/kip/kip.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kip.h,v 1.16 1997/05/20 18:40:31 bg Exp $ */
+/* $Id: kip.h,v 1.17 1997/12/14 23:57:21 assar Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -73,6 +73,9 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
 #include <netdb.h>
 #include <sys/sockio.h>
 #include <net/if.h>
diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c
index 6d9d334..6990d05 100644
--- a/crypto/kerberosIV/appl/kip/kipd.c
+++ b/crypto/kerberosIV/appl/kip/kipd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "kip.h"
 
-RCSID("$Id: kipd.c,v 1.13 1997/05/18 20:38:01 assar Exp $");
+RCSID("$Id: kipd.c,v 1.15 1999/03/10 18:33:24 joda Exp $");
 
 static int
 fatal (int fd, char *s)
@@ -58,7 +58,7 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
      int status;
      KTEXT_ST ticket;
      AUTH_DAT auth;
-     char instance[INST_SZ + 1];
+     char instance[INST_SZ];
      struct sockaddr_in thisaddr, thataddr;
      int addrlen;
      char version[KRB_SENDAUTH_VLEN + 1];
@@ -122,7 +122,7 @@ main (int argc, char **argv)
 {
     set_progname (argv[0]);
 
-    openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
+    roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
     signal (SIGCHLD, childhandler);
     return doit(0);
 }
diff --git a/crypto/kerberosIV/appl/sample/Makefile.in b/crypto/kerberosIV/appl/sample/Makefile.in
new file mode 100644
index 0000000..d88023a
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/Makefile.in
@@ -0,0 +1,83 @@
+# $Id: Makefile.in,v 1.18 1999/03/10 19:01:13 joda Exp $
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+top_builddir = ../..
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+INSTALL = @INSTALL@
+LIBS = @LIBS@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+libexecdir = @libexecdir@
+bindir = @bindir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROG_BIN	= sample_client$(EXECSUFFIX) \
+		  simple_client$(EXECSUFFIX)
+PROG_LIBEXEC	= sample_server$(EXECSUFFIX) \
+		  simple_server$(EXECSUFFIX)
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+
+OBJECTS = sample_client.o sample_server.o simple_client.o simple_server.o
+SOURCES = sample_client.c sample_server.c simple_client.c simple_server.c
+
+all: $(PROGS)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+install: all
+
+uninstall:
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f *.a *.o $(PROGS)
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
+LIBROKEN=-L../../lib/roken -lroken
+
+sample_client$(EXECSUFFIX): sample_client.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sample_client.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+simple_client$(EXECSUFFIX): simple_client.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ simple_client.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+sample_server$(EXECSUFFIX): sample_server.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sample_server.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+simple_server$(EXECSUFFIX): simple_server.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ simple_server.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+
+$(OBJECTS): ../../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/sample/sample.h b/crypto/kerberosIV/appl/sample/sample.h
new file mode 100644
index 0000000..a5880ab
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sample.h,v 1.10 1998/06/13 00:06:49 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <errno.h>
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#include <err.h>
+#include <krb.h>
+
+#include <roken.h>
+
+#define SAMPLE_PORT 6354
+
+#define SAMPLE_SERVICE "sample"
+#define SAMPLE_VERSION "VERSION9"
diff --git a/crypto/kerberosIV/appl/sample/sample_client.c b/crypto/kerberosIV/appl/sample/sample_client.c
new file mode 100644
index 0000000..8c45ae5
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample_client.c
@@ -0,0 +1,168 @@
+/*
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * sample_client:
+ * A sample Kerberos client, which connects to a server on a remote host,
+ * at port "sample" (be sure to define it in /etc/services)
+ * and authenticates itself to the server. The server then writes back
+ * (in ASCII) the authenticated name.
+ *
+ * Usage:
+ * sample_client <hostname> <checksum>
+ *
+ * <hostname> is the name of the foreign host to contact.
+ *
+ * <checksum> is an integer checksum to be used for the call to krb_mk_req()
+ *	and mutual authentication
+ *
+ */
+
+#include "sample.h"
+
+RCSID("$Id: sample_client.c,v 1.19 1999/05/08 02:23:43 assar Exp $");
+
+static void
+usage (void)
+{
+  fprintf (stderr, "Usage: %s [-s service] [-p port] hostname checksum\n",
+	   __progname);
+  exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    struct hostent *hp;
+    struct sockaddr_in sin, lsin;
+    char *remote_host;
+    int status;
+    int namelen;
+    int sock = -1;
+    KTEXT_ST ticket;
+    char buf[512];
+    long authopts;
+    MSG_DAT msg_data;
+    CREDENTIALS cred;
+    des_key_schedule sched;
+    u_int32_t cksum;
+    int c;
+    char service[SNAME_SZ];
+    u_int16_t port;
+    struct servent *serv;
+    char **h_addr_list;
+
+    set_progname (argv[0]);
+    strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
+    port = 0;
+
+    while ((c = getopt(argc, argv, "s:p:")) != EOF)
+	switch(c) {
+	case 's' :
+	    strcpy_truncate (service, optarg, sizeof(service));
+	    break;
+	case 'p' :
+	    serv = getservbyname (optarg, "tcp");
+	    if (serv)
+		port = serv->s_port;
+	    else
+		port = htons(atoi(optarg));
+	    break;
+	case '?' :
+	default :
+	    usage();
+	}
+
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 2)
+	usage ();
+    
+    /* convert cksum to internal rep */
+    cksum = atoi(argv[1]);
+
+    printf("Setting checksum to %ld\n", (long)cksum);
+
+    /* clear out the structure first */
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    if (port)
+	sin.sin_port = port;
+    else
+	sin.sin_port = k_getportbyname (service, "tcp", htons(SAMPLE_PORT));
+
+    /* look up the server host */
+    hp = gethostbyname(argv[0]);
+    if (hp == NULL)
+	errx (1, "gethostbyname(%s): %s", argv[0],
+	      hstrerror(h_errno));
+
+    /* copy the hostname into non-volatile storage */
+    remote_host = strdup(hp->h_name);
+    if (remote_host == NULL)
+	errx (1, "strdup: out of memory");
+
+    /* set up the address of the foreign socket for connect() */
+    sin.sin_family = hp->h_addrtype;
+
+    for (h_addr_list = hp->h_addr_list;
+	 *h_addr_list;
+	 ++h_addr_list) {
+	memcpy(&sin.sin_addr, *h_addr_list, sizeof(sin.sin_addr));
+	fprintf (stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr));
+
+	/* open a TCP socket */
+	sock = socket(PF_INET, SOCK_STREAM, 0);
+	if (sock < 0)
+	    err (1, "socket");
+
+	/* connect to the server */
+	if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
+	    break;
+	close (sock);
+    }
+
+    if (*h_addr_list == NULL)
+	err (1, "connect");
+
+    /* find out who I am, now that we are connected and therefore bound */
+    namelen = sizeof(lsin);
+    if (getsockname(sock, (struct sockaddr *) &lsin, &namelen) < 0) {
+	close (sock);
+	err (1, "getsockname");
+    }
+
+    /* call Kerberos library routine to obtain an authenticator,
+       pass it over the socket to the server, and obtain mutual
+       authentication. */
+
+    authopts = KOPT_DO_MUTUAL;
+    status = krb_sendauth(authopts, sock, &ticket,
+			  service, remote_host,
+			  NULL, cksum, &msg_data, &cred,
+			  sched, &lsin, &sin, SAMPLE_VERSION);
+    if (status != KSUCCESS)
+	errx (1, "cannot authenticate to server: %s",
+	      krb_get_err_text(status));
+
+    /* After we send the authenticator to the server, it will write
+       back the name we authenticated to. Read what it has to say. */
+    status = read(sock, buf, sizeof(buf));
+    if (status < 0)
+	errx(1, "read");
+
+    /* make sure it's null terminated before printing */
+    if (status < sizeof(buf))
+	buf[status] = '\0';
+    else
+	buf[sizeof(buf) - 1] = '\0';
+
+    printf("The server says:\n%s\n", buf);
+
+    close(sock);
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/sample/sample_server.c b/crypto/kerberosIV/appl/sample/sample_server.c
new file mode 100644
index 0000000..a1a92d1
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/sample_server.c
@@ -0,0 +1,153 @@
+/*
+ *
+ * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information,
+ * please see the file <mit-copyright.h>.
+ *
+ * sample_server:
+ * A sample Kerberos server, which reads a ticket from a TCP socket,
+ * decodes it, and writes back the results (in ASCII) to the client.
+ *
+ * Usage:
+ * sample_server
+ *
+ * file descriptor 0 (zero) should be a socket connected to the requesting
+ * client (this will be correct if this server is started by inetd).
+ */
+
+#include "sample.h"
+
+RCSID("$Id: sample_server.c,v 1.12 1999/03/10 18:33:53 joda Exp $");
+
+static void
+usage (void)
+{
+    fprintf (stderr, "Usage: %s [-i] [-s service] [-t srvtab]\n",
+	     __progname);
+    exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    struct sockaddr_in peername, myname;
+    int namelen = sizeof(peername);
+    int status, count, len;
+    long authopts;
+    AUTH_DAT auth_data;
+    KTEXT_ST clt_ticket;
+    des_key_schedule sched;
+    char instance[INST_SZ];
+    char service[ANAME_SZ];
+    char version[KRB_SENDAUTH_VLEN+1];
+    char retbuf[512];
+    char lname[ANAME_SZ];
+    char srvtab[MaxPathLen];
+    int c;
+    int no_inetd = 0;
+
+    /* open a log connection */
+
+    set_progname (argv[0]);
+
+    roken_openlog(__progname, LOG_ODELAY, LOG_DAEMON);
+
+    strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
+    *srvtab = '\0';
+
+    while ((c = getopt (argc, argv, "s:t:i")) != EOF)
+	switch (c) {
+	case 's' :
+	    strcpy_truncate (service, optarg, sizeof(service));
+	    break;
+	case 't' :
+	    strcpy_truncate (srvtab, optarg, sizeof(srvtab));
+	    break;
+	case 'i':
+	    no_inetd = 1;
+	    break;
+	case '?' :
+	default :
+	    usage ();
+	}
+
+    if (no_inetd)
+	mini_inetd (htons(SAMPLE_PORT));
+
+    /*
+     * To verify authenticity, we need to know the address of the
+     * client.
+     */
+    if (getpeername(STDIN_FILENO,
+		    (struct sockaddr *)&peername,
+		    &namelen) < 0) {
+	syslog(LOG_ERR, "getpeername: %m");
+	return 1;
+    }
+
+    /* for mutual authentication, we need to know our address */
+    namelen = sizeof(myname);
+    if (getsockname(STDIN_FILENO, (struct sockaddr *)&myname, &namelen) < 0) {
+	syslog(LOG_ERR, "getsocknamename: %m");
+	return 1;
+    }
+
+    /* read the authenticator and decode it.  Using `k_getsockinst' we
+     * always get the right instance on a multi-homed host.
+     */
+    k_getsockinst (STDIN_FILENO, instance, sizeof(instance));
+
+    /* we want mutual authentication */
+    authopts = KOPT_DO_MUTUAL;
+    status = krb_recvauth(authopts, STDIN_FILENO, &clt_ticket,
+			  service, instance, &peername, &myname,
+			  &auth_data, srvtab,
+			  sched, version);
+    if (status != KSUCCESS) {
+	snprintf(retbuf, sizeof(retbuf),
+		 "Kerberos error: %s\n",
+		 krb_get_err_text(status));
+	syslog(LOG_ERR, retbuf);
+    } else {
+	/* Check the version string (KRB_SENDAUTH_VLEN chars) */
+	if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {
+	    /* didn't match the expected version */
+	    /* could do something different, but we just log an error
+	       and continue */
+	    version[8] = '\0';		/* make sure null term */
+	    syslog(LOG_ERR, "Version mismatch: '%s' isn't '%s'",
+		   version, SAMPLE_VERSION);
+	}
+	/* now that we have decoded the authenticator, translate
+	   the kerberos principal.instance@realm into a local name */
+	if (krb_kntoln(&auth_data, lname) != KSUCCESS)
+	    strcpy_truncate(lname,
+			    "*No local name returned by krb_kntoln*",
+			    sizeof(lname));
+	/* compose the reply */
+	snprintf(retbuf, sizeof(retbuf),
+		"You are %s.%s@%s (local name %s),\n at address %s, version %s, cksum %ld\n",
+		auth_data.pname,
+		auth_data.pinst,
+		auth_data.prealm,
+		lname,
+		inet_ntoa(peername.sin_addr),
+		version,
+		(long)auth_data.checksum);
+    }
+
+    /* write back the response */
+    if ((count = write(0, retbuf, (len = strlen(retbuf) + 1))) < 0) {
+	syslog(LOG_ERR,"write: %m");
+	return 1;
+    } else if (count != len) {
+	syslog(LOG_ERR, "write count incorrect: %d != %d\n",
+		count, len);
+	return 1;
+    }
+
+    /* close up and exit */
+    close(0);
+    return 0;
+}
diff --git a/crypto/kerberosIV/appl/sample/simple.h b/crypto/kerberosIV/appl/sample/simple.h
new file mode 100644
index 0000000..17315b3
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple.h
@@ -0,0 +1,14 @@
+/*
+ * $Id: simple.h,v 1.3 1996/09/27 15:54:23 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Common definitions for the simple UDP-based Kerberos-mediated
+ * server & client applications.
+ */
+
+#define SERVICE	"sample"
+#define	HOST	"bach"
diff --git a/crypto/kerberosIV/appl/sample/simple_client.c b/crypto/kerberosIV/appl/sample/simple_client.c
new file mode 100644
index 0000000..8769725
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple_client.c
@@ -0,0 +1,202 @@
+/*
+ *
+ * Copyright 1989 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Simple UDP-based sample client program.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include "sample.h"
+RCSID("$Id: simple_client.c,v 1.13 1998/06/09 19:24:39 joda Exp $");
+
+#define MSG "hi, Jennifer!"		/* message text */
+
+static int
+talkto(char *hostname, char *service, int port)
+{
+  int flags = 0;			/* flags for sendto() */
+  long len;
+  u_long cksum = 0L;		/* cksum not used */
+  char c_realm[REALM_SZ];		/* local Kerberos realm */
+  char *s_realm;			/* server's Kerberos realm */
+
+  KTEXT_ST k;			/* Kerberos data */
+  KTEXT ktxt = &k;
+
+  int sock, i;
+  struct hostent *host;
+  struct sockaddr_in s_sock;	/* server address */
+  char myhostname[MaxHostNameLen]; /* local hostname */
+
+  /* for krb_mk_safe/priv */
+  struct sockaddr_in c_sock;	/* client address */
+  CREDENTIALS c;			/* ticket & session key */
+  CREDENTIALS *cred = &c;
+
+  /* for krb_mk_priv */
+  des_key_schedule sched;		/* session key schedule */
+
+  /* Look up server host */
+  if ((host = gethostbyname(hostname)) == NULL) {
+    fprintf(stderr, "%s: unknown host \n", hostname);
+    return 1;
+  }
+
+  /* Set server's address */
+  memset(&s_sock, 0, sizeof(s_sock));
+  memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
+  s_sock.sin_family = AF_INET;
+  if (port)
+    s_sock.sin_port = port;
+  else
+    s_sock.sin_port = k_getportbyname (service, "tcp", htons(SAMPLE_PORT));
+
+  if (gethostname(myhostname, sizeof(myhostname)) < 0) {
+    warn("gethostname");
+    return 1;
+  }
+
+  if ((host = gethostbyname(myhostname)) == NULL) {
+    fprintf(stderr, "%s: unknown host\n", myhostname);
+    return 1;
+  }
+
+  /* Open a socket */
+  if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+    warn("socket SOCK_DGRAM");
+    return 1;
+  }
+
+  memset(&c_sock, 0, sizeof(c_sock));
+  memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
+  c_sock.sin_family = AF_INET;
+
+  /* Bind it to set the address; kernel will fill in port # */
+  if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
+    warn("bind");
+    return 1;
+  }
+	
+  /* Get local realm, not needed, just an example */
+  if ((i = krb_get_lrealm(c_realm, 1)) != KSUCCESS) {
+    fprintf(stderr, "can't find local Kerberos realm\n");
+    return 1;
+  }
+  printf("Local Kerberos realm is %s\n", c_realm);
+
+  /* Get Kerberos realm of host */
+  s_realm = krb_realmofhost(hostname);
+
+  /* PREPARE KRB_MK_REQ MESSAGE */
+
+  /* Get credentials for server, create krb_mk_req message */
+  if ((i = krb_mk_req(ktxt, service, hostname, s_realm, cksum))
+      != KSUCCESS) {
+    fprintf(stderr, "%s\n", krb_get_err_text(i));
+    return 1;
+  }
+  printf("Got credentials for %s.\n", service);
+
+  /* Send authentication info to server */
+  i = sendto(sock, (char *)ktxt->dat, ktxt->length, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending datagram message");
+  printf("Sent authentication data: %d bytes\n", i);
+
+  /* PREPARE KRB_MK_SAFE MESSAGE */
+
+  /* Get my address */
+  memset(&c_sock, 0, sizeof(c_sock));
+  i = sizeof(c_sock);
+  if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) {
+    warn("getsockname");
+    return 1;
+  }
+
+  /* Get session key */
+  i = krb_get_cred(service, hostname, s_realm, cred);
+  if (i != KSUCCESS)
+    return 1;
+
+  /* Make the safe message */
+  len = krb_mk_safe(MSG, ktxt->dat, strlen(MSG)+1,
+		    &cred->session, &c_sock, &s_sock);
+
+  /* Send it */
+  i = sendto(sock, (char *)ktxt->dat, (int) len, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending safe message");
+  printf("Sent checksummed message: %d bytes\n", i);
+
+  /* PREPARE KRB_MK_PRIV MESSAGE */
+
+#ifdef NOENCRYPTION
+  memset(sched, 0, sizeof(sched));
+#else
+  /* Get key schedule for session key */
+  des_key_sched(&cred->session, sched);
+#endif
+
+  /* Make the encrypted message */
+  len = krb_mk_priv(MSG, ktxt->dat, strlen(MSG)+1,
+		    sched, &cred->session, &c_sock, &s_sock);
+
+  /* Send it */
+  i = sendto(sock, (char *)ktxt->dat, (int) len, flags,
+	     (struct sockaddr *)&s_sock, sizeof(s_sock));
+  if (i < 0)
+    warn("sending encrypted message");
+  printf("Sent encrypted message: %d bytes\n", i);
+  return 0;
+}
+
+static void
+usage (void)
+{
+  fprintf (stderr, "Usage: %s [-s service] [-p port] hostname\n",
+	   __progname);
+  exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+  int ret = 0;
+  int port = 0;
+  char service[SNAME_SZ];
+  struct servent *serv;
+  int c;
+
+  set_progname (argv[0]);
+
+  strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
+
+  while ((c = getopt(argc, argv, "s:p:")) != EOF)
+    switch(c) {
+    case 's' :
+      strcpy_truncate (service, optarg, sizeof(service));
+      break;
+    case 'p' :
+      serv = getservbyname (optarg, "tcp");
+      if (serv)
+	port = serv->s_port;
+      else
+	port = htons(atoi(optarg));
+      break;
+    case '?' :
+    default :
+      usage();
+    }
+
+  argc -= optind;
+  argv += optind;
+
+  while (argc-- > 0)
+    ret &= talkto (*argv++, service, port);
+  return ret;
+}
diff --git a/crypto/kerberosIV/appl/sample/simple_server.c b/crypto/kerberosIV/appl/sample/simple_server.c
new file mode 100644
index 0000000..2b950c7
--- /dev/null
+++ b/crypto/kerberosIV/appl/sample/simple_server.c
@@ -0,0 +1,140 @@
+/*
+ *
+ * Copyright 1989 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
+ * Simple UDP-based server application.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include "sample.h"
+
+RCSID("$Id: simple_server.c,v 1.9 1998/06/09 19:24:39 joda Exp $");
+
+static void
+usage (void)
+{
+    fprintf (stderr, "Usage: %s [-p port] [-s service] [-t srvtab]\n",
+	     __progname);
+    exit (1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char service[SNAME_SZ];
+    char instance[INST_SZ];
+    int port;
+    char srvtab[MaxPathLen];
+    struct sockaddr_in addr, otheraddr;
+    int c;
+    int sock;
+    int i;
+    int len;
+    KTEXT_ST k;
+    KTEXT ktxt = &k;
+    AUTH_DAT ad;
+    MSG_DAT msg_data;
+    des_key_schedule sched;
+
+    set_progname (argv[0]);
+    strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
+    strcpy_truncate (instance, "*", sizeof(instance));
+    *srvtab = '\0';
+    port = 0;
+
+    while ((c = getopt (argc, argv, "p:s:t:")) != EOF)
+	switch (c) {
+	case 'p' : {
+	    struct servent *sp;
+
+	    sp = getservbyname (optarg, "udp");
+	    if (sp)
+		port = sp->s_port;
+	    else
+		port = htons(atoi(optarg));
+	    break;
+	}
+	case 's' :
+	    strcpy_truncate (service, optarg, sizeof(service));
+	    break;
+	case 't' :
+	    strcpy_truncate (srvtab, optarg, sizeof(srvtab));
+	    break;
+	case '?' :
+	default :
+	    usage ();
+	}
+
+    if(port == 0)
+	port = k_getportbyname (SAMPLE_SERVICE, "udp", htons(SAMPLE_PORT));
+
+    memset (&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_port = port;
+
+    sock = socket (AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0)
+	err (1, "socket");
+
+    if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+	err (1, "bind");
+
+    /* GET KRB_MK_REQ MESSAGE */
+
+    i = read(sock, ktxt->dat, MAX_KTXT_LEN);
+    if (i < 0)
+	err (1, "read");
+
+    printf("Received %d bytes\n", i);
+    ktxt->length = i;
+
+    /* Check authentication info */
+    i = krb_rd_req(ktxt, service, instance, 0, &ad, "");
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_req: %s", krb_get_err_text(i));
+    printf("Got authentication info from %s%s%s@%s\n", ad.pname,
+	   *ad.pinst ? "." : "", ad.pinst, ad.prealm);
+	
+    /* GET KRB_MK_SAFE MESSAGE */
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(otheraddr);
+    i = recvfrom(sock, ktxt->dat, MAX_KTXT_LEN, 0,
+		 (struct sockaddr *)&otheraddr, &len);
+    if (i < 0)
+	err (1, "recvfrom");
+    printf("Received %d bytes\n", i);
+
+    /* Verify the checksummed message */
+    i = krb_rd_safe(ktxt->dat, i, &ad.session, &otheraddr,
+		    &addr, &msg_data);
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_safe: %s", krb_get_err_text(i));
+    printf("Safe message is: %s\n", msg_data.app_data);
+	
+    /* NOW GET ENCRYPTED MESSAGE */
+
+#ifdef NOENCRYPTION
+    memset(sched, 0, sizeof(sched));
+#else
+    /* need key schedule for session key */
+    des_key_sched(&ad.session, sched);
+#endif
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(otheraddr);
+    i = recvfrom(sock, ktxt->dat, MAX_KTXT_LEN, 0,
+		 (struct sockaddr *)&otheraddr, &len);
+    if (i < 0)
+	err (1, "recvfrom");
+    printf("Received %d bytes\n", i);
+    i = krb_rd_priv(ktxt->dat, i, sched, &ad.session, &otheraddr,
+		    &addr, &msg_data);
+    if (i != KSUCCESS)
+	errx (1, "krb_rd_priv: %s", krb_get_err_text(i));
+    printf("Decrypted message is: %s\n", msg_data.app_data);
+    return(0);
+}
diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog
new file mode 100644
index 0000000..5681679
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/ChangeLog
@@ -0,0 +1,232 @@
+1999-07-07  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): extra bogus const-cast
+
+1999-07-06  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/sys_term.c (start_login): print a different warning with
+ 	`-a otp'
+
+1999-06-24  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): set the addresses in the
+ 	auth_context
+
+1999-06-23  Assar Westerlund  <assar@sics.se>
+
+	* telnet/Makefile.am (INCLUDES): add $(INCLUDE_krb4)
+
+	* telnet/commands.c (togkrbdebug): conditionalize on
+ 	krb_disable_debug
+
+1999-06-16  Johan Danielsson  <joda@pdc.kth.se>
+
+	* telnet/commands.c: add kerberos debugging option
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): use get_default_username
+
+1999-05-14  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/state.c (telrcv): magic patch to make it work against
+ 	DOS Clarkson Telnet.  From Miroslav Ruda <ruda@ics.muni.cz>
+
+1999-04-25  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): use
+	`krb5_auth_setkeytype' instead of `krb5_auth_setenctype' to make
+	sure we get a DES session key.
+
+Thu Apr  1 16:59:27 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.am: don't run check-local
+
+	* telnet/Makefile.am: don't run check-local
+
+Mon Mar 29 16:11:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c: _CRAY -> HAVE_STRUCT_UTMP_UT_ID
+
+Sat Mar 20 00:12:54 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnet/authenc.c (telnet_gets): remove old extern declarations
+
+Thu Mar 18 11:20:16 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.am: include Makefile.am.common
+
+	* telnet/Makefile.am: include Makefile.am.common
+
+	* libtelnet/Makefile.am: include Makefile.am.common
+
+	* Makefile.am: include Makefile.am.common
+
+Mon Mar 15 17:40:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/telnetd.c: replace perror/exit with fatalperror
+
+Sat Mar 13 22:18:57 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c (main): 0 -> STDIN_FILENO.  remove abs
+
+	* libtelnet/kerberos.c (kerberos4_is): syslog root logins
+
+Thu Mar 11 14:48:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/Makefile.in: add WFLAGS
+
+	* telnet/Makefile.in: add WFLAGS
+
+	* libtelnet/Makefile.in: add WFLAGS
+
+	* telnetd/sys_term.c: remove unused variables
+
+	* telnet/telnet.c: fix some warnings
+
+	* telnet/main.c: fix some warnings
+
+	* telnet/commands.c: fix types in format string
+
+	* libtelnet/auth.c: fix types in format string
+
+Mon Mar  1 10:50:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb  1 04:08:36 1999  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): only call gethostbyname2 with AF_INET6
+ 	if we actually have IPv6.  From "Brandon S. Allbery KF8NH"
+ 	<allbery@kf8nh.apk.net>
+
+Sat Nov 21 16:51:00 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
+
+Fri Aug 14 16:29:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
+
+Thu Jul 23 20:29:05 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
+
+Mon Jul 13 22:00:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): don't advance hostent->h_addr_list, use
+ 	a copy instead
+
+Wed May 27 04:19:17 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/sys_bsd.c (process_rings): correct call to `stilloob'
+
+Fri May 15 19:38:19 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* libtelnet/kerberos5.c: Always print errors from mk_req.
+
+Fri May  1 07:16:59 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c: unifdef -DHAVE_H_ERRNO
+
+Sat Apr  4 15:00:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): moved the printing of `trying...' to the
+ 	loop
+
+Thu Mar 12 02:33:48 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/telnet_locl.h: include <term.h>. From Gregory S. Stark
+ 	<gsstark@mit.edu>
+
+Sat Feb 21 15:12:38 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/ext.h: add prototype for login_tty
+
+	* telnet/utilities.c (printsub): `direction' is now an int.
+
+	* libtelnet/misc-proto.h: add prototype for `printsub'
+
+Tue Feb 17 02:45:01 1998  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos.c (kerberos4_is): cred.pname should be
+ 	cred.pinst.  From <art@stacken.kth.se>
+
+Sun Feb 15 02:46:39 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnet/*/*.c: renamed `telnet' to `my_telnet' to avoid
+ 	conflicts with system header files on mklinux.
+
+Tue Feb 10 02:09:03 1998  Assar Westerlund  <assar@sics.se>
+
+	* telnetd/telnetd.c: new signature for `getterminaltype' and
+ 	`auth_wait'
+
+	* libtelnet: changed the signature of the authentication method
+ 	`status'
+
+Sat Feb  7 07:21:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* */*.c: replace HAS_GETTOS by HAVE_PARSETOS and HAVE_GETTOSBYNAME
+
+Fri Dec 26 16:17:10 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/commands.c (tn): repair support for numeric addresses
+
+Sun Dec 21 09:40:31 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos.c: fix up lots of stuff related to the
+ 	forwarding of v4 tickets.
+
+	* libtelnet/kerberos5.c (kerberos5_forward): zero out `creds'.
+
+Mon Dec 15 20:53:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnet/sys_bsd.c: Don't turn off OPOST in 8bit-mode.
+
+Tue Dec  9 19:26:50 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/main.c (main): add 'b' to getopt
+
+Sat Nov 29 03:28:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnet/telnet.c: Change binary mode to do just that, and add a
+ 	eight-bit mode for just passing all characters.
+
+Sun Nov 16 04:37:02 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c (kerberos5_send): always ask for a session
+ 	key of type DES
+
+	* libtelnet/kerberos5.c: remove old garbage and fix call to
+ 	krb5_auth_con_setaddrs_from_fd
+
+Fri Nov 14 20:35:18 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* telnetd/telnetd.c: Output contents of /etc/issue.
+
+Mon Nov  3 07:09:16 1997  Assar Westerlund  <assar@sics.se>
+
+	* telnet/telnet_locl.h: only include <sys/termio.h> iff
+ 	!defined(HAVE_TERMIOS_H)
+
+	* libtelnet/kerberos.c (kerberos4_is): send the peer address to
+ 	krb_rd_req
+
+	* telnetd/telnetd.c (terminaltypeok): always return OK.  It used
+ 	to call `tgetent' to figure if it was a defined terminal type.
+  	It's possible to overflow tgetent so that's a bad idea.  The worst
+ 	that could happen by saying yes to all terminals is that the user
+ 	ends up with a terminal that has no definition on the local
+ 	system.  And besides, most telnet client has no support for
+ 	falling back to a different terminal type.
+
+Mon Oct 20 05:47:19 1997  Assar Westerlund  <assar@sics.se>
+
+	* libtelnet/kerberos5.c: remove lots of old junk.  clean-up.
+  	better error checking and reporting.  tell the user permission
+ 	denied much earlier.
+
+	* libtelnet/kerberos.c (kerberos4_is): only print
+ 	UserNameRequested if != NULL
+
diff --git a/crypto/kerberosIV/appl/telnet/Makefile.am b/crypto/kerberosIV/appl/telnet/Makefile.am
new file mode 100644
index 0000000..eec013b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/Makefile.am
@@ -0,0 +1,11 @@
+# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = libtelnet telnet telnetd
+
+dist-hook:
+	$(mkinstalldirs) $(distdir)/arpa
+	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
+
+EXTRA_DIST = README.ORIG telnet.state
diff --git a/crypto/kerberosIV/appl/telnet/Makefile.in b/crypto/kerberosIV/appl/telnet/Makefile.in
new file mode 100644
index 0000000..840e757
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/Makefile.in
@@ -0,0 +1,42 @@
+# $Id: Makefile.in,v 1.20 1998/05/31 18:04:50 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+CC = @CC@
+LINK = @LINK@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+
+INSTALL = @INSTALL@
+
+SUBDIRS=libtelnet telnet telnetd
+
+all:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+install:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+clean cleandir:
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+distclean: 
+	for i in $(SUBDIRS); \
+	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/README.ORIG b/crypto/kerberosIV/appl/telnet/README.ORIG
new file mode 100644
index 0000000..37b588f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/README.ORIG
@@ -0,0 +1,743 @@
+
+This is a distribution of both client and server telnet.  These programs
+have been compiled on:
+			telnet	telnetd
+	4.4 BSD-Lite	  x	  x
+	4.3 BSD Reno	  X	  X
+	UNICOS 9.1	  X	  X
+	UNICOS 9.0	  X	  X
+	UNICOS 8.0	  X	  X
+	BSDI 2.0	  X	  X
+	Solaris 2.4       x       x (no linemode in server)
+	SunOs 4.1.4	  X	  X (no linemode in server)
+	Ultrix 4.3	  X	  X (no linemode in server)
+	Ultrix 4.1	  X	  X (no linemode in server)
+
+In addition, previous versions have been compiled on the following
+machines, but were not available for testing this version.
+			telnet	telnetd
+	Next1.0		  X	  X
+	UNICOS 8.3	  X	  X
+	UNICOS 7.C	  X	  X
+	UNICOS 7.0	  X	  X
+	SunOs 4.0.3c	  X	  X (no linemode in server)
+	4.3 BSD		  X  	  X (no linemode in server)
+	DYNIX V3.0.12	  X	  X (no linemode in server)
+	Ultrix 3.1	  X	  X (no linemode in server)
+	Ultrix 4.0	  X	  X (no linemode in server)
+	SunOs 3.5	  X	  X (no linemode in server)
+	SunOs 4.1.3	  X	  X (no linemode in server)
+	Solaris 2.2       x       x (no linemode in server)
+	Solaris 2.3       x       x (no linemode in server)
+	BSDI 1.0	  X	  X
+	BSDI 1.1	  X	  X
+	DYNIX V3.0.17.9	  X	  X (no linemode in server)
+	HP-UX 8.0	  x       x (no linemode in server)
+
+This code should work, but there are no guarantees.
+
+May 30, 1995
+
+This release represents what is on the 4.4BSD-Lite2 release, which
+should be the final BSD release.  I will continue to support of
+telnet, The code (without encryption) is available via anonymous ftp
+from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
+YY.MM.DD is replaced with the year, month and day of the release.
+If you can't find it at one of these places, at some point in the
+near future information about the latest releases should be available
+from ftp.borman.com.
+
+In addition, the version with the encryption code is available via
+ftp from net-dist.mit.edu, in the directory /pub/telnet.  There
+is a README file there that gives further information on how
+to get the distribution.
+
+Questions, comments, bug reports and bug fixes can be sent to
+one of these addresses:
+		dab@borman.com
+		dab@cray.com
+		dab@bsdi.com
+
+This release is mainly bug fixes and code cleanup.
+
+	Replace all calls to bcopy()/bzero() with calls to
+	memmove()/memset() and all calls to index()/rindex()
+	with calls to strchr()/strrchr().
+
+	Add some missing diagnostics for option tracing
+	to telnetd.
+
+	Add support for BSDI 2.0 and Solaris 2.4.
+
+	Add support for UNICOS 8.0
+
+	Get rid of expanded tabs and trailing white spaces.
+
+	From Paul Vixie:
+		Fix for telnet going into an endless spin
+		when the session dies abnormally.
+
+	From Jef Poskanzer:
+		Changes to allow telnet to compile
+		under SunOS 3.5.
+
+	From Philip Guenther:
+		makeutx() doesn't expand utmpx,
+		use pututxline() instead.
+
+	From Chris Torek:
+		Add a sleep(1) before execing login
+		to avoid race condition that can eat
+		up the login prompt.
+		Use terminal speed directly if it is
+		not an encoded value.
+
+	From Steve Parker:
+		Fix to realloc() call.  Fix for execing
+		login on solaris with no user name.
+
+January 19, 1994
+
+This is a list of some of the changes since the last tar release
+of telnet/telnetd.  There are probably other changes that aren't
+listed here, but this should hit a lot of the main ones.
+
+   General:
+	Changed #define for AUTHENTICATE to AUTHENTICATION
+	Changed #define for ENCRYPT to ENCRYPTION
+	Changed #define for DES_ENCRYPT to DES_ENCRYPTION
+
+	Added support for SPX authentication: -DSPX
+
+	Added support for Kerberos Version 5 authentication: -DKRB5
+
+	Added support for ANSI C function prototypes
+
+	Added support for the NEW-ENVIRON option (RFC-1572)
+	including support for USERVAR.
+
+	Made support for the old Environment Option (RFC-1408)
+	conditional on -DOLD_ENVIRON
+
+	Added #define ENV_HACK - support for RFC 1571
+
+	The encryption code is removed from the public distributions.
+	Domestic 4.4 BSD distributions contain the encryption code.
+
+	ENV_HACK: Code to deal with systems that only implement
+		the old ENVIRON option, and have reversed definitions
+		of ENV_VAR and ENV_VAL.  Also fixes ENV processing in
+		client to handle things besides just the default set...
+
+	NO_BSD_SETJMP: UNICOS configuration for
+		UNICOS 6.1/6.0/5.1/5.0 systems.
+
+	STREAMSPTY: Use /dev/ptmx to get a clean pty.  This
+		is for SVr4 derivatives (Like Solaris)
+
+	UTMPX: For systems that have /etc/utmpx. This is for
+		SVr4 derivatives (Like Solaris)
+
+	Definitions for BSDI 1.0
+
+	Definitions for 4.3 Reno and 4.4 BSD.
+
+	Definitions for UNICOS 8.0 and UNICOS 7.C
+
+	Definitions for Solaris 2.0
+
+	Definitions for HP-UX 8.0
+
+	Latest Copyright notices from Berkeley.
+
+	FLOW-CONTROL: support for RFC-XXXx
+
+
+   Client Specific:
+
+	Fix the "send" command to not send garbage...
+
+	Fix status message for "skiprc"
+
+	Make sure to send NAWS after telnet has been suspended
+	or an external command has been run, if the window size
+	has changed.
+
+	sysV88 support.
+
+   Server Specific:
+
+	Support flowcontrol option in non-linemode servers.
+
+	-k Server supports Kludge Linemode, but will default to
+	   either single character mode or real Linemode support.
+	   The user will have to explicitly ask to switch into
+	   kludge linemode. ("stty extproc", or escape back to
+	   to telnet and say "mode line".)
+
+	-u Specify the length of the hostname field in the utmp
+	   file.  Hostname longer than this length will be put
+	   into the utmp file in dotted decimal notation, rather
+	   than putting in a truncated hostname.
+	
+	-U Registered hosts only.  If a reverse hostname lookup
+	   fails, the connection will be refused.
+
+	-f/-F
+	   Allows forwarding of credentials for KRB5.
+
+Februrary 22, 1991:
+
+    Features:
+
+	This version of telnet/telnetd has support for both
+	the AUTHENTICATION and ENCRYPTION options.  The
+	AUTHENTICATION option is fairly well defined, and
+	an option number has been assigned to it.  The
+	ENCRYPTION option is still in a state of flux; an
+	option number has been assigned to, but it is still
+	subject to change.  The code is provided in this release
+	for experimental and testing purposes.
+
+	The telnet "send" command can now be used to send
+	do/dont/will/wont commands, with any telnet option
+	name.  The rules for when do/dont/will/wont are sent
+	are still followed, so just because the user requests
+	that one of these be sent doesn't mean that it will
+	be sent...
+
+	The telnet "getstatus" command no longer requires
+	that option printing be enabled to see the response
+	to the "DO STATUS" command.
+
+	A -n flag has been added to telnetd to disable
+	keepalives.
+
+	A new telnet command, "auth" has been added (if
+	AUTHENTICATE is defined).  It has four sub-commands,
+	"status", "disable", "enable" and "help".
+
+	A new telnet command, "encrypt" has been added (if
+	ENCRYPT is defined).  It has many sub-commands:
+	"enable", "type", "start", "stop", "input",
+	"-input", "output", "-output", "status", and "help".
+
+	The LOGOUT option is now supported by both telnet
+	and telnetd, a new command, "logout", was added
+	to support this.
+
+	Several new toggle options were added:
+	    "autoencrypt", "autodecrypt", "autologin", "authdebug",
+	    "encdebug", "skiprc", "verbose_encrypt"
+
+	An "rlogin" interface has been added.  If the program
+	is named "rlogin", or the "-r" flag is given, then
+	an rlogin type of interface will be used.
+		~.	Terminates the session
+		~<susp> Suspend the session
+		~^]	Escape to telnet command mode
+		~~	Pass through the ~.
+	    BUG: If you type the rlogin escape character
+		 in the middle of a line while in rlogin
+		 mode, you cannot erase it or any characters
+		 before it.  Hopefully this can be fixed
+		 in a future release...
+
+    General changes:
+
+	A "libtelnet.a" has now been created.  This libraray
+	contains code that is common to both telnet and
+	telnetd.  This is also where library routines that
+	are needed, but are not in the standard C library,
+	are placed.
+
+	The makefiles have been re-done.  All of the site
+	specific configuration information has now been put
+	into a single "Config.generic" file, in the top level
+	directory.  Changing this one file will take care of
+	all three subdirectories.  Also, to add a new/local
+	definition, a "Config.local" file may be created
+	at the top level; if that file exists, the subdirectories
+	will use that file instead of "Config.generic".
+
+	Many 1-2 line functions in commands.c have been
+	removed, and just inserted in-line, or replaced
+	with a macro.
+
+    Bug Fixes:
+
+	The non-termio code in both telnet and telnetd was
+	setting/clearing CTLECH in the sg_flags word.  This
+	was incorrect, and has been changed to set/clear the
+	LCTLECH bit in the local mode word.
+
+	The SRCRT #define has been removed.  If IP_OPTIONS
+	and IPPROTO_IP are defined on the system, then the
+	source route code is automatically enabled.
+
+	The NO_GETTYTAB #define has been removed; there
+	is a compatability routine that can be built into
+	libtelnet to achive the same results.
+
+	The server, telnetd, has been switched to use getopt()
+	for parsing the argument list.
+
+	The code for getting the input/output speeds via
+	cfgetispeed()/cfgetospeed() was still not quite
+	right in telnet.  Posix says if the ispeed is 0,
+	then it is really equal to the ospeed.
+
+	The suboption processing code in telnet now has
+	explicit checks to make sure that we received
+	the entire suboption (telnetd was already doing this).
+
+	The telnet code for processing the terminal type
+	could cause a core dump if an existing connection
+	was closed, and a new connection opened without
+	exiting telnet.
+
+	Telnetd was doing a TCSADRAIN when setting the new
+	terminal settings;  This is not good, because it means
+	that the tcsetattr() will hang waiting for output to
+	drain, and telnetd is the only one that will drain
+	the output...  The fix is to use TCSANOW which does
+	not wait.
+
+	Telnetd was improperly setting/clearing the ISTRIP
+	flag in the c_lflag field, it should be using the
+	c_iflag field. 
+
+	When the child process of telnetd was opening the
+	slave side of the pty, it was re-setting the EXTPROC
+	bit too early, and some of the other initialization
+	code was wiping it out.  This would cause telnetd
+	to go out of linemode and into single character mode.
+
+	One instance of leaving linemode in telnetd forgot
+	to send a WILL ECHO to the client, the net result
+	would be that the user would see double character
+	echo.
+
+	If the MODE was being changed several times very
+	quickly, telnetd could get out of sync with the
+	state changes and the returning acks; and wind up
+	being left in the wrong state.
+
+September 14, 1990:
+
+	Switch the client to use getopt() for parsing the
+	argument list.  The 4.3Reno getopt.c is included for
+	systems that don't have getopt().
+
+	Use the posix _POSIX_VDISABLE value for what value
+	to use when disabling special characters.  If this
+	is undefined, it defaults to 0x3ff.
+
+	For non-termio systems, TIOCSETP was being used to
+	change the state of the terminal.  This causes the
+	input queue to be flushed, which we don't want.  This
+	is now changed to TIOCSETN.
+
+	Take out the "#ifdef notdef" around the code in the
+	server that generates a "sync" when the pty oputput
+	is flushed.  The potential problem is that some older
+	telnet clients may go into an infinate loop when they
+	receive a "sync", if so, the server can be compiled
+	with "NO_URGENT" defined.
+
+	Fix the client where it was setting/clearing the OPOST
+	bit in the c_lflag field, not the c_oflag field.
+
+	Fix the client where it was setting/clearing the ISTRIP
+	bit in the c_lflag field, not the c_iflag field.  (On
+	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
+	The client also had its interpretation of WILL BINARY
+	and DO BINARY reversed.
+
+	Fix a bug in client that would cause a core dump when
+	attempting to remove the last environment variable.
+
+	In the client, there were a few places were switch()
+	was being passed a character, and if it was a negative
+	value, it could get sign extended, and not match
+	the 8 bit case statements.  The fix is to and the
+	switch value with 0xff.
+
+	Add a couple more printoption() calls in the client, I
+	don't think there are any more places were a telnet
+	command can be received and not printed out when
+	"options" is on.
+
+	A new flag has been added to the client, "-a".  Currently,
+	this just causes the USER name to be sent across, in
+	the future this may be used to signify that automatic
+	authentication is requested.
+
+	The USER variable is now only sent by the client if
+	the "-a" or "-l user" options are explicity used, or
+	if the user explicitly asks for the "USER" environment
+	variable to be exported.  In the server, if it receives
+	the "USER" environment variable, it won't print out the
+	banner message, so that only "Password:" will be printed.
+	This makes the symantics more like rlogin, and should be
+	more familiar to the user.  (People are not used to
+	getting a banner message, and then getting just a
+	"Password:" prompt.)
+
+	Re-vamp the code for starting up the child login
+	process.  The code was getting ugly, and it was
+	hard to tell what was really going on.  What we
+	do now is after the fork(), in the child:
+		1) make sure we have no controlling tty
+		2) open and initialize the tty
+		3) do a setsid()/setpgrp()
+		4) makes the tty our controlling tty.
+	On some systems, #2 makes the tty our controlling
+	tty, and #4 is a no-op.  The parent process does
+	a gets rid of any controlling tty after the child
+	is fork()ed.
+
+	Use the strdup() library routine in telnet, instead
+	of the local savestr() routine.  If you don't have
+	strdup(), you need to define NO_STRDUP.
+
+	Add support for ^T (SIGINFO/VSTATUS), found in the
+	4.3Reno distribution.  This maps to the AYT character.
+	You need a 4-line bugfix in the kernel to get this
+	to work properly:
+
+	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
+	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
+	> ***************
+	> *** 609,613 ****
+	> 			if ((tp->t_lflag&NOFLSH) == 0)
+	> 				ttyflush(tp, FREAD|FWRITE);
+	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
+	> 			return(0);
+	> 		}
+	> --- 609,616 ----
+	> 			if ((tp->t_lflag&NOFLSH) == 0)
+	> 				ttyflush(tp, FREAD|FWRITE);
+	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
+	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
+	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
+	> ! 				ttyinfo(tp);
+	> 			return(0);
+	> 		}
+
+	The client is now smarter when setting the telnet escape
+	character; it only sets it to one of VEOL and VEOL2 if
+	one of them is undefined, and the other one is not already
+	defined to the telnet escape character.
+
+	Handle TERMIOS systems that have seperate input and output
+	line speed settings imbedded in the flags.
+
+	Many other minor bug fixes.
+
+June 20, 1990:
+	Re-organize makefiles and source tree.  The telnet/Source
+	directory is now gone, and all the source that was in
+	telnet/Source is now just in the telnet directory.
+
+	Seperate makefile for each system are now gone.  There
+	are two makefiles, Makefile and Makefile.generic.
+	The "Makefile" has the definitions for the various
+	system, and "Makefile.generic" does all the work.
+	There is a variable called "WHAT" that is used to
+	specify what to make.  For example, in the telnet
+	directory, you might say:
+		make 4.4bsd WHAT=clean
+	to clean out the directory.
+
+	Add support for the ENVIRON and XDISPLOC options.
+	In order for the server to work, login has to have
+	the "-p" option to preserve environment variables.
+
+	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
+
+	Add the "-l user" option to command line and open command
+	(This is passed through the ENVIRON option).
+
+	Add the "-e" command line option, for setting the escape
+	character.
+
+	Add the "-D", diagnostic, option to the server.  This allows
+	the server to print out debug information, which is very
+	useful when trying to debug a telnet that doesn't have any
+	debugging ability.
+
+	Turn off the literal next character when not in LINEMODE.
+
+	Don't recognize ^Y locally, just pass it through.
+
+	Make minor modifications for Sun4.0 and Sun4.1
+
+	Add support for both FORW1 and FORW2 characters.  The
+	telnet escpape character is set to whichever of the
+	two is not being used.  If both are in use, the escape
+	character is not set, so when in linemode the user will
+	have to follow the escape character with a <CR> or <EOF)
+	to get it passed through.
+
+	Commands can now be put in single and double quotes, and
+	a backslash is now an escape character.  This is needed
+	for allowing arbitrary strings to be assigned to environment
+	variables.
+
+	Switch telnetd to use macros like telnet for keeping
+	track of the state of all the options.
+
+	Fix telnetd's processing of options so that we always do
+	the right processing of the LINEMODE option, regardless
+	of who initiates the request to turn it on.  Also, make
+	sure that if the other side went "WILL ECHO" in response
+	to our "DO ECHO", that we send a "DONT ECHO" to get the
+	option turned back off!
+
+	Fix the TERMIOS setting of the terminal speed to handle both
+	BSD's seperate fields, and the SYSV method of CBAUD bits.
+
+	Change how we deal with the other side refusing to enable
+	an option.  The sequence used to be: send DO option; receive
+	WONT option; send DONT option.  Now, the sequence is: send
+	DO option; receive WONT option.  Both should be valid
+	according to the spec, but there has been at least one
+	client implementation of telnet identified that can get
+	really confused by this.  (The exact sequence, from a trace
+	on the server side, is (numbers are number of responses that
+	we expect to get after that line...):
+
+		send WILL ECHO	1 (initial request)
+		send WONT ECHO	2 (server is changing state)
+		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
+		send WILL ECHO	2 (server changes state again)
+		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
+		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
+	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
+		send WILL ECHO	1 (ask again to enable option)
+		recv DO ECHO	0
+
+		recv DONT ECHO	0
+		send WONT ECHO	1
+		recv DONT ECHO	0
+		recv DO ECHO	1
+		send WILL ECHO	0
+		(and the last 5 lines loop forever)
+
+	The line with the "***" is last of the WILL/DONT/WONT sequence.
+	The change to the server to not generate that makes this same
+	example become:
+
+		send will ECHO	1
+		send wont ECHO	2
+		recv do ECHO	1
+		send will ECHO	2
+		recv dont ECHO	1
+		recv dont ECHO	0
+		recv do ECHO	1
+		send will ECHO	0
+
+	There is other option negotiation going on, and not sending
+	the third part changes some of the timings, but this specific
+	example no longer gets stuck in a loop.  The "telnet.state"
+	file has been modified to reflect this change to the algorithm.
+
+	A bunch of miscellaneous bug fixes and changes to make
+	lint happier.
+
+	This version of telnet also has some KERBEROS stuff in
+	it. This has not been tested, it uses an un-authorized
+	telnet option number, and uses an out-of-date version
+	of the (still being defined) AUTHENTICATION option.
+	There is no support for this code, do not enable it.
+
+
+March 1, 1990:
+CHANGES/BUGFIXES SINCE LAST RELEASE:
+	Some support for IP TOS has been added.  Requires that the
+	kernel support the IP_TOS socket option (currently this
+	is only in UNICOS 6.0).
+
+	Both telnet and telnetd now use the cc_t typedef.  typedefs are
+	included for systems that don't have it (in termios.h).
+
+	SLC_SUSP was not supported properly before.  It is now.
+
+	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
+	when not in linemode.  It now saves a copy of the VEOF character,
+	so that when ICANON is turned off and we can't trust it anymore
+	(because it is now the VMIN character) we use the saved value.
+
+	There were two missing "break" commands in the linemode
+	processing code in telnetd.
+
+	Telnetd wasn't setting the kernel window size information
+	properly.  It was using the rows for both rows and columns...
+
+Questions/comments go to
+		David Borman
+		Cray Research, Inc.
+		655F Lone Oak Drive
+		Eagan, MN 55123
+		dab@cray.com.
+
+README:	You are reading it.
+
+Config.generic:
+	This file contains all the OS specific definitions.  It
+	has pre-definitions for many common system types, and is
+	in standard makefile fromat.  See the comments at the top
+	of the file for more information.
+
+Config.local:
+	This is not part of the distribution, but if this file exists,
+	it is used instead of "Config.generic".  This allows site
+	specific configuration without having to modify the distributed
+	"Config.generic" file.
+
+kern.diff:
+	This file contains the diffs for the changes needed for the
+	kernel to support LINEMODE is the server.  These changes are
+	for a 4.3BSD system.  You may need to make some changes for
+	your particular system.
+
+	There is a new bit in the terminal state word, TS_EXTPROC.
+	When this bit is set, several aspects of the terminal driver
+	are disabled.  Input line editing, character echo, and
+	mapping of signals are all disabled.  This allows the telnetd
+	to turn of these functions when in linemode, but still keep
+	track of what state the user wants the terminal to be in.
+
+	New ioctl()s:
+
+		TIOCEXT		Turn on/off the TS_EXTPROC bit
+		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
+		TIOCSIG		Generate a signal to processes in the
+				current process group of the pty.
+
+	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
+	When packet mode is turned on in the pty, and the TS_EXTPROC
+	bit is set, then whenever the state of the pty is changed, the
+	next read on the master side of the pty will have the TIOCPKT_IOCTL
+	bit set, and the data will contain the following:
+		struct xx {
+			struct sgttyb a;
+			struct tchars b;
+			struct ltchars c;
+			int t_state;
+			int t_flags;
+		}
+	This allows the process on the server side of the pty to know
+	when the state of the terminal has changed, and what the new
+	state is.
+
+	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
+	expect that the structure returned in the TIOCPKT_IOCTL is
+	the termio/termios structure.
+
+stty.diff:
+	This file contains the changes needed for the stty(1) program
+	to report on the current status of the TS_EXTPROC bit.  It also
+	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
+	because it allows the user to say "stty -extproc", and the
+	LINEMODE option will be automatically disabled, and saying "stty
+	extproc" will re-enable the LINEMODE option.
+
+telnet.state:
+	Both the client and server have code in them to deal
+	with option negotiation loops.  The algorithm that is
+	used is described in this file.
+
+telnet:
+	This directory contains the client code.  No kernel changes are
+	needed to use this code.
+
+telnetd:
+	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
+	are defined, then the kernel modifications listed above are needed.
+
+libtelnet:
+	This directory contains code that is common to both the client
+	and the server.
+
+arpa:
+	This directory has a new <arpa/telnet.h>
+
+libtelnet/Makefile.4.4:
+telnet/Makefile.4.4:
+telnetd/Makefile.4.4:
+	These are the makefiles that can be used on a 4.3Reno
+	system when this software is installed in /usr/src/lib/libtelnet,
+	/usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
+
+
+The following TELNET options are supported:
+	
+	LINEMODE:
+		The LINEMODE option is supported as per RFC1116.  The
+		FORWARDMASK option is not currently supported.
+
+	BINARY: The client has the ability to turn on/off the BINARY
+		option in each direction.  Turning on BINARY from
+		server to client causes the LITOUT bit to get set in
+		the terminal driver on both ends,  turning on BINARY
+		from the client to the server causes the PASS8 bit
+		to get set in the terminal driver on both ends.
+
+	TERMINAL-TYPE:
+		This is supported as per RFC1091.  On the server side,
+		when a terminal type is received, termcap/terminfo
+		is consulted to determine if it is a known terminal
+		type.  It keeps requesting terminal types until it
+		gets one that it recongnizes, or hits the end of the
+		list.  The server side looks up the entry in the
+		termcap/terminfo data base, and generates a list of
+		names which it then passes one at a time to each
+		request for a terminal type, duplicating the last
+		entry in the list before cycling back to the beginning.
+
+	NAWS:	The Negotiate about Window Size, as per RFC 1073.
+
+	TERMINAL-SPEED:
+		Implemented as per RFC 1079
+
+	TOGGLE-FLOW-CONTROL:
+		Implemented as per RFC 1080
+
+	TIMING-MARK:
+		As per RFC 860
+
+	SGA:	As per RFC 858
+
+	ECHO:	As per RFC 857
+
+	LOGOUT: As per RFC 727
+
+	STATUS:
+		The server will send its current status upon
+		request.  It does not ask for the clients status.
+		The client will request the servers current status
+		from the "send getstatus" command.
+
+	ENVIRON:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued, but should be in the near future...
+
+	X-DISPLAY-LOCATION:
+		This functionality can be done through the ENVIRON
+		option, it is added here for completeness.
+
+	AUTHENTICATION:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued.  The basic framework is pretty much decided,
+		but the definitions for the specific authentication
+		schemes is still in a state of flux.
+
+	ENCRYPTION:
+		This option is currently being defined by the IETF
+		Telnet Working Group, and an RFC has not yet been
+		issued.  The draft RFC is still in a state of flux,
+		so this code may change in the future.
diff --git a/crypto/kerberosIV/appl/telnet/arpa/telnet.h b/crypto/kerberosIV/appl/telnet/arpa/telnet.h
new file mode 100644
index 0000000..5d9ef60
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/arpa/telnet.h
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 1983, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnet.h	8.2 (Berkeley) 12/15/93
+ */
+
+#ifndef _TELNET_H_
+#define	_TELNET_H_
+
+/*
+ * Definitions for the TELNET protocol.
+ */
+#define	IAC	255		/* interpret as command: */
+#define	DONT	254		/* you are not to use option */
+#define	DO	253		/* please, you use option */
+#define	WONT	252		/* I won't use option */
+#define	WILL	251		/* I will use option */
+#define	SB	250		/* interpret as subnegotiation */
+#define	GA	249		/* you may reverse the line */
+#define	EL	248		/* erase the current line */
+#define	EC	247		/* erase the current character */
+#define	AYT	246		/* are you there */
+#define	AO	245		/* abort output--but let prog finish */
+#define	IP	244		/* interrupt process--permanently */
+#define	BREAK	243		/* break */
+#define	DM	242		/* data mark--for connect. cleaning */
+#define	NOP	241		/* nop */
+#define	SE	240		/* end sub negotiation */
+#define EOR     239             /* end of record (transparent mode) */
+#define	ABORT	238		/* Abort process */
+#define	SUSP	237		/* Suspend process */
+#define	xEOF	236		/* End of file: EOF is already used... */
+
+#define SYNCH	242		/* for telfunc calls */
+
+#ifdef TELCMDS
+char *telcmds[] = {
+	"EOF", "SUSP", "ABORT", "EOR",
+	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
+	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
+};
+#else
+extern char *telcmds[];
+#endif
+
+#define	TELCMD_FIRST	xEOF
+#define	TELCMD_LAST	IAC
+#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
+			 (unsigned int)(x) >= TELCMD_FIRST)
+#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
+
+/* telnet options */
+#define TELOPT_BINARY	0	/* 8-bit data path */
+#define TELOPT_ECHO	1	/* echo */
+#define	TELOPT_RCP	2	/* prepare to reconnect */
+#define	TELOPT_SGA	3	/* suppress go ahead */
+#define	TELOPT_NAMS	4	/* approximate message size */
+#define	TELOPT_STATUS	5	/* give status */
+#define	TELOPT_TM	6	/* timing mark */
+#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
+#define TELOPT_NAOL 	8	/* negotiate about output line width */
+#define TELOPT_NAOP 	9	/* negotiate about output page size */
+#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
+#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
+#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
+#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
+#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
+#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
+#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
+#define TELOPT_XASCII	17	/* extended ascic character set */
+#define	TELOPT_LOGOUT	18	/* force logout */
+#define	TELOPT_BM	19	/* byte macro */
+#define	TELOPT_DET	20	/* data entry terminal */
+#define	TELOPT_SUPDUP	21	/* supdup protocol */
+#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
+#define	TELOPT_SNDLOC	23	/* send location */
+#define	TELOPT_TTYPE	24	/* terminal type */
+#define	TELOPT_EOR	25	/* end or record */
+#define	TELOPT_TUID	26	/* TACACS user identification */
+#define	TELOPT_OUTMRK	27	/* output marking */
+#define	TELOPT_TTYLOC	28	/* terminal location number */
+#define	TELOPT_3270REGIME 29	/* 3270 regime */
+#define	TELOPT_X3PAD	30	/* X.3 PAD */
+#define	TELOPT_NAWS	31	/* window size */
+#define	TELOPT_TSPEED	32	/* terminal speed */
+#define	TELOPT_LFLOW	33	/* remote flow control */
+#define TELOPT_LINEMODE	34	/* Linemode option */
+#define TELOPT_XDISPLOC	35	/* X Display Location */
+#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
+#define	TELOPT_AUTHENTICATION 37/* Authenticate */
+#define	TELOPT_ENCRYPT	38	/* Encryption option */
+#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
+#define	TELOPT_EXOPL	255	/* extended-options-list */
+
+
+#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
+#ifdef TELOPTS
+char *telopts[NTELOPTS+1] = {
+	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
+	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
+	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
+	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
+	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
+	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
+	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
+	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
+	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
+	"ENCRYPT", "NEW-ENVIRON",
+	0,
+};
+#define	TELOPT_FIRST	TELOPT_BINARY
+#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
+#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
+#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
+#endif
+
+/* sub-option qualifiers */
+#define	TELQUAL_IS	0	/* option is... */
+#define	TELQUAL_SEND	1	/* send option */
+#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
+#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
+#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
+
+#define	LFLOW_OFF		0	/* Disable remote flow control */
+#define	LFLOW_ON		1	/* Enable remote flow control */
+#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
+#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
+
+/*
+ * LINEMODE suboptions
+ */
+
+#define	LM_MODE		1
+#define	LM_FORWARDMASK	2
+#define	LM_SLC		3
+
+#define	MODE_EDIT	0x01
+#define	MODE_TRAPSIG	0x02
+#define	MODE_ACK	0x04
+#define MODE_SOFT_TAB	0x08
+#define MODE_LIT_ECHO	0x10
+
+#define	MODE_MASK	0x1f
+
+/* Not part of protocol, but needed to simplify things... */
+#define MODE_FLOW		0x0100
+#define MODE_ECHO		0x0200
+#define MODE_INBIN		0x0400
+#define MODE_OUTBIN		0x0800
+#define MODE_FORCE		0x1000
+
+#define	SLC_SYNCH	1
+#define	SLC_BRK		2
+#define	SLC_IP		3
+#define	SLC_AO		4
+#define	SLC_AYT		5
+#define	SLC_EOR		6
+#define	SLC_ABORT	7
+#define	SLC_EOF		8
+#define	SLC_SUSP	9
+#define	SLC_EC		10
+#define	SLC_EL		11
+#define	SLC_EW		12
+#define	SLC_RP		13
+#define	SLC_LNEXT	14
+#define	SLC_XON		15
+#define	SLC_XOFF	16
+#define	SLC_FORW1	17
+#define	SLC_FORW2	18
+
+#define	NSLC		18
+
+/*
+ * For backwards compatability, we define SLC_NAMES to be the
+ * list of names if SLC_NAMES is not defined.
+ */
+#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
+			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
+			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
+#ifdef	SLC_NAMES
+char *slc_names[] = {
+	SLC_NAMELIST
+};
+#else
+extern char *slc_names[];
+#define	SLC_NAMES SLC_NAMELIST
+#endif
+
+#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
+#define SLC_NAME(x)	slc_names[x]
+
+#define	SLC_NOSUPPORT	0
+#define	SLC_CANTCHANGE	1
+#define	SLC_VARIABLE	2
+#define	SLC_DEFAULT	3
+#define	SLC_LEVELBITS	0x03
+
+#define	SLC_FUNC	0
+#define	SLC_FLAGS	1
+#define	SLC_VALUE	2
+
+#define	SLC_ACK		0x80
+#define	SLC_FLUSHIN	0x40
+#define	SLC_FLUSHOUT	0x20
+
+#define	OLD_ENV_VAR	1
+#define	OLD_ENV_VALUE	0
+#define	NEW_ENV_VAR	0
+#define	NEW_ENV_VALUE	1
+#define	ENV_ESC		2
+#define ENV_USERVAR	3
+
+/*
+ * AUTHENTICATION suboptions
+ */
+
+/*
+ * Who is authenticating who ...
+ */
+#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
+#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
+#define	AUTH_WHO_MASK		1
+
+/*
+ * amount of authentication done
+ */
+#define	AUTH_HOW_ONE_WAY	0
+#define	AUTH_HOW_MUTUAL		2
+#define	AUTH_HOW_MASK		2
+
+#define	AUTHTYPE_NULL		0
+#define	AUTHTYPE_KERBEROS_V4	1
+#define	AUTHTYPE_KERBEROS_V5	2
+#define	AUTHTYPE_SPX		3
+#define	AUTHTYPE_MINK		4
+#define	AUTHTYPE_SRA		5
+#define	AUTHTYPE_CNT		6
+/* #define	AUTHTYPE_UNSECURE 6 */
+
+#define	AUTHTYPE_TEST		99
+
+#ifdef	AUTH_NAMES
+char *authtype_names[] = {
+	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK",
+	"SRA", 0,
+};
+#else
+extern char *authtype_names[];
+#endif
+
+#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
+#define	AUTHTYPE_NAME(x)	authtype_names[x]
+
+/*
+ * ENCRYPTion suboptions
+ */
+#define	ENCRYPT_IS		0	/* I pick encryption type ... */
+#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
+#define	ENCRYPT_REPLY		2	/* Initial setup response */
+#define	ENCRYPT_START		3	/* Am starting to send encrypted */
+#define	ENCRYPT_END		4	/* Am ending encrypted */
+#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
+#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
+#define	ENCRYPT_ENC_KEYID	7
+#define	ENCRYPT_DEC_KEYID	8
+#define	ENCRYPT_CNT		9
+
+#define	ENCTYPE_ANY		0
+#define	ENCTYPE_DES_CFB64	1
+#define	ENCTYPE_DES_OFB64	2
+#define	ENCTYPE_CNT		3
+
+#ifdef	ENCRYPT_NAMES
+char *encrypt_names[] = {
+	"IS", "SUPPORT", "REPLY", "START", "END",
+	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
+	0,
+};
+char *enctype_names[] = {
+	"ANY", "DES_CFB64",  "DES_OFB64",  0,
+};
+#else
+extern char *encrypt_names[];
+extern char *enctype_names[];
+#endif
+
+
+#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
+#define	ENCRYPT_NAME(x)		encrypt_names[x]
+
+#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
+#define	ENCTYPE_NAME(x)		enctype_names[x]
+
+#endif /* !_TELNET_H_ */
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am
new file mode 100644
index 0000000..8806f88
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.am
@@ -0,0 +1,24 @@
+# $Id: Makefile.am,v 1.8 1999/03/20 13:58:15 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+noinst_LIBRARIES = libtelnet.a
+
+libtelnet_a_SOURCES = \
+	auth-proto.h	\
+	auth.c		\
+	auth.h		\
+	enc-proto.h	\
+	enc_des.c	\
+	encrypt.c	\
+	encrypt.h	\
+	genget.c	\
+	kerberos.c	\
+	kerberos5.c	\
+	misc-proto.h	\
+	misc.c		\
+	misc.h
+
+EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in
new file mode 100644
index 0000000..b8ca629
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/Makefile.in
@@ -0,0 +1,54 @@
+# $Id: Makefile.in,v 1.28 1999/03/11 13:50:00 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LIBNAME = $(LIBPREFIX)telnet
+LIBEXT = a
+LIBPREFIX = @LIBPREFIX@
+LIB = $(LIBNAME).$(LIBEXT)
+
+prefix = @prefix@
+
+SOURCES=auth.c encrypt.c genget.c enc_des.c misc.c kerberos.c kerberos5.c
+
+OBJECTS=auth.o encrypt.o genget.o enc_des.o misc.o kerberos.o kerberos5.o
+
+all: $(LIB)
+
+libtop = @libtop@
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir)/.. $(CFLAGS) $(CPPFLAGS) $<
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(AR) cr $@ $(OBJECTS)
+	-$(RANLIB) $@
+
+install:
+	@true
+
+uninstall:
+	@true
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h
new file mode 100644
index 0000000..bcc4c64
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth-proto.h
@@ -0,0 +1,122 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth-proto.h,v 1.9 1998/06/09 19:24:40 joda Exp $ */
+
+#ifdef AUTHENTICATION
+Authenticator *findauthenticator (int, int);
+
+int auth_wait (char *, size_t);
+void auth_disable_name (char *);
+void auth_finished (Authenticator *, int);
+void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
+void auth_init (char *, int);
+void auth_is (unsigned char *, int);
+void auth_name(unsigned char*, int);
+void auth_reply (unsigned char *, int);
+void auth_request (void);
+void auth_send (unsigned char *, int);
+void auth_send_retry (void);
+void auth_printsub(unsigned char*, int, unsigned char*, int);
+int getauthmask(char *type, int *maskp);
+int auth_enable(char *type);
+int auth_disable(char *type);
+int auth_onoff(char *type, int on);
+int auth_togdebug(int on);
+int auth_status(void);
+int auth_sendname(unsigned char *cp, int len);
+void auth_debug(int mode);
+void auth_gen_printsub(unsigned char *data, int cnt,
+		       unsigned char *buf, int buflen);
+
+#ifdef UNSAFE
+int unsafe_init (Authenticator *, int);
+int unsafe_send (Authenticator *);
+void unsafe_is (Authenticator *, unsigned char *, int);
+void unsafe_reply (Authenticator *, unsigned char *, int);
+int unsafe_status (Authenticator *, char *, int);
+void unsafe_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef SRA
+int sra_init (Authenticator *, int);
+int sra_send (Authenticator *);
+void sra_is (Authenticator *, unsigned char *, int);
+void sra_reply (Authenticator *, unsigned char *, int);
+int sra_status (Authenticator *, char *, int);
+void sra_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef	KRB4
+int kerberos4_init (Authenticator *, int);
+int kerberos4_send_mutual (Authenticator *);
+int kerberos4_send_oneway (Authenticator *);
+void kerberos4_is (Authenticator *, unsigned char *, int);
+void kerberos4_reply (Authenticator *, unsigned char *, int);
+int kerberos4_status (Authenticator *, char *, size_t, int);
+void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
+int kerberos4_forward(Authenticator *ap, void *);
+#endif
+
+#ifdef	KRB5
+int kerberos5_init (Authenticator *, int);
+int kerberos5_send_mutual (Authenticator *);
+int kerberos5_send_oneway (Authenticator *);
+void kerberos5_is (Authenticator *, unsigned char *, int);
+void kerberos5_reply (Authenticator *, unsigned char *, int);
+int kerberos5_status (Authenticator *, char *, size_t, int);
+void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth.c b/crypto/kerberosIV/appl/telnet/libtelnet/auth.c
new file mode 100644
index 0000000..31d3ede
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth.c
@@ -0,0 +1,657 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: auth.c,v 1.22 1999/03/11 13:48:52 joda Exp $");
+
+#if	defined(AUTHENTICATION)
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <signal.h>
+#define	AUTH_NAMES
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc-proto.h"
+#include "auth-proto.h"
+
+#define	typemask(x)		(1<<((x)-1))
+
+#ifdef	KRB4_ENCPWD
+extern krb4encpwd_init();
+extern krb4encpwd_send();
+extern krb4encpwd_is();
+extern krb4encpwd_reply();
+extern krb4encpwd_status();
+extern krb4encpwd_printsub();
+#endif
+
+#ifdef	RSA_ENCPWD
+extern rsaencpwd_init();
+extern rsaencpwd_send();
+extern rsaencpwd_is();
+extern rsaencpwd_reply();
+extern rsaencpwd_status();
+extern rsaencpwd_printsub();
+#endif
+
+int auth_debug_mode = 0;
+static 	char	*Name = "Noname";
+static	int	Server = 0;
+static	Authenticator	*authenticated = 0;
+static	int	authenticating = 0;
+static	int	validuser = 0;
+static	unsigned char	_auth_send_data[256];
+static	unsigned char	*auth_send_data;
+static	int	auth_send_cnt = 0;
+
+/*
+ * Authentication types supported.  Plese note that these are stored
+ * in priority order, i.e. try the first one first.
+ */
+Authenticator authenticators[] = {
+#ifdef UNSAFE
+    { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      unsafe_init,
+      unsafe_send,
+      unsafe_is,
+      unsafe_reply,
+      unsafe_status,
+      unsafe_printsub },
+#endif
+#ifdef SRA
+    { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      sra_init,
+      sra_send,
+      sra_is,
+      sra_reply,
+      sra_status,
+      sra_printsub },
+#endif
+#ifdef	SPX
+    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      spx_init,
+      spx_send,
+      spx_is,
+      spx_reply,
+      spx_status,
+      spx_printsub },
+    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      spx_init,
+      spx_send,
+      spx_is,
+      spx_reply,
+      spx_status,
+      spx_printsub },
+#endif
+#ifdef	KRB5
+    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      kerberos5_init,
+      kerberos5_send_mutual,
+      kerberos5_is,
+      kerberos5_reply,
+      kerberos5_status,
+      kerberos5_printsub },
+    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      kerberos5_init,
+      kerberos5_send_oneway,
+      kerberos5_is,
+      kerberos5_reply,
+      kerberos5_status,
+      kerberos5_printsub },
+#endif
+#ifdef	KRB4
+    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      kerberos4_init,
+      kerberos4_send_mutual,
+      kerberos4_is,
+      kerberos4_reply,
+      kerberos4_status,
+      kerberos4_printsub },
+    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      kerberos4_init,
+      kerberos4_send_oneway,
+      kerberos4_is,
+      kerberos4_reply,
+      kerberos4_status,
+      kerberos4_printsub },
+#endif
+#ifdef	KRB4_ENCPWD
+    { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+      krb4encpwd_init,
+      krb4encpwd_send,
+      krb4encpwd_is,
+      krb4encpwd_reply,
+      krb4encpwd_status,
+      krb4encpwd_printsub },
+#endif
+#ifdef	RSA_ENCPWD
+    { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+      rsaencpwd_init,
+      rsaencpwd_send,
+      rsaencpwd_is,
+      rsaencpwd_reply,
+      rsaencpwd_status,
+      rsaencpwd_printsub },
+#endif
+    { 0, },
+};
+
+static Authenticator NoAuth = { 0 };
+
+static int	i_support = 0;
+static int	i_wont_support = 0;
+
+Authenticator *
+findauthenticator(int type, int way)
+{
+    Authenticator *ap = authenticators;
+
+    while (ap->type && (ap->type != type || ap->way != way))
+	++ap;
+    return(ap->type ? ap : 0);
+}
+
+void
+auth_init(char *name, int server)
+{
+    Authenticator *ap = authenticators;
+
+    Server = server;
+    Name = name;
+
+    i_support = 0;
+    authenticated = 0;
+    authenticating = 0;
+    while (ap->type) {
+	if (!ap->init || (*ap->init)(ap, server)) {
+	    i_support |= typemask(ap->type);
+	    if (auth_debug_mode)
+		printf(">>>%s: I support auth type %d %d\r\n",
+		       Name,
+		       ap->type, ap->way);
+	}
+	else if (auth_debug_mode)
+	    printf(">>>%s: Init failed: auth type %d %d\r\n",
+		   Name, ap->type, ap->way);
+	++ap;
+    }
+}
+
+void
+auth_disable_name(char *name)
+{
+    int x;
+    for (x = 0; x < AUTHTYPE_CNT; ++x) {
+	if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
+	    i_wont_support |= typemask(x);
+	    break;
+	}
+    }
+}
+
+int
+getauthmask(char *type, int *maskp)
+{
+    int x;
+
+    if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
+	*maskp = -1;
+	return(1);
+    }
+
+    for (x = 1; x < AUTHTYPE_CNT; ++x) {
+	if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
+	    *maskp = typemask(x);
+	    return(1);
+	}
+    }
+    return(0);
+}
+
+int
+auth_enable(char *type)
+{
+    return(auth_onoff(type, 1));
+}
+
+int
+auth_disable(char *type)
+{
+    return(auth_onoff(type, 0));
+}
+
+int
+auth_onoff(char *type, int on)
+{
+    int i, mask = -1;
+    Authenticator *ap;
+
+    if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
+	printf("auth %s 'type'\n", on ? "enable" : "disable");
+	printf("Where 'type' is one of:\n");
+	printf("\t%s\n", AUTHTYPE_NAME(0));
+	mask = 0;
+	for (ap = authenticators; ap->type; ap++) {
+	    if ((mask & (i = typemask(ap->type))) != 0)
+		continue;
+	    mask |= i;
+	    printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+	}
+	return(0);
+    }
+
+    if (!getauthmask(type, &mask)) {
+	printf("%s: invalid authentication type\n", type);
+	return(0);
+    }
+    if (on)
+	i_wont_support &= ~mask;
+    else
+	i_wont_support |= mask;
+    return(1);
+}
+
+int
+auth_togdebug(int on)
+{
+    if (on < 0)
+	auth_debug_mode ^= 1;
+    else
+	auth_debug_mode = on;
+    printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
+    return(1);
+}
+
+int
+auth_status(void)
+{
+    Authenticator *ap;
+    int i, mask;
+
+    if (i_wont_support == -1)
+	printf("Authentication disabled\n");
+    else
+	printf("Authentication enabled\n");
+
+    mask = 0;
+    for (ap = authenticators; ap->type; ap++) {
+	if ((mask & (i = typemask(ap->type))) != 0)
+	    continue;
+	mask |= i;
+	printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
+	       (i_wont_support & typemask(ap->type)) ?
+	       "disabled" : "enabled");
+    }
+    return(1);
+}
+
+/*
+ * This routine is called by the server to start authentication
+ * negotiation.
+ */
+void
+auth_request(void)
+{
+    static unsigned char str_request[64] = { IAC, SB,
+					     TELOPT_AUTHENTICATION,
+					     TELQUAL_SEND, };
+    Authenticator *ap = authenticators;
+    unsigned char *e = str_request + 4;
+
+    if (!authenticating) {
+	authenticating = 1;
+	while (ap->type) {
+	    if (i_support & ~i_wont_support & typemask(ap->type)) {
+		if (auth_debug_mode) {
+		    printf(">>>%s: Sending type %d %d\r\n",
+			   Name, ap->type, ap->way);
+		}
+		*e++ = ap->type;
+		*e++ = ap->way;
+	    }
+	    ++ap;
+	}
+	*e++ = IAC;
+	*e++ = SE;
+	telnet_net_write(str_request, e - str_request);
+	printsub('>', &str_request[2], e - str_request - 2);
+    }
+}
+
+/*
+ * This is called when an AUTH SEND is received.
+ * It should never arrive on the server side (as only the server can
+ * send an AUTH SEND).
+ * You should probably respond to it if you can...
+ *
+ * If you want to respond to the types out of order (i.e. even
+ * if he sends  LOGIN KERBEROS and you support both, you respond
+ * with KERBEROS instead of LOGIN (which is against what the
+ * protocol says)) you will have to hack this code...
+ */
+void
+auth_send(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+    static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_IS, AUTHTYPE_NULL, 0,
+					IAC, SE };
+    if (Server) {
+	if (auth_debug_mode) {
+	    printf(">>>%s: auth_send called!\r\n", Name);
+	}
+	return;
+    }
+
+    if (auth_debug_mode) {
+	printf(">>>%s: auth_send got:", Name);
+	printd(data, cnt); printf("\r\n");
+    }
+
+    /*
+     * Save the data, if it is new, so that we can continue looking
+     * at it if the authorization we try doesn't work
+     */
+    if (data < _auth_send_data ||
+	data > _auth_send_data + sizeof(_auth_send_data)) {
+	auth_send_cnt = cnt > sizeof(_auth_send_data)
+	    ? sizeof(_auth_send_data)
+	    : cnt;
+	memmove(_auth_send_data, data, auth_send_cnt);
+	auth_send_data = _auth_send_data;
+    } else {
+	/*
+	 * This is probably a no-op, but we just make sure
+	 */
+	auth_send_data = data;
+	auth_send_cnt = cnt;
+    }
+    while ((auth_send_cnt -= 2) >= 0) {
+	if (auth_debug_mode)
+	    printf(">>>%s: He supports %d\r\n",
+		   Name, *auth_send_data);
+	if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
+	    ap = findauthenticator(auth_send_data[0],
+				   auth_send_data[1]);
+	    if (ap && ap->send) {
+		if (auth_debug_mode)
+		    printf(">>>%s: Trying %d %d\r\n",
+			   Name, auth_send_data[0],
+			   auth_send_data[1]);
+		if ((*ap->send)(ap)) {
+		    /*
+		     * Okay, we found one we like
+		     * and did it.
+		     * we can go home now.
+		     */
+		    if (auth_debug_mode)
+			printf(">>>%s: Using type %d\r\n",
+			       Name, *auth_send_data);
+		    auth_send_data += 2;
+		    return;
+		}
+	    }
+	    /* else
+	     *	just continue on and look for the
+	     *	next one if we didn't do anything.
+	     */
+	}
+	auth_send_data += 2;
+    }
+    telnet_net_write(str_none, sizeof(str_none));
+    printsub('>', &str_none[2], sizeof(str_none) - 2);
+    if (auth_debug_mode)
+	printf(">>>%s: Sent failure message\r\n", Name);
+    auth_finished(0, AUTH_REJECT);
+#ifdef KANNAN
+    /*
+     *  We requested strong authentication, however no mechanisms worked.
+     *  Therefore, exit on client end.
+     */
+    printf("Unable to securely authenticate user ... exit\n");
+    exit(0);
+#endif /* KANNAN */
+}
+
+void
+auth_send_retry(void)
+{
+    /*
+     * if auth_send_cnt <= 0 then auth_send will end up rejecting
+     * the authentication and informing the other side of this.
+	 */
+    auth_send(auth_send_data, auth_send_cnt);
+}
+
+void
+auth_is(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+
+    if (cnt < 2)
+	return;
+
+    if (data[0] == AUTHTYPE_NULL) {
+	auth_finished(0, AUTH_REJECT);
+	return;
+    }
+
+    if ((ap = findauthenticator(data[0], data[1]))) {
+	if (ap->is)
+	    (*ap->is)(ap, data+2, cnt-2);
+    } else if (auth_debug_mode)
+	printf(">>>%s: Invalid authentication in IS: %d\r\n",
+	       Name, *data);
+}
+
+void
+auth_reply(unsigned char *data, int cnt)
+{
+    Authenticator *ap;
+
+    if (cnt < 2)
+	return;
+
+    if ((ap = findauthenticator(data[0], data[1]))) {
+	if (ap->reply)
+	    (*ap->reply)(ap, data+2, cnt-2);
+    } else if (auth_debug_mode)
+	printf(">>>%s: Invalid authentication in SEND: %d\r\n",
+	       Name, *data);
+}
+
+void
+auth_name(unsigned char *data, int cnt)
+{
+    char savename[256];
+
+    if (cnt < 1) {
+	if (auth_debug_mode)
+	    printf(">>>%s: Empty name in NAME\r\n", Name);
+	return;
+    }
+    if (cnt > sizeof(savename) - 1) {
+	if (auth_debug_mode)
+	    printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
+		   Name, cnt, (unsigned long)(sizeof(savename)-1));
+	return;
+    }
+    memmove(savename, data, cnt);
+    savename[cnt] = '\0';	/* Null terminate */
+    if (auth_debug_mode)
+	printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
+    auth_encrypt_user(savename);
+}
+
+int
+auth_sendname(unsigned char *cp, int len)
+{
+    static unsigned char str_request[256+6]
+	= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
+    unsigned char *e = str_request + 4;
+    unsigned char *ee = &str_request[sizeof(str_request)-2];
+
+    while (--len >= 0) {
+	if ((*e++ = *cp++) == IAC)
+	    *e++ = IAC;
+	if (e >= ee)
+	    return(0);
+    }
+    *e++ = IAC;
+    *e++ = SE;
+    telnet_net_write(str_request, e - str_request);
+    printsub('>', &str_request[2], e - &str_request[2]);
+    return(1);
+}
+
+void
+auth_finished(Authenticator *ap, int result)
+{
+    if (!(authenticated = ap))
+	authenticated = &NoAuth;
+    validuser = result;
+}
+
+/* ARGSUSED */
+static void
+auth_intr(int sig)
+{
+    auth_finished(0, AUTH_REJECT);
+}
+
+int
+auth_wait(char *name, size_t name_sz)
+{
+    if (auth_debug_mode)
+	printf(">>>%s: in auth_wait.\r\n", Name);
+
+    if (Server && !authenticating)
+	return(0);
+
+    signal(SIGALRM, auth_intr);
+    alarm(30);
+    while (!authenticated)
+	if (telnet_spin())
+	    break;
+    alarm(0);
+    signal(SIGALRM, SIG_DFL);
+
+    /*
+     * Now check to see if the user is valid or not
+     */
+    if (!authenticated || authenticated == &NoAuth)
+	return(AUTH_REJECT);
+
+    if (validuser == AUTH_VALID)
+	validuser = AUTH_USER;
+
+    if (authenticated->status)
+	validuser = (*authenticated->status)(authenticated,
+					     name, name_sz,
+					     validuser);
+    return(validuser);
+}
+
+void
+auth_debug(int mode)
+{
+    auth_debug_mode = mode;
+}
+
+void
+auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    Authenticator *ap;
+
+    if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
+	(*ap->printsub)(data, cnt, buf, buflen);
+    else
+	auth_gen_printsub(data, cnt, buf, buflen);
+}
+
+void
+auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    unsigned char *cp;
+    unsigned char tbuf[16];
+
+    cnt -= 3;
+    data += 3;
+    buf[buflen-1] = '\0';
+    buf[buflen-2] = '*';
+    buflen -= 2;
+    for (; cnt > 0; cnt--, data++) {
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
+	for (cp = tbuf; *cp && buflen > 0; --buflen)
+	    *buf++ = *cp++;
+	if (buflen <= 0)
+	    return;
+    }
+    *buf = '\0';
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/auth.h b/crypto/kerberosIV/appl/telnet/libtelnet/auth.h
new file mode 100644
index 0000000..83dd701
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/auth.h
@@ -0,0 +1,81 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)auth.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */
+
+#ifndef	__AUTH__
+#define	__AUTH__
+
+#define	AUTH_REJECT	0	/* Rejected */
+#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
+#define	AUTH_OTHER	2	/* We know him, but not his name */
+#define	AUTH_USER	3	/* We know he name */
+#define	AUTH_VALID	4	/* We know him, and he needs no password */
+
+typedef struct XauthP {
+	int	type;
+	int	way;
+	int	(*init) (struct XauthP *, int);
+	int	(*send) (struct XauthP *);
+	void	(*is) (struct XauthP *, unsigned char *, int);
+	void	(*reply) (struct XauthP *, unsigned char *, int);
+	int	(*status) (struct XauthP *, char *, size_t, int);
+	void	(*printsub) (unsigned char *, int, unsigned char *, int);
+} Authenticator;
+
+#include "auth-proto.h"
+
+extern int auth_debug_mode;
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h
new file mode 100644
index 0000000..cb0077d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/enc-proto.h
@@ -0,0 +1,132 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
+ *
+ *	@(#)enc-proto.h	5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: enc-proto.h,v 1.9 1998/07/09 23:16:22 assar Exp $ */
+
+#if	defined(ENCRYPTION)
+Encryptions *findencryption (int);
+Encryptions *finddecryption(int);
+int EncryptAutoDec(int);
+int EncryptAutoEnc(int);
+int EncryptDebug(int);
+int EncryptDisable(char*, char*);
+int EncryptEnable(char*, char*);
+int EncryptStart(char*);
+int EncryptStartInput(void);
+int EncryptStartOutput(void);
+int EncryptStatus(void);
+int EncryptStop(char*);
+int EncryptStopInput(void);
+int EncryptStopOutput(void);
+int EncryptType(char*, char*);
+int EncryptVerbose(int);
+void decrypt_auto(int);
+void encrypt_auto(int);
+void encrypt_debug(int);
+void encrypt_dec_keyid(unsigned char*, int);
+void encrypt_display(void);
+void encrypt_enc_keyid(unsigned char*, int);
+void encrypt_end(void);
+void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_init(char*, int);
+void encrypt_is(unsigned char*, int);
+void encrypt_list_types(void);
+void encrypt_not(void);
+void encrypt_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_reply(unsigned char*, int);
+void encrypt_request_end(void);
+void encrypt_request_start(unsigned char*, int);
+void encrypt_send_end(void);
+void encrypt_send_keyid(int, unsigned char*, int, int);
+void encrypt_send_request_end(void);
+void encrypt_send_request_start(void);
+void encrypt_send_support(void);
+void encrypt_session_key(Session_Key*, int);
+void encrypt_start(unsigned char*, int);
+void encrypt_start_output(int);
+void encrypt_support(unsigned char*, int);
+void encrypt_verbose_quiet(int);
+void encrypt_wait(void);
+int encrypt_delay(void);
+
+#ifdef	TELENTD
+void encrypt_wait (void);
+#else
+void encrypt_display (void);
+#endif
+
+void cfb64_encrypt (unsigned char *, int);
+int cfb64_decrypt (int);
+void cfb64_init (int);
+int cfb64_start (int, int);
+int cfb64_is (unsigned char *, int);
+int cfb64_reply (unsigned char *, int);
+void cfb64_session (Session_Key *, int);
+int cfb64_keyid (int, unsigned char *, int *);
+void cfb64_printsub (unsigned char *, int, unsigned char *, int);
+
+void ofb64_encrypt (unsigned char *, int);
+int ofb64_decrypt (int);
+void ofb64_init (int);
+int ofb64_start (int, int);
+int ofb64_is (unsigned char *, int);
+int ofb64_reply (unsigned char *, int);
+void ofb64_session (Session_Key *, int);
+int ofb64_keyid (int, unsigned char *, int *);
+void ofb64_printsub (unsigned char *, int, unsigned char *, int);
+
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c b/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c
new file mode 100644
index 0000000..a24bfa7
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/enc_des.c
@@ -0,0 +1,671 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $");
+
+#if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
+#include <arpa/telnet.h>
+#include <stdio.h>
+#ifdef	__STDC__
+#include <stdlib.h>
+#include <string.h>
+#endif
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "misc-proto.h"
+
+#include <des.h>
+
+extern int encrypt_debug_mode;
+
+#define	CFB	0
+#define	OFB	1
+
+#define	NO_SEND_IV	1
+#define	NO_RECV_IV	2
+#define	NO_KEYID	4
+#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
+#define	SUCCESS		0
+#define	FAILED		-1
+
+
+struct stinfo {
+  des_cblock	str_output;
+  des_cblock	str_feed;
+  des_cblock	str_iv;
+  des_cblock	str_ikey;
+  des_key_schedule str_sched;
+  int		str_index;
+  int		str_flagshift;
+};
+
+struct fb {
+	des_cblock krbdes_key;
+	des_key_schedule krbdes_sched;
+	des_cblock temp_feed;
+	unsigned char fb_feed[64];
+	int need_start;
+	int state[2];
+	int keyid[2];
+	int once;
+	struct stinfo streams[2];
+};
+
+static struct fb fb[2];
+
+struct keyidlist {
+	char	*keyid;
+	int	keyidlen;
+	char	*key;
+	int	keylen;
+	int	flags;
+} keyidlist [] = {
+	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
+	{ 0, 0, 0, 0, 0 }
+};
+
+#define	KEYFLAG_MASK	03
+
+#define	KEYFLAG_NOINIT	00
+#define	KEYFLAG_INIT	01
+#define	KEYFLAG_OK	02
+#define	KEYFLAG_BAD	03
+
+#define	KEYFLAG_SHIFT	2
+
+#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
+
+#define	FB64_IV		1
+#define	FB64_IV_OK	2
+#define	FB64_IV_BAD	3
+
+
+void fb64_stream_iv (des_cblock, struct stinfo *);
+void fb64_init (struct fb *);
+static int fb64_start (struct fb *, int, int);
+int fb64_is (unsigned char *, int, struct fb *);
+int fb64_reply (unsigned char *, int, struct fb *);
+static void fb64_session (Session_Key *, int, struct fb *);
+void fb64_stream_key (des_cblock, struct stinfo *);
+int fb64_keyid (int, unsigned char *, int *, struct fb *);
+
+void cfb64_init(int server)
+{
+	fb64_init(&fb[CFB]);
+	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
+}
+
+
+void ofb64_init(int server)
+{
+	fb64_init(&fb[OFB]);
+	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
+	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
+	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
+}
+
+void fb64_init(struct fb *fbp)
+{
+	memset(fbp,0, sizeof(*fbp));
+	fbp->state[0] = fbp->state[1] = FAILED;
+	fbp->fb_feed[0] = IAC;
+	fbp->fb_feed[1] = SB;
+	fbp->fb_feed[2] = TELOPT_ENCRYPT;
+	fbp->fb_feed[3] = ENCRYPT_IS;
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ *	 2: Not yet.  Other things (like getting the key from
+ *	    Kerberos) have to happen before we can continue.
+ */
+int cfb64_start(int dir, int server)
+{
+	return(fb64_start(&fb[CFB], dir, server));
+}
+
+int ofb64_start(int dir, int server)
+{
+	return(fb64_start(&fb[OFB], dir, server));
+}
+
+static int fb64_start(struct fb *fbp, int dir, int server)
+{
+	int x;
+	unsigned char *p;
+	int state;
+
+	switch (dir) {
+	case DIR_DECRYPT:
+		/*
+		 * This is simply a request to have the other side
+		 * start output (our input).  He will negotiate an
+		 * IV so we need not look for it.
+		 */
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		break;
+
+	case DIR_ENCRYPT:
+		state = fbp->state[dir-1];
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		else if ((state & NO_SEND_IV) == 0) {
+			break;
+		}
+
+		if (!VALIDKEY(fbp->krbdes_key)) {
+		        fbp->need_start = 1;
+			break;
+		}
+
+		state &= ~NO_SEND_IV;
+		state |= NO_RECV_IV;
+		if (encrypt_debug_mode)
+			printf("Creating new feed\r\n");
+		/*
+		 * Create a random feed and send it over.
+		 */
+#ifndef OLD_DES_RANDOM_KEY
+		des_new_random_key(&fbp->temp_feed);
+#else
+		/*
+		 * From des_cryp.man "If the des_check_key flag is non-zero,
+		 *  des_set_key will check that the key passed is
+		 *  of odd parity and is not a week or semi-weak key."
+		 */
+		do {
+			des_random_key(fbp->temp_feed);
+			des_set_odd_parity(fbp->temp_feed);
+		} while (des_is_weak_key(fbp->temp_feed));
+#endif
+		des_ecb_encrypt(&fbp->temp_feed,
+				&fbp->temp_feed,
+				fbp->krbdes_sched, 1);
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_IS;
+		p++;
+		*p++ = FB64_IV;
+		for (x = 0; x < sizeof(des_cblock); ++x) {
+			if ((*p++ = fbp->temp_feed[x]) == IAC)
+				*p++ = IAC;
+		}
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+		break;
+	default:
+		return(FAILED);
+	}
+	return(fbp->state[dir-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+
+int cfb64_is(unsigned char *data, int cnt)
+{
+	return(fb64_is(data, cnt, &fb[CFB]));
+}
+
+int ofb64_is(unsigned char *data, int cnt)
+{
+	return(fb64_is(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
+{
+	unsigned char *p;
+	int state = fbp->state[DIR_DECRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV:
+		if (cnt != sizeof(des_cblock)) {
+			if (encrypt_debug_mode)
+				printf("CFB64: initial vector failed on size\r\n");
+			state = FAILED;
+			goto failure;
+		}
+
+		if (encrypt_debug_mode)
+			printf("CFB64: initial vector received\r\n");
+
+		if (encrypt_debug_mode)
+			printf("Initializing Decrypt stream\r\n");
+
+		fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
+
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_OK;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", *(data-1));
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		/*
+		 * We failed.  Send an FB64_IV_BAD option
+		 * to the other side so it will know that
+		 * things failed.
+		 */
+		p = fbp->fb_feed + 3;
+		*p++ = ENCRYPT_REPLY;
+		p++;
+		*p++ = FB64_IV_BAD;
+		*p++ = IAC;
+		*p++ = SE;
+		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+		break;
+	}
+	return(fbp->state[DIR_DECRYPT-1] = state);
+}
+
+/*
+ * Returns:
+ *	-1: some error.  Negotiation is done, encryption not ready.
+ *	 0: Successful, initial negotiation all done.
+ *	 1: successful, negotiation not done yet.
+ */
+
+int cfb64_reply(unsigned char *data, int cnt)
+{
+	return(fb64_reply(data, cnt, &fb[CFB]));
+}
+
+int ofb64_reply(unsigned char *data, int cnt)
+{
+	return(fb64_reply(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
+{
+	int state = fbp->state[DIR_ENCRYPT-1];
+
+	if (cnt-- < 1)
+		goto failure;
+
+	switch (*data++) {
+	case FB64_IV_OK:
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		if (state == FAILED)
+			state = IN_PROGRESS;
+		state &= ~NO_RECV_IV;
+		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
+		break;
+
+	case FB64_IV_BAD:
+		memset(fbp->temp_feed, 0, sizeof(des_cblock));
+		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+		state = FAILED;
+		break;
+
+	default:
+		if (encrypt_debug_mode) {
+			printf("Unknown option type: %d\r\n", data[-1]);
+			printd(data, cnt);
+			printf("\r\n");
+		}
+		/* FALL THROUGH */
+	failure:
+		state = FAILED;
+		break;
+	}
+	return(fbp->state[DIR_ENCRYPT-1] = state);
+}
+
+void cfb64_session(Session_Key *key, int server)
+{
+	fb64_session(key, server, &fb[CFB]);
+}
+
+void ofb64_session(Session_Key *key, int server)
+{
+	fb64_session(key, server, &fb[OFB]);
+}
+
+static void fb64_session(Session_Key *key, int server, struct fb *fbp)
+{
+
+	if (!key || key->type != SK_DES) {
+		if (encrypt_debug_mode)
+			printf("Can't set krbdes's session key (%d != %d)\r\n",
+				key ? key->type : -1, SK_DES);
+		return;
+	}
+	memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
+
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
+	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
+
+	if (fbp->once == 0) {
+#ifndef OLD_DES_RANDOM_KEY
+		des_init_random_number_generator(&fbp->krbdes_key);
+#endif
+		fbp->once = 1;
+	}
+	des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
+	/*
+	 * Now look to see if krbdes_start() was was waiting for
+	 * the key to show up.  If so, go ahead an call it now
+	 * that we have the key.
+	 */
+	if (fbp->need_start) {
+		fbp->need_start = 0;
+		fb64_start(fbp, DIR_ENCRYPT, server);
+	}
+}
+
+/*
+ * We only accept a keyid of 0.  If we get a keyid of
+ * 0, then mark the state as SUCCESS.
+ */
+
+int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
+}
+
+int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
+}
+
+int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
+{
+	int state = fbp->state[dir-1];
+
+	if (*lenp != 1 || (*kp != '\0')) {
+		*lenp = 0;
+		return(state);
+	}
+
+	if (state == FAILED)
+		state = IN_PROGRESS;
+
+	state &= ~NO_KEYID;
+
+	return(fbp->state[dir-1] = state);
+}
+
+void fb64_printsub(unsigned char *data, int cnt, 
+		   unsigned char *buf, int buflen, char *type)
+{
+	char lbuf[32];
+	int i;
+	char *cp;
+
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
+	buflen -= 1;
+
+	switch(data[2]) {
+	case FB64_IV:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_OK:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
+		cp = lbuf;
+		goto common;
+
+	case FB64_IV_BAD:
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
+		cp = lbuf;
+		goto common;
+
+	default:
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
+		cp = lbuf;
+	common:
+		for (; (buflen > 0) && (*buf = *cp++); buf++)
+			buflen--;
+		for (i = 3; i < cnt; i++) {
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
+			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
+				buflen--;
+		}
+		break;
+	}
+}
+
+void cfb64_printsub(unsigned char *data, int cnt, 
+		    unsigned char *buf, int buflen)
+{
+	fb64_printsub(data, cnt, buf, buflen, "CFB64");
+}
+
+void ofb64_printsub(unsigned char *data, int cnt,
+		    unsigned char *buf, int buflen)
+{
+	fb64_printsub(data, cnt, buf, buflen, "OFB64");
+}
+
+void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
+{
+
+	memcpy(stp->str_iv, seed,sizeof(des_cblock));
+	memcpy(stp->str_output, seed, sizeof(des_cblock));
+
+	des_key_sched(&stp->str_ikey, stp->str_sched);
+
+	stp->str_index = sizeof(des_cblock);
+}
+
+void fb64_stream_key(des_cblock key, struct stinfo *stp)
+{
+	memcpy(stp->str_ikey, key, sizeof(des_cblock));
+	des_key_sched((des_cblock*)key, stp->str_sched);
+
+	memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
+
+	stp->str_index = sizeof(des_cblock);
+}
+
+/*
+ * DES 64 bit Cipher Feedback
+ *
+ *     key --->+-----+
+ *          +->| DES |--+
+ *          |  +-----+  |
+ *	    |           v
+ *  INPUT --(--------->(+)+---> DATA
+ *          |             |
+ *	    +-------------+
+ *         
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	On = Dn ^ Vn
+ *	V(n+1) = DES(On, key)
+ */
+
+void cfb64_encrypt(unsigned char *s, int c)
+{
+	struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
+	int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(des_cblock)) {
+			des_cblock b;
+			des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(des_cblock));
+			index = 0;
+		}
+
+		/* On encryption, we store (feed ^ data) which is cypher */
+		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
+		s++;
+		index++;
+	}
+	stp->str_index = index;
+}
+
+int cfb64_decrypt(int data)
+{
+	struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(des_cblock)) {
+		des_cblock b;
+		des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(des_cblock));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */ 
+	}
+
+	/* On decryption we store (data) which is cypher. */
+	stp->str_output[index] = data;
+	return(data ^ stp->str_feed[index]);
+}
+
+/*
+ * DES 64 bit Output Feedback
+ *
+ * key --->+-----+
+ *	+->| DES |--+
+ *	|  +-----+  |
+ *	+-----------+
+ *	            v
+ *  INPUT -------->(+) ----> DATA
+ *
+ * Given:
+ *	iV: Initial vector, 64 bits (8 bytes) long.
+ *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ *	V0 = DES(iV, key)
+ *	V(n+1) = DES(Vn, key)
+ *	On = Dn ^ Vn
+ */
+
+void ofb64_encrypt(unsigned char *s, int c)
+{
+	struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
+	int index;
+
+	index = stp->str_index;
+	while (c-- > 0) {
+		if (index == sizeof(des_cblock)) {
+			des_cblock b;
+			des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
+			memcpy(stp->str_feed, b, sizeof(des_cblock));
+			index = 0;
+		}
+		*s++ ^= stp->str_feed[index];
+		index++;
+	}
+	stp->str_index = index;
+}
+
+int ofb64_decrypt(int data)
+{
+	struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
+	int index;
+
+	if (data == -1) {
+		/*
+		 * Back up one byte.  It is assumed that we will
+		 * never back up more than one byte.  If we do, this
+		 * may or may not work.
+		 */
+		if (stp->str_index)
+			--stp->str_index;
+		return(0);
+	}
+
+	index = stp->str_index++;
+	if (index == sizeof(des_cblock)) {
+		des_cblock b;
+		des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
+		memcpy(stp->str_feed, b, sizeof(des_cblock));
+		stp->str_index = 1;	/* Next time will be 1 */
+		index = 0;		/* But now use 0 */ 
+	}
+
+	return(data ^ stp->str_feed[index]);
+}
+#endif
+
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c
new file mode 100644
index 0000000..21f7a85
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.c
@@ -0,0 +1,995 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include <config.h>
+
+RCSID("$Id: encrypt.c,v 1.21 1998/07/09 23:16:25 assar Exp $");
+
+#if	defined(ENCRYPTION)
+
+#define	ENCRYPT_NAMES
+#include <arpa/telnet.h>
+
+#include "encrypt.h"
+#include "misc.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+/*
+ * These functions pointers point to the current routines
+ * for encrypting and decrypting data.
+ */
+void	(*encrypt_output) (unsigned char *, int);
+int	(*decrypt_input) (int);
+char	*nclearto;
+
+int encrypt_debug_mode = 0;
+static int decrypt_mode = 0;
+static int encrypt_mode = 0;
+static int encrypt_verbose = 0;
+static int autoencrypt = 0;
+static int autodecrypt = 0;
+static int havesessionkey = 0;
+static int Server = 0;
+static char *Name = "Noname";
+
+#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
+
+static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
+     | typemask(ENCTYPE_DES_OFB64);
+     static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
+     | typemask(ENCTYPE_DES_OFB64);
+     static long i_wont_support_encrypt = 0;
+     static long i_wont_support_decrypt = 0;
+#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
+#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
+
+     static long remote_supports_encrypt = 0;
+     static long remote_supports_decrypt = 0;
+
+     static Encryptions encryptions[] = {
+#if	defined(DES_ENCRYPTION)
+	 { "DES_CFB64",	ENCTYPE_DES_CFB64,
+	   cfb64_encrypt,	
+	   cfb64_decrypt,
+	   cfb64_init,
+	   cfb64_start,
+	   cfb64_is,
+	   cfb64_reply,
+	   cfb64_session,
+	   cfb64_keyid,
+	   cfb64_printsub },
+	 { "DES_OFB64",	ENCTYPE_DES_OFB64,
+	   ofb64_encrypt,	
+	   ofb64_decrypt,
+	   ofb64_init,
+	   ofb64_start,
+	   ofb64_is,
+	   ofb64_reply,
+	   ofb64_session,
+	   ofb64_keyid,
+	   ofb64_printsub },
+#endif
+	 { 0, },
+     };
+
+static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
+				      ENCRYPT_SUPPORT };
+static unsigned char str_suplen = 0;
+static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
+static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+
+Encryptions *
+findencryption(int type)
+{
+    Encryptions *ep = encryptions;
+
+    if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
+	return(0);
+    while (ep->type && ep->type != type)
+	++ep;
+    return(ep->type ? ep : 0);
+}
+
+Encryptions *
+finddecryption(int type)
+{
+    Encryptions *ep = encryptions;
+
+    if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
+	return(0);
+    while (ep->type && ep->type != type)
+	++ep;
+    return(ep->type ? ep : 0);
+}
+
+#define	MAXKEYLEN 64
+
+static struct key_info {
+    unsigned char keyid[MAXKEYLEN];
+    int keylen;
+    int dir;
+    int *modep;
+    Encryptions *(*getcrypt)();
+} ki[2] = {
+    { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
+    { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
+};
+
+void
+encrypt_init(char *name, int server)
+{
+    Encryptions *ep = encryptions;
+
+    Name = name;
+    Server = server;
+    i_support_encrypt = i_support_decrypt = 0;
+    remote_supports_encrypt = remote_supports_decrypt = 0;
+    encrypt_mode = 0;
+    decrypt_mode = 0;
+    encrypt_output = 0;
+    decrypt_input = 0;
+#ifdef notdef
+    encrypt_verbose = !server;
+#endif
+
+    str_suplen = 4;
+
+    while (ep->type) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: I will support %s\r\n",
+		   Name, ENCTYPE_NAME(ep->type));
+	i_support_encrypt |= typemask(ep->type);
+	i_support_decrypt |= typemask(ep->type);
+	if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
+	    if ((str_send[str_suplen++] = ep->type) == IAC)
+		str_send[str_suplen++] = IAC;
+	if (ep->init)
+	    (*ep->init)(Server);
+	++ep;
+    }
+    str_send[str_suplen++] = IAC;
+    str_send[str_suplen++] = SE;
+}
+
+void
+encrypt_list_types(void)
+{
+    Encryptions *ep = encryptions;
+
+    printf("Valid encryption types:\n");
+    while (ep->type) {
+	printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
+	++ep;
+    }
+}
+
+int
+EncryptEnable(char *type, char *mode)
+{
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt enable <type> [input|output]\n");
+	encrypt_list_types();
+	return(0);
+    }
+    if (EncryptType(type, mode))
+	return(EncryptStart(mode));
+    return(0);
+}
+
+int
+EncryptDisable(char *type, char *mode)
+{
+    Encryptions *ep;
+    int ret = 0;
+
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt disable <type> [input|output]\n");
+	encrypt_list_types();
+    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+					   sizeof(Encryptions))) == 0) {
+	printf("%s: invalid encryption type\n", type);
+    } else if (Ambiguous(ep)) {
+	printf("Ambiguous type '%s'\n", type);
+    } else {
+	if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
+	    if (decrypt_mode == ep->type)
+		EncryptStopInput();
+	    i_wont_support_decrypt |= typemask(ep->type);
+	    ret = 1;
+	}
+	if ((mode == 0) || (isprefix(mode, "output"))) {
+	    if (encrypt_mode == ep->type)
+		EncryptStopOutput();
+	    i_wont_support_encrypt |= typemask(ep->type);
+	    ret = 1;
+	}
+	if (ret == 0)
+	    printf("%s: invalid encryption mode\n", mode);
+    }
+    return(ret);
+}
+
+int
+EncryptType(char *type, char *mode)
+{
+    Encryptions *ep;
+    int ret = 0;
+
+    if (isprefix(type, "help") || isprefix(type, "?")) {
+	printf("Usage: encrypt type <type> [input|output]\n");
+	encrypt_list_types();
+    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+					   sizeof(Encryptions))) == 0) {
+	printf("%s: invalid encryption type\n", type);
+    } else if (Ambiguous(ep)) {
+	printf("Ambiguous type '%s'\n", type);
+    } else {
+	if ((mode == 0) || isprefix(mode, "input")) {
+	    decrypt_mode = ep->type;
+	    i_wont_support_decrypt &= ~typemask(ep->type);
+	    ret = 1;
+	}
+	if ((mode == 0) || isprefix(mode, "output")) {
+	    encrypt_mode = ep->type;
+	    i_wont_support_encrypt &= ~typemask(ep->type);
+	    ret = 1;
+	}
+	if (ret == 0)
+	    printf("%s: invalid encryption mode\n", mode);
+    }
+    return(ret);
+}
+
+int
+EncryptStart(char *mode)
+{
+    int ret = 0;
+    if (mode) {
+	if (isprefix(mode, "input"))
+	    return(EncryptStartInput());
+	if (isprefix(mode, "output"))
+	    return(EncryptStartOutput());
+	if (isprefix(mode, "help") || isprefix(mode, "?")) {
+	    printf("Usage: encrypt start [input|output]\n");
+	    return(0);
+	}
+	printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
+	return(0);
+    }
+    ret += EncryptStartInput();
+    ret += EncryptStartOutput();
+    return(ret);
+}
+
+int
+EncryptStartInput(void)
+{
+    if (decrypt_mode) {
+	encrypt_send_request_start();
+	return(1);
+    }
+    printf("No previous decryption mode, decryption not enabled\r\n");
+    return(0);
+}
+
+int
+EncryptStartOutput(void)
+{
+    if (encrypt_mode) {
+	encrypt_start_output(encrypt_mode);
+	return(1);
+    }
+    printf("No previous encryption mode, encryption not enabled\r\n");
+    return(0);
+}
+
+int
+EncryptStop(char *mode)
+{
+    int ret = 0;
+    if (mode) {
+	if (isprefix(mode, "input"))
+	    return(EncryptStopInput());
+	if (isprefix(mode, "output"))
+	    return(EncryptStopOutput());
+	if (isprefix(mode, "help") || isprefix(mode, "?")) {
+	    printf("Usage: encrypt stop [input|output]\n");
+	    return(0);
+	}
+	printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
+	return(0);
+    }
+    ret += EncryptStopInput();
+    ret += EncryptStopOutput();
+    return(ret);
+}
+
+int
+EncryptStopInput(void)
+{
+    encrypt_send_request_end();
+    return(1);
+}
+
+int
+EncryptStopOutput(void)
+{
+    encrypt_send_end();
+    return(1);
+}
+
+void
+encrypt_display(void)
+{
+    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+	   autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+    if (encrypt_output)
+	printf("Currently encrypting output with %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    else
+	printf("Currently not encrypting output\r\n");
+	
+    if (decrypt_input)
+	printf("Currently decrypting input with %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    else
+	printf("Currently not decrypting input\r\n");
+}
+
+int
+EncryptStatus(void)
+{
+    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+	   autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+    if (encrypt_output)
+	printf("Currently encrypting output with %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    else if (encrypt_mode) {
+	printf("Currently output is clear text.\r\n");
+	printf("Last encryption mode was %s\r\n",
+	       ENCTYPE_NAME(encrypt_mode));
+    } else
+	printf("Currently not encrypting output\r\n");
+	
+    if (decrypt_input) {
+	printf("Currently decrypting input with %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    } else if (decrypt_mode) {
+	printf("Currently input is clear text.\r\n");
+	printf("Last decryption mode was %s\r\n",
+	       ENCTYPE_NAME(decrypt_mode));
+    } else
+	printf("Currently not decrypting input\r\n");
+
+    return 1;
+}
+
+void
+encrypt_send_support(void)
+{
+    if (str_suplen) {
+	/*
+	 * If the user has requested that decryption start
+	 * immediatly, then send a "REQUEST START" before
+	 * we negotiate the type.
+	 */
+	if (!Server && autodecrypt)
+	    encrypt_send_request_start();
+	telnet_net_write(str_send, str_suplen);
+	printsub('>', &str_send[2], str_suplen - 2);
+	str_suplen = 0;
+    }
+}
+
+int
+EncryptDebug(int on)
+{
+    if (on < 0)
+	encrypt_debug_mode ^= 1;
+    else
+	encrypt_debug_mode = on;
+    printf("Encryption debugging %s\r\n",
+	   encrypt_debug_mode ? "enabled" : "disabled");
+    return(1);
+}
+
+/* turn on verbose encryption, but dont keep telling the whole world
+ */
+void encrypt_verbose_quiet(int on)
+{
+    if(on < 0)
+	encrypt_verbose ^= 1;
+    else
+	encrypt_verbose = on ? 1 : 0;
+}
+
+int
+EncryptVerbose(int on)
+{
+    encrypt_verbose_quiet(on);
+    printf("Encryption %s verbose\r\n",
+	   encrypt_verbose ? "is" : "is not");
+    return(1);
+}
+
+int
+EncryptAutoEnc(int on)
+{
+    encrypt_auto(on);
+    printf("Automatic encryption of output is %s\r\n",
+	   autoencrypt ? "enabled" : "disabled");
+    return(1);
+}
+
+int
+EncryptAutoDec(int on)
+{
+    decrypt_auto(on);
+    printf("Automatic decryption of input is %s\r\n",
+	   autodecrypt ? "enabled" : "disabled");
+    return(1);
+}
+
+/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
+   encrypt */
+void
+encrypt_not(void)
+{
+    if (encrypt_verbose)
+  	printf("[ Connection is NOT encrypted ]\r\n");
+    else
+  	printf("\r\n*** Connection not encrypted! "
+	       "Communication may be eavesdropped. ***\r\n");
+}
+
+/*
+ * Called when ENCRYPT SUPPORT is received.
+ */
+void
+encrypt_support(unsigned char *typelist, int cnt)
+{
+    int type, use_type = 0;
+    Encryptions *ep;
+
+    /*
+     * Forget anything the other side has previously told us.
+     */
+    remote_supports_decrypt = 0;
+
+    while (cnt-- > 0) {
+	type = *typelist++;
+	if (encrypt_debug_mode)
+	    printf(">>>%s: He is supporting %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME(type), type);
+	if ((type < ENCTYPE_CNT) &&
+	    (I_SUPPORT_ENCRYPT & typemask(type))) {
+	    remote_supports_decrypt |= typemask(type);
+	    if (use_type == 0)
+		use_type = type;
+	}
+    }
+    if (use_type) {
+	ep = findencryption(use_type);
+	if (!ep)
+	    return;
+	type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
+	if (encrypt_debug_mode)
+	    printf(">>>%s: (*ep->start)() returned %d\r\n",
+		   Name, type);
+	if (type < 0)
+	    return;
+	encrypt_mode = use_type;
+	if (type == 0)
+	    encrypt_start_output(use_type);
+    }
+}
+
+void
+encrypt_is(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+    int type, ret;
+
+    if (--cnt < 0)
+	return;
+    type = *data++;
+    if (type < ENCTYPE_CNT)
+	remote_supports_encrypt |= typemask(type);
+    if (!(ep = finddecryption(type))) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	return;
+    }
+    if (!ep->is) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	ret = 0;
+    } else {
+	ret = (*ep->is)(data, cnt);
+	if (encrypt_debug_mode)
+	    printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
+		   (ret < 0) ? "FAIL " :
+		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+    }
+    if (ret < 0) {
+	autodecrypt = 0;
+    } else {
+	decrypt_mode = type;
+	if (ret == 0 && autodecrypt)
+	    encrypt_send_request_start();
+    }
+}
+
+void
+encrypt_reply(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+    int ret, type;
+
+    if (--cnt < 0)
+	return;
+    type = *data++;
+    if (!(ep = findencryption(type))) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	return;
+    }
+    if (!ep->reply) {
+	if (encrypt_debug_mode)
+	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	ret = 0;
+    } else {
+	ret = (*ep->reply)(data, cnt);
+	if (encrypt_debug_mode)
+	    printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
+		   data, cnt,
+		   (ret < 0) ? "FAIL " :
+		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+    }
+    if (encrypt_debug_mode)
+	printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
+    if (ret < 0) {
+	autoencrypt = 0;
+    } else {
+	encrypt_mode = type;
+	if (ret == 0 && autoencrypt)
+	    encrypt_start_output(type);
+    }
+}
+
+/*
+ * Called when a ENCRYPT START command is received.
+ */
+void
+encrypt_start(unsigned char *data, int cnt)
+{
+    Encryptions *ep;
+
+    if (!decrypt_mode) {
+	/*
+	 * Something is wrong.  We should not get a START
+	 * command without having already picked our
+	 * decryption scheme.  Send a REQUEST-END to
+	 * attempt to clear the channel...
+	 */
+	printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
+	encrypt_send_request_end();
+	return;
+    }
+
+    if ((ep = finddecryption(decrypt_mode))) {
+	decrypt_input = ep->input;
+	if (encrypt_verbose)
+	    printf("[ Input is now decrypted with type %s ]\r\n",
+		   ENCTYPE_NAME(decrypt_mode));
+	if (encrypt_debug_mode)
+	    printf(">>>%s: Start to decrypt input with type %s\r\n",
+		   Name, ENCTYPE_NAME(decrypt_mode));
+    } else {
+	printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
+	       Name,
+	       ENCTYPE_NAME_OK(decrypt_mode)
+	       ? ENCTYPE_NAME(decrypt_mode)
+	       : "(unknown)",
+	       decrypt_mode);
+	encrypt_send_request_end();
+    }
+}
+
+void
+encrypt_session_key(Session_Key *key, int server)
+{
+    Encryptions *ep = encryptions;
+
+    havesessionkey = 1;
+
+    while (ep->type) {
+	if (ep->session)
+	    (*ep->session)(key, server);
+	++ep;
+    }
+}
+
+/*
+ * Called when ENCRYPT END is received.
+ */
+void
+encrypt_end(void)
+{
+    decrypt_input = 0;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Input is back to clear text\r\n", Name);
+    if (encrypt_verbose)
+	printf("[ Input is now clear text ]\r\n");
+}
+
+/*
+ * Called when ENCRYPT REQUEST-END is received.
+ */
+void
+encrypt_request_end(void)
+{
+    encrypt_send_end();
+}
+
+/*
+ * Called when ENCRYPT REQUEST-START is received.  If we receive
+ * this before a type is picked, then that indicates that the
+ * other side wants us to start encrypting data as soon as we
+ * can. 
+ */
+void
+encrypt_request_start(unsigned char *data, int cnt)
+{
+    if (encrypt_mode == 0)  {
+	if (Server)
+	    autoencrypt = 1;
+	return;
+    }
+    encrypt_start_output(encrypt_mode);
+}
+
+static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
+
+static void
+encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
+{
+    Encryptions *ep;
+    int dir = kp->dir;
+    int ret = 0;
+
+    if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+	if (len == 0)
+	    return;
+	kp->keylen = 0;
+    } else if (len == 0) {
+	/*
+	 * Empty option, indicates a failure.
+	 */
+	if (kp->keylen == 0)
+	    return;
+	kp->keylen = 0;
+	if (ep->keyid)
+	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+
+    } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
+	/*
+	 * Length or contents are different
+	 */
+	kp->keylen = len;
+	memcpy(kp->keyid,keyid, len);
+	if (ep->keyid)
+	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+    } else {
+	if (ep->keyid)
+	    ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
+	if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
+	    encrypt_start_output(*kp->modep);
+	return;
+    }
+
+    encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
+}
+
+void encrypt_enc_keyid(unsigned char *keyid, int len)
+{
+    encrypt_keyid(&ki[1], keyid, len);
+}
+
+void encrypt_dec_keyid(unsigned char *keyid, int len)
+{
+    encrypt_keyid(&ki[0], keyid, len);
+}
+
+
+void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
+{
+    unsigned char *strp;
+
+    str_keyid[3] = (dir == DIR_ENCRYPT)
+	? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
+    if (saveit) {
+	struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
+	memcpy(kp->keyid,keyid, keylen);
+	kp->keylen = keylen;
+    }
+
+    for (strp = &str_keyid[4]; keylen > 0; --keylen) {
+	if ((*strp++ = *keyid++) == IAC)
+	    *strp++ = IAC;
+    }
+    *strp++ = IAC;
+    *strp++ = SE;
+    telnet_net_write(str_keyid, strp - str_keyid);
+    printsub('>', &str_keyid[2], strp - str_keyid - 2);
+}
+
+void
+encrypt_auto(int on)
+{
+    if (on < 0)
+	autoencrypt ^= 1;
+    else
+	autoencrypt = on ? 1 : 0;
+}
+
+void
+decrypt_auto(int on)
+{
+    if (on < 0)
+	autodecrypt ^= 1;
+    else
+	autodecrypt = on ? 1 : 0;
+}
+
+void
+encrypt_start_output(int type)
+{
+    Encryptions *ep;
+    unsigned char *p;
+    int i;
+
+    if (!(ep = findencryption(type))) {
+	if (encrypt_debug_mode) {
+	    printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
+		   Name,
+		   ENCTYPE_NAME_OK(type)
+		   ? ENCTYPE_NAME(type) : "(unknown)",
+		   type);
+	}
+	return;
+    }
+    if (ep->start) {
+	i = (*ep->start)(DIR_ENCRYPT, Server);
+	if (encrypt_debug_mode) {
+	    printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
+		   Name, 
+		   (i < 0) ? "failed" :
+		   "initial negotiation in progress",
+		   i, ENCTYPE_NAME(type));
+	}
+	if (i)
+	    return;
+    }
+    p = str_start + 3;
+    *p++ = ENCRYPT_START;
+    for (i = 0; i < ki[0].keylen; ++i) {
+	if ((*p++ = ki[0].keyid[i]) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    telnet_net_write(str_start, p - str_start);
+    net_encrypt();
+    printsub('>', &str_start[2], p - &str_start[2]);
+    /*
+     * If we are already encrypting in some mode, then
+     * encrypt the ring (which includes our request) in
+     * the old mode, mark it all as "clear text" and then
+     * switch to the new mode.
+     */
+    encrypt_output = ep->output;
+    encrypt_mode = type;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Started to encrypt output with type %s\r\n",
+	       Name, ENCTYPE_NAME(type));
+    if (encrypt_verbose)
+	printf("[ Output is now encrypted with type %s ]\r\n",
+	       ENCTYPE_NAME(type));
+}
+
+void
+encrypt_send_end(void)
+{
+    if (!encrypt_output)
+	return;
+
+    str_end[3] = ENCRYPT_END;
+    telnet_net_write(str_end, sizeof(str_end));
+    net_encrypt();
+    printsub('>', &str_end[2], sizeof(str_end) - 2);
+    /*
+     * Encrypt the output buffer now because it will not be done by
+     * netflush...
+     */
+    encrypt_output = 0;
+    if (encrypt_debug_mode)
+	printf(">>>%s: Output is back to clear text\r\n", Name);
+    if (encrypt_verbose)
+	printf("[ Output is now clear text ]\r\n");
+}
+
+void
+encrypt_send_request_start(void)
+{
+    unsigned char *p;
+    int i;
+
+    p = &str_start[3];
+    *p++ = ENCRYPT_REQSTART;
+    for (i = 0; i < ki[1].keylen; ++i) {
+	if ((*p++ = ki[1].keyid[i]) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    telnet_net_write(str_start, p - str_start);
+    printsub('>', &str_start[2], p - &str_start[2]);
+    if (encrypt_debug_mode)
+	printf(">>>%s: Request input to be encrypted\r\n", Name);
+}
+
+void
+encrypt_send_request_end(void)
+{
+    str_end[3] = ENCRYPT_REQEND;
+    telnet_net_write(str_end, sizeof(str_end));
+    printsub('>', &str_end[2], sizeof(str_end) - 2);
+
+    if (encrypt_debug_mode)
+	printf(">>>%s: Request input to be clear text\r\n", Name);
+}
+
+
+void encrypt_wait(void)
+{
+    if (encrypt_debug_mode)
+	printf(">>>%s: in encrypt_wait\r\n", Name);
+    if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
+	return;
+    while (autoencrypt && !encrypt_output)
+	if (telnet_spin())
+	    return;
+}
+
+int
+encrypt_delay(void)
+{
+    if(!havesessionkey ||
+       (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
+       (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
+	return 0;
+    if(!(encrypt_output && decrypt_input))
+	return 1;
+    return 0;
+}
+
+void
+encrypt_debug(int mode)
+{
+    encrypt_debug_mode = mode;
+}
+
+void encrypt_gen_printsub(unsigned char *data, int cnt, 
+			  unsigned char *buf, int buflen)
+{
+    char tbuf[16], *cp;
+
+    cnt -= 2;
+    data += 2;
+    buf[buflen-1] = '\0';
+    buf[buflen-2] = '*';
+    buflen -= 2;;
+    for (; cnt > 0; cnt--, data++) {
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
+	for (cp = tbuf; *cp && buflen > 0; --buflen)
+	    *buf++ = *cp++;
+	if (buflen <= 0)
+	    return;
+    }
+    *buf = '\0';
+}
+
+void
+encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    Encryptions *ep;
+    int type = data[1];
+
+    for (ep = encryptions; ep->type && ep->type != type; ep++)
+	;
+
+    if (ep->printsub)
+	(*ep->printsub)(data, cnt, buf, buflen);
+    else
+	encrypt_gen_printsub(data, cnt, buf, buflen);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h
new file mode 100644
index 0000000..5919db5
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/encrypt.h
@@ -0,0 +1,98 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
+ *
+ *	@(#)encrypt.h	5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */
+
+#ifndef	__ENCRYPT__
+#define	__ENCRYPT__
+
+#define	DIR_DECRYPT		1
+#define	DIR_ENCRYPT		2
+
+#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
+			  key[4] | key[5] | key[6] | key[7])
+
+#define	SAMEKEY(k1, k2)	(!memcmp(k1, k2, sizeof(des_cblock)))
+
+typedef	struct {
+	short		type;
+	int		length;
+	unsigned char	*data;
+} Session_Key;
+
+typedef struct {
+	char	*name;
+	int	type;
+	void	(*output) (unsigned char *, int);
+	int	(*input) (int);
+	void	(*init) (int);
+	int	(*start) (int, int);
+	int	(*is) (unsigned char *, int);
+	int	(*reply) (unsigned char *, int);
+	void	(*session) (Session_Key *, int);
+	int	(*keyid) (int, unsigned char *, int *);
+	void	(*printsub) (unsigned char *, int, unsigned char *, int);
+} Encryptions;
+
+#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
+
+#include "enc-proto.h"
+
+extern int encrypt_debug_mode;
+extern int (*decrypt_input) (int);
+extern void (*encrypt_output) (unsigned char *, int);
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/genget.c b/crypto/kerberosIV/appl/telnet/libtelnet/genget.c
new file mode 100644
index 0000000..c17a7bd
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/genget.c
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+#include "misc-proto.h"
+
+RCSID("$Id: genget.c,v 1.6 1997/05/04 09:01:34 assar Exp $");
+
+#include <ctype.h>
+
+#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
+/*
+ * The prefix function returns 0 if *s1 is not a prefix
+ * of *s2.  If *s1 exactly matches *s2, the negative of
+ * the length is returned.  If *s1 is a prefix of *s2,
+ * the length of *s1 is returned.
+ */
+
+int
+isprefix(char *s1, char *s2)
+{
+    char *os1;
+    char c1, c2;
+
+    if (*s1 == '\0')
+	return(-1);
+    os1 = s1;
+    c1 = *s1;
+    c2 = *s2;
+    while (LOWER(c1) == LOWER(c2)) {
+	if (c1 == '\0')
+	    break;
+	c1 = *++s1;
+	c2 = *++s2;
+    }
+    return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
+}
+
+static char *ambiguous;		/* special return value for command routines */
+
+char **
+genget(char *name, char **table, int stlen)
+     /* name to match */
+     /* name entry in table */
+	   	      
+{
+    char **c, **found;
+    int n;
+
+    if (name == 0)
+	return 0;
+
+    found = 0;
+    for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
+	if ((n = isprefix(name, *c)) == 0)
+	    continue;
+	if (n < 0)		/* exact match */
+	    return(c);
+	if (found)
+	    return(&ambiguous);
+	found = c;
+    }
+    return(found);
+}
+
+/*
+ * Function call version of Ambiguous()
+ */
+int
+Ambiguous(void *s)
+{
+    return((char **)s == &ambiguous);
+}
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
new file mode 100644
index 0000000..b5c0953
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
@@ -0,0 +1,717 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
+
+#ifdef	KRB4
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include <des.h>	/* BSD wont include this in krb.h, so we do it here */
+#include <krb.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int kerberos4_cksum (unsigned char *, int);
+extern int auth_debug_mode;
+
+static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V4, };
+
+#define	KRB_AUTH	0		/* Authentication data follows */
+#define	KRB_REJECT	1		/* Rejected (reason might follow) */
+#define	KRB_ACCEPT	2		/* Accepted */
+#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
+#define	KRB_RESPONSE	4		/* Response for mutual auth. */
+
+#define KRB_FORWARD		5	/* */
+#define KRB_FORWARD_ACCEPT	6	/* */
+#define KRB_FORWARD_REJECT	7	/* */
+
+#define KRB_SERVICE_NAME   "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	AUTH_DAT adat;
+static des_cblock session_key;
+static des_cblock cred_session;
+static des_key_schedule sched;
+static des_cblock challenge;
+static int auth_done; /* XXX */
+
+static int pack_cred(CREDENTIALS *cred, unsigned char *buf);
+static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred);
+
+
+static int
+Data(Authenticator *ap, int type, const void *d, int c)
+{
+    unsigned char *p = str_data + 4;
+    const unsigned char *cd = (const unsigned char *)d;
+
+    if (c == -1)
+	c = strlen((const char *)cd);
+
+    if (auth_debug_mode) {
+	printf("%s:%d: [%d] (%d)",
+	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+	       str_data[3],
+	       type, c);
+	printd(d, c);
+	printf("\r\n");
+    }
+    *p++ = ap->type;
+    *p++ = ap->way;
+    *p++ = type;
+    while (c-- > 0) {
+	if ((*p++ = *cd++) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    if (str_data[3] == TELQUAL_IS)
+	printsub('>', &str_data[2], p - (&str_data[2]));
+    return(telnet_net_write(str_data, p - str_data));
+}
+
+int
+kerberos4_init(Authenticator *ap, int server)
+{
+    FILE *fp;
+
+    if (server) {
+	str_data[3] = TELQUAL_REPLY;
+	if ((fp = fopen(KEYFILE, "r")) == NULL)
+	    return(0);
+	fclose(fp);
+    } else {
+	str_data[3] = TELQUAL_IS;
+    }
+    return(1);
+}
+
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+int dst_realm_sz = REALM_SZ;
+
+static int
+kerberos4_send(char *name, Authenticator *ap)
+{
+    KTEXT_ST auth;
+    char instance[INST_SZ];
+    char *realm;
+    CREDENTIALS cred;
+    int r;
+
+    printf("[ Trying %s ... ]\r\n", name);
+    if (!UserNameRequested) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V4: no user name supplied\r\n");
+	}
+	return(0);
+    }
+
+    memset(instance, 0, sizeof(instance));
+
+    strcpy_truncate (instance,
+		     krb_get_phost(RemoteHostName),
+		     INST_SZ);
+
+    realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
+
+    if (!realm) {
+	printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
+	return(0);
+    }
+    r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L);
+    if (r) {
+	printf("mk_req failed: %s\r\n", krb_get_err_text(r));
+	return(0);
+    }
+    r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred);
+    if (r) {
+	printf("get_cred failed: %s\r\n", krb_get_err_text(r));
+	return(0);
+    }
+    if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+	if (auth_debug_mode)
+	    printf("Not enough room for user name\r\n");
+	return(0);
+    }
+    if (auth_debug_mode)
+	printf("Sent %d bytes of authentication data\r\n", auth.length);
+    if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+	return(0);
+    }
+#ifdef ENCRYPTION
+    /* create challenge */
+    if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) {
+	int i;
+
+	des_key_sched(&cred.session, sched);
+	memcpy (&cred_session, &cred.session, sizeof(cred_session));
+	des_init_random_number_generator(&cred.session);
+	des_new_random_key(&session_key);
+	des_ecb_encrypt(&session_key, &session_key, sched, 0);
+	des_ecb_encrypt(&session_key, &challenge, sched, 0);
+
+	/*
+	  old code
+	  Some CERT Advisory thinks this is a bad thing...
+	    
+	  des_init_random_number_generator(&cred.session);
+	  des_new_random_key(&challenge);
+	  des_ecb_encrypt(&challenge, &session_key, sched, 1);
+	  */
+	  
+	/*
+	 * Increment the challenge by 1, and encrypt it for
+	 * later comparison.
+	 */
+	for (i = 7; i >= 0; --i) 
+	    if(++challenge[i] != 0) /* No carry! */
+		break;
+	des_ecb_encrypt(&challenge, &challenge, sched, 1);
+    }
+
+#endif
+
+    if (auth_debug_mode) {
+	printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+	printd(auth.dat, auth.length);
+	printf("\r\n");
+	printf("Sent Kerberos V4 credentials to server\r\n");
+    }
+    return(1);
+}
+int
+kerberos4_send_mutual(Authenticator *ap)
+{
+    return kerberos4_send("mutual KERBEROS4", ap);
+}
+
+int
+kerberos4_send_oneway(Authenticator *ap)
+{
+    return kerberos4_send("KERBEROS4", ap);
+}
+
+void
+kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+    struct sockaddr_in addr;
+    char realm[REALM_SZ];
+    char instance[INST_SZ];
+    int r;
+    int addr_len;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_AUTH:
+	if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+	    Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("No local realm\r\n");
+	    return;
+	}
+	memmove(auth.dat, data, auth.length = cnt);
+	if (auth_debug_mode) {
+	    printf("Got %d bytes of authentication data\r\n", cnt);
+	    printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+	    printd(auth.dat, auth.length);
+	    printf("\r\n");
+	}
+	k_getsockinst(0, instance, sizeof(instance));
+	addr_len = sizeof(addr);
+	if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
+	    if(auth_debug_mode)
+		printf("getpeername failed\r\n");
+	    Data(ap, KRB_REJECT, "getpeername failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+	if (addr.sin_family != AF_INET) {
+	    if (auth_debug_mode)
+		printf("unknown address family: %d\r\n", addr.sin_family);
+	    Data(ap, KRB_REJECT, "bad address family", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+
+	r = krb_rd_req(&auth, KRB_SERVICE_NAME,
+		       instance, addr.sin_addr.s_addr, &adat, "");
+	if (r) {
+	    if (auth_debug_mode)
+		printf("Kerberos failed him as %s\r\n", name);
+	    Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    return;
+	}
+	/* save the session key */
+	memmove(session_key, adat.session, sizeof(adat.session));
+	krb_kntoln(&adat, name);
+
+	if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
+	    char ts[MaxPathLen];
+	    struct passwd *pw = getpwnam(UserNameRequested);
+
+	    if(pw){
+		snprintf(ts, sizeof(ts),
+			 "%s%u",
+			 TKT_ROOT,
+			 (unsigned)pw->pw_uid);
+		setenv("KRBTKFILE", ts, 1);
+
+		if (pw->pw_uid == 0)
+		    syslog(LOG_INFO|LOG_AUTH,
+			   "ROOT Kerberos login from %s on %s\n",
+			   krb_unparse_name_long(adat.pname,
+						 adat.pinst,
+						 adat.prealm),
+			   RemoteHostName);
+	    }
+	    Data(ap, KRB_ACCEPT, NULL, 0);
+	} else {
+	    char *msg;
+
+	    asprintf (&msg, "user `%s' is not authorized to "
+		      "login as `%s'", 
+		      krb_unparse_name_long(adat.pname, 
+					    adat.pinst, 
+					    adat.prealm), 
+		      UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (msg == NULL)
+		Data(ap, KRB_REJECT, NULL, 0);
+	    else {
+		Data(ap, KRB_REJECT, (void *)msg, -1);
+		free(msg);
+	    }
+	}
+	auth_finished(ap, AUTH_USER);
+	break;
+	
+    case KRB_CHALLENGE:
+#ifndef ENCRYPTION
+	Data(ap, KRB_RESPONSE, NULL, 0);
+#else
+	if(!VALIDKEY(session_key)){
+	    Data(ap, KRB_RESPONSE, NULL, 0);
+	    break;
+	}
+	des_key_sched(&session_key, sched);
+	{
+	    des_cblock d_block;
+	    int i;
+	    Session_Key skey;
+
+	    memmove(d_block, data, sizeof(d_block));
+
+	    /* make a session key for encryption */
+	    des_ecb_encrypt(&d_block, &session_key, sched, 1);
+	    skey.type=SK_DES;
+	    skey.length=8;
+	    skey.data=session_key;
+	    encrypt_session_key(&skey, 1);
+
+	    /* decrypt challenge, add one and encrypt it */
+	    des_ecb_encrypt(&d_block, &challenge, sched, 0);
+	    for (i = 7; i >= 0; i--)
+		if(++challenge[i] != 0)
+		    break;
+	    des_ecb_encrypt(&challenge, &challenge, sched, 1);
+	    Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
+	}
+#endif
+	break;
+
+    case KRB_FORWARD:
+	{
+	    des_key_schedule ks;
+	    unsigned char netcred[sizeof(CREDENTIALS)];
+	    CREDENTIALS cred;
+	    int ret;
+	    if(cnt > sizeof(cred))
+		abort();
+
+	    memcpy (session_key, adat.session, sizeof(session_key));
+	    des_set_key(&session_key, ks);
+	    des_pcbc_encrypt((void*)data, (void*)netcred, cnt, 
+			     ks, &session_key, DES_DECRYPT);
+	    unpack_cred(netcred, cnt, &cred);
+	    {
+		if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
+		   strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
+		   cred.lifetime < 0 || cred.lifetime > 255 ||
+		   cred.kvno < 0 || cred.kvno > 255 ||
+		   cred.issue_date < 0 || 
+		   cred.issue_date > time(0) + CLOCK_SKEW ||
+		   strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
+		   strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){
+		    Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
+		}else{
+		    if((ret = tf_setup(&cred,
+				       cred.pname,
+				       cred.pinst)) == KSUCCESS){
+		        struct passwd *pw = getpwnam(UserNameRequested);
+
+			if (pw)
+			  chown(tkt_string(), pw->pw_uid, pw->pw_gid);
+			Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+		    } else{
+			Data(ap, KRB_FORWARD_REJECT, 
+			     krb_get_err_text(ret), -1);
+		    }
+		}
+	    }
+	    memset(data, 0, cnt);
+	    memset(ks, 0, sizeof(ks));
+	    memset(&cred, 0, sizeof(cred));
+	}
+	
+	break;
+
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	Data(ap, KRB_REJECT, 0, 0);
+	break;
+    }
+}
+
+void
+kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+    Session_Key skey;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_REJECT:
+	if(auth_done){ /* XXX Ick! */
+	    printf("[ Kerberos V4 received unknown opcode ]\r\n");
+	}else{
+	    printf("[ Kerberos V4 refuses authentication ");
+	    if (cnt > 0) 
+		printf("because %.*s ", cnt, data);
+	    printf("]\r\n");
+	    auth_send_retry();
+	}
+	return;
+    case KRB_ACCEPT:
+	printf("[ Kerberos V4 accepts you ]\r\n");
+	auth_done = 1;
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    /*
+	     * Send over the encrypted challenge.
+	     */
+	    Data(ap, KRB_CHALLENGE, session_key, 
+		 sizeof(session_key));
+	    des_ecb_encrypt(&session_key, &session_key, sched, 1);
+	    skey.type = SK_DES;
+	    skey.length = 8;
+	    skey.data = session_key;
+	    encrypt_session_key(&skey, 0);
+#if 0
+	    kerberos4_forward(ap, &cred_session);
+#endif
+	    return;
+	}
+	auth_finished(ap, AUTH_USER);
+	return;
+    case KRB_RESPONSE:
+	/* make sure the response is correct */
+	if ((cnt != sizeof(des_cblock)) ||
+	    (memcmp(data, challenge, sizeof(challenge)))){
+	    printf("[ Kerberos V4 challenge failed!!! ]\r\n");
+	    auth_send_retry();
+	    return;
+	}
+	printf("[ Kerberos V4 challenge successful ]\r\n");
+	auth_finished(ap, AUTH_USER);
+	break;
+    case KRB_FORWARD_ACCEPT:
+	printf("[ Kerberos V4 accepted forwarded credentials ]\r\n");
+	break;
+    case KRB_FORWARD_REJECT:
+	printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n",
+	       cnt, data);
+	break;
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	return;
+    }
+}
+
+int
+kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+    if (level < AUTH_USER)
+	return(level);
+
+    if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+	strcpy_truncate(name, UserNameRequested, name_sz);
+	return(AUTH_VALID);
+    } else
+	return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    int i;
+
+    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buflen -= 1;
+
+    switch(data[3]) {
+    case KRB_REJECT:		/* Rejected (reason might follow) */
+	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	goto common;
+
+    case KRB_ACCEPT:		/* Accepted (name might follow) */
+	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+    common:
+	BUMP(buf, buflen);
+	if (cnt <= 4)
+	    break;
+	ADDC(buf, buflen, '"');
+	for (i = 4; i < cnt; i++)
+	    ADDC(buf, buflen, data[i]);
+	ADDC(buf, buflen, '"');
+	ADDC(buf, buflen, '\0');
+	break;
+
+    case KRB_AUTH:			/* Authentication data follows */
+	strcpy_truncate((char *)buf, " AUTH", buflen);
+	goto common2;
+
+    case KRB_CHALLENGE:
+	strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+	goto common2;
+
+    case KRB_RESPONSE:
+	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	goto common2;
+
+    default:
+	snprintf(buf, buflen, " %d (unknown)", data[3]);
+    common2:
+	BUMP(buf, buflen);
+	for (i = 4; i < cnt; i++) {
+	    snprintf(buf, buflen, " %d", data[i]);
+	    BUMP(buf, buflen);
+	}
+	break;
+    }
+}
+
+int
+kerberos4_cksum(unsigned char *d, int n)
+{
+    int ck = 0;
+
+    /*
+     * A comment is probably needed here for those not
+     * well versed in the "C" language.  Yes, this is
+     * supposed to be a "switch" with the body of the
+     * "switch" being a "while" statement.  The whole
+     * purpose of the switch is to allow us to jump into
+     * the middle of the while() loop, and then not have
+     * to do any more switch()s.
+     *
+     * Some compilers will spit out a warning message
+     * about the loop not being entered at the top.
+     */
+    switch (n&03)
+	while (n > 0) {
+	case 0:
+	    ck ^= (int)*d++ << 24;
+	    --n;
+	case 3:
+	    ck ^= (int)*d++ << 16;
+	    --n;
+	case 2:
+	    ck ^= (int)*d++ << 8;
+	    --n;
+	case 1:
+	    ck ^= (int)*d++;
+	    --n;
+	}
+    return(ck);
+}
+
+static int
+pack_cred(CREDENTIALS *cred, unsigned char *buf)
+{
+    unsigned char *p = buf;
+    
+    memcpy (p, cred->service, ANAME_SZ);
+    p += ANAME_SZ;
+    memcpy (p, cred->instance, INST_SZ);
+    p += INST_SZ;
+    memcpy (p, cred->realm, REALM_SZ);
+    p += REALM_SZ;
+    memcpy(p, cred->session, 8);
+    p += 8;
+    p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
+    p += KRB_PUT_INT(cred->kvno, p, 4, 4);
+    p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
+    memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
+    p += cred->ticket_st.length;
+    p += KRB_PUT_INT(0, p, 4, 4);
+    p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
+    memcpy (p, cred->pname, ANAME_SZ);
+    p += ANAME_SZ;
+    memcpy (p, cred->pinst, INST_SZ);
+    p += INST_SZ;
+    return p - buf;
+}
+
+static int
+unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
+{
+    unsigned char *p = buf;
+    u_int32_t tmp;
+
+    strncpy (cred->service, p, ANAME_SZ);
+    cred->service[ANAME_SZ - 1] = '\0';
+    p += ANAME_SZ;
+    strncpy (cred->instance, p, INST_SZ);
+    cred->instance[INST_SZ - 1] = '\0';
+    p += INST_SZ;
+    strncpy (cred->realm, p, REALM_SZ);
+    cred->realm[REALM_SZ - 1] = '\0';
+    p += REALM_SZ;
+
+    memcpy(cred->session, p, 8);
+    p += 8;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->lifetime = tmp;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->kvno = tmp;
+
+    p += krb_get_int(p, &cred->ticket_st.length, 4, 0);
+    memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+    p += cred->ticket_st.length;
+    p += krb_get_int(p, &tmp, 4, 0);
+    cred->ticket_st.mbz = 0;
+    p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, 0);
+
+    strncpy (cred->pname, p, ANAME_SZ);
+    cred->pname[ANAME_SZ - 1] = '\0';
+    p += ANAME_SZ;
+    strncpy (cred->pinst, p, INST_SZ);
+    cred->pinst[INST_SZ - 1] = '\0';
+    p += INST_SZ;
+    return 0;
+}
+
+
+int
+kerberos4_forward(Authenticator *ap, void *v)
+{
+    des_cblock *key = (des_cblock *)v;
+    CREDENTIALS cred;
+    char *realm;
+    des_key_schedule ks;
+    int len;
+    unsigned char netcred[sizeof(CREDENTIALS)];
+    int ret;
+
+    realm = krb_realmofhost(RemoteHostName);
+    if(realm == NULL)
+	return -1;
+    memset(&cred, 0, sizeof(cred));
+    ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+		       realm,
+		       realm, 
+		       &cred);
+    if(ret)
+	return ret;
+    des_set_key(key, ks);
+    len = pack_cred(&cred, netcred);
+    des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
+		     ks, key, DES_ENCRYPT);
+    memset(ks, 0, sizeof(ks));
+    Data(ap, KRB_FORWARD, netcred, len);
+    memset(netcred, 0, sizeof(netcred));
+    return 0;
+}
+
+#endif /* KRB4 */
+
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
new file mode 100644
index 0000000..0b7818f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
@@ -0,0 +1,734 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $");
+
+#ifdef	KRB5
+
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <pwd.h>
+#define Authenticator k5_Authenticator
+#include <krb5.h>
+#undef Authenticator
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
+
+/* These values need to be the same as those defined in telnet/main.c. */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+void kerberos5_forward (Authenticator *);
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KERBEROS_V5, };
+
+#define	KRB_AUTH		0	/* Authentication data follows */
+#define	KRB_REJECT		1	/* Rejected (reason might follow) */
+#define	KRB_ACCEPT		2	/* Accepted */
+#define	KRB_RESPONSE		3	/* Response for mutual auth. */
+
+#define KRB_FORWARD     	4       /* Forwarded credentials follow */
+#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
+#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
+
+static	krb5_data auth;
+static  krb5_ticket *ticket;
+
+static krb5_context context;
+static krb5_auth_context auth_context;
+
+static int
+Data(Authenticator *ap, int type, void *d, int c)
+{
+    unsigned char *p = str_data + 4;
+    unsigned char *cd = (unsigned char *)d;
+
+    if (c == -1)
+	c = strlen(cd);
+
+    if (auth_debug_mode) {
+	printf("%s:%d: [%d] (%d)",
+	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+	       str_data[3],
+	       type, c);
+	printd(d, c);
+	printf("\r\n");
+    }
+    *p++ = ap->type;
+    *p++ = ap->way;
+    *p++ = type;
+    while (c-- > 0) {
+	if ((*p++ = *cd++) == IAC)
+	    *p++ = IAC;
+    }
+    *p++ = IAC;
+    *p++ = SE;
+    if (str_data[3] == TELQUAL_IS)
+	printsub('>', &str_data[2], p - &str_data[2]);
+    return(telnet_net_write(str_data, p - str_data));
+}
+
+int
+kerberos5_init(Authenticator *ap, int server)
+{
+    if (server)
+	str_data[3] = TELQUAL_REPLY;
+    else
+	str_data[3] = TELQUAL_IS;
+    krb5_init_context(&context);
+    return(1);
+}
+
+static int
+kerberos5_send(char *name, Authenticator *ap)
+{
+    krb5_error_code ret;
+    krb5_ccache ccache;
+    int ap_opts;
+    krb5_data cksum_data;
+    char foo[2];
+    extern int net;
+    
+    printf("[ Trying %s ... ]\r\n", name);
+    if (!UserNameRequested) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: no user name supplied\r\n");
+	}
+	return(0);
+    }
+    
+    ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: could not get default ccache: %s\r\n",
+		   krb5_get_err_text (context, ret));
+	}
+	return 0;
+    }
+	
+    if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
+	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
+    else
+	ap_opts = 0;
+    
+    ret = krb5_auth_con_init (context, &auth_context);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
+		   krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    ret = krb5_auth_con_setaddrs_from_fd (context,
+					  auth_context,
+					  &net);
+    if (ret) {
+	if (auth_debug_mode) {
+	    printf ("Kerberos V5:"
+		    " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
+		    krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    krb5_auth_setkeytype (context, auth_context, KEYTYPE_DES);
+
+    foo[0] = ap->type;
+    foo[1] = ap->way;
+
+    cksum_data.length = sizeof(foo);
+    cksum_data.data   = foo;
+    ret = krb5_mk_req(context, &auth_context, ap_opts,
+		      "host", RemoteHostName, 
+		      &cksum_data, ccache, &auth);
+
+    if (ret) {
+	if (1 || auth_debug_mode) {
+	    printf("Kerberos V5: mk_req failed (%s)\r\n",
+		   krb5_get_err_text(context, ret));
+	}
+	return(0);
+    }
+
+    if (!auth_sendname((unsigned char *)UserNameRequested,
+		       strlen(UserNameRequested))) {
+	if (auth_debug_mode)
+	    printf("Not enough room for user name\r\n");
+	return(0);
+    }
+    if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+	return(0);
+    }
+    if (auth_debug_mode) {
+	printf("Sent Kerberos V5 credentials to server\r\n");
+    }
+    return(1);
+}
+
+int
+kerberos5_send_mutual(Authenticator *ap)
+{
+    return kerberos5_send("mutual KERBEROS5", ap);
+}
+
+int
+kerberos5_send_oneway(Authenticator *ap)
+{
+    return kerberos5_send("KERBEROS5", ap);
+}
+
+void
+kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+    krb5_error_code ret;
+    krb5_data outbuf;
+    krb5_keyblock *key_block;
+    char *name;
+    krb5_principal server;
+    int zero = 0;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_AUTH:
+	auth.data = (char *)data;
+	auth.length = cnt;
+
+	auth_context = NULL;
+
+	ret = krb5_auth_con_init (context, &auth_context);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_auth_con_setaddrs_from_fd (context,
+					      auth_context,
+					      &zero);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_sock_to_principal (context,
+				      0,
+				      "host",
+				      KRB5_NT_SRV_HST,
+				      &server);
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_sock_to_principal failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	ret = krb5_rd_req(context,
+			  &auth_context,
+			  &auth, 
+			  server,
+			  NULL,
+			  NULL,
+			  &ticket);
+	krb5_free_principal (context, server);
+
+	if (ret) {
+	    char *errbuf;
+
+	    asprintf(&errbuf,
+		     "Read req failed: %s",
+		     krb5_get_err_text(context, ret));
+	    Data(ap, KRB_REJECT, errbuf, -1);
+	    if (auth_debug_mode)
+		printf("%s\r\n", errbuf);
+	    free (errbuf);
+	    return;
+	}
+	
+	{
+	    char foo[2];
+	    
+	    foo[0] = ap->type;
+	    foo[1] = ap->way;
+	    
+	    ret = krb5_verify_authenticator_checksum(context,
+						     auth_context,
+						     foo, 
+						     sizeof(foo));
+
+	    if (ret) {
+		char *errbuf;
+		asprintf(&errbuf, "Bad checksum: %s", 
+			 krb5_get_err_text(context, ret));
+		Data(ap, KRB_REJECT, errbuf, -1);
+		if (auth_debug_mode)
+		    printf ("%s\r\n", errbuf);
+		free(errbuf);
+		return;
+	    }
+	}
+	ret = krb5_auth_con_getremotesubkey (context,
+					     auth_context,
+					     &key_block);
+
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_getremotesubkey failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    ret = krb5_mk_rep(context, &auth_context, &outbuf);
+	    if (ret) {
+		Data(ap, KRB_REJECT,
+		     "krb5_mk_rep failed", -1);
+		auth_finished(ap, AUTH_REJECT);
+		if (auth_debug_mode)
+		    printf("Kerberos V5: "
+			   "krb5_mk_rep failed (%s)\r\n",
+			   krb5_get_err_text(context, ret));
+		return;
+	    }
+	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
+	}
+	if (krb5_unparse_name(context, ticket->client, &name))
+	    name = 0;
+
+	if(UserNameRequested && krb5_kuserok(context,
+					     ticket->client,
+					     UserNameRequested)) {
+	    Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
+	    if (auth_debug_mode) {
+		printf("Kerberos5 identifies him as ``%s''\r\n",
+		       name ? name : "");
+	    }
+
+	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
+	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
+	       key_block->keytype == ETYPE_DES_CBC_CRC) {
+		Session_Key skey;
+
+		skey.type = SK_DES;
+		skey.length = 8;
+		skey.data = key_block->keyvalue.data;
+		encrypt_session_key(&skey, 0);
+	    }
+
+	} else {
+	    char *msg;
+
+	    asprintf (&msg, "user `%s' is not authorized to "
+		      "login as `%s'", 
+		      name ? name : "<unknown>",
+		      UserNameRequested ? UserNameRequested : "<nobody>");
+	    if (msg == NULL)
+		Data(ap, KRB_REJECT, NULL, 0);
+	    else {
+		Data(ap, KRB_REJECT, (void *)msg, -1);
+		free(msg);
+	    }
+	}
+	auth_finished(ap, AUTH_USER);
+
+	krb5_free_keyblock_contents(context, key_block);
+	
+	break;
+    case KRB_FORWARD: {
+	struct passwd *pwd;
+	char ccname[1024];	/* XXX */
+	krb5_data inbuf;
+	krb5_ccache ccache;
+	inbuf.data = (char *)data;
+	inbuf.length = cnt;
+
+	pwd = getpwnam (UserNameRequested);
+	if (pwd == NULL)
+	    break;
+
+	snprintf (ccname, sizeof(ccname),
+		  "FILE:/tmp/krb5cc_%u", pwd->pw_uid);
+
+	ret = krb5_cc_resolve (context, ccname, &ccache);
+	if (ret) {
+	    if (auth_debug_mode)
+		printf ("Kerberos V5: could not get ccache: %s\r\n",
+			krb5_get_err_text(context, ret));
+	    break;
+	}
+
+	ret = krb5_cc_initialize (context,
+				  ccache,
+				  ticket->client);
+	if (ret) {
+	    if (auth_debug_mode)
+		printf ("Kerberos V5: could not init ccache: %s\r\n",
+			krb5_get_err_text(context, ret));
+	    break;
+	}
+
+	ret = krb5_rd_cred (context,
+			    auth_context,
+			    ccache,
+			    &inbuf);
+	if(ret) {
+	    char *errbuf;
+
+	    asprintf (&errbuf,
+		      "Read forwarded creds failed: %s",
+		      krb5_get_err_text (context, ret));
+	    if(errbuf == NULL)
+		Data(ap, KRB_FORWARD_REJECT, NULL, 0);
+	    else
+		Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
+	    if (auth_debug_mode)
+		printf("Could not read forwarded credentials: %s\r\n",
+		       errbuf);
+	    free (errbuf);
+	} else
+	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+	chown (ccname + 5, pwd->pw_uid, -1);
+	if (auth_debug_mode)
+	    printf("Forwarded credentials obtained\r\n");
+	break;
+    }
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	Data(ap, KRB_REJECT, 0, 0);
+	break;
+    }
+}
+
+void
+kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+    static int mutual_complete = 0;
+
+    if (cnt-- < 1)
+	return;
+    switch (*data++) {
+    case KRB_REJECT:
+	if (cnt > 0) {
+	    printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
+		   cnt, data);
+	} else
+	    printf("[ Kerberos V5 refuses authentication ]\r\n");
+	auth_send_retry();
+	return;
+    case KRB_ACCEPT: {
+	krb5_error_code ret;
+	Session_Key skey;
+	krb5_keyblock *keyblock;
+	
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
+	    !mutual_complete) {
+	    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
+	    auth_send_retry();
+	    return;
+	}
+	if (cnt)
+	    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
+	else
+	    printf("[ Kerberos V5 accepts you ]\r\n");
+	      
+	ret = krb5_auth_con_getlocalsubkey (context,
+					    auth_context,
+					    &keyblock);
+	if (ret)
+	    ret = krb5_auth_con_getkey (context,
+					auth_context,
+					&keyblock);
+	if(ret) {
+	    printf("[ krb5_auth_con_getkey: %s ]\r\n",
+		   krb5_get_err_text(context, ret));
+	    auth_send_retry();
+	    return;
+	}
+	      
+	skey.type = SK_DES;
+	skey.length = 8;
+	skey.data = keyblock->keyvalue.data;
+	encrypt_session_key(&skey, 0);
+	krb5_free_keyblock_contents (context, keyblock);
+	auth_finished(ap, AUTH_USER);
+	if (forward_flags & OPTS_FORWARD_CREDS)
+	    kerberos5_forward(ap);
+	break;
+    }
+    case KRB_RESPONSE:
+	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+	    /* the rest of the reply should contain a krb_ap_rep */
+	  krb5_ap_rep_enc_part *reply;
+	  krb5_data inbuf;
+	  krb5_error_code ret;
+	    
+	  inbuf.length = cnt;
+	  inbuf.data = (char *)data;
+
+	  ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
+	  if (ret) {
+	      printf("[ Mutual authentication failed: %s ]\r\n",
+		     krb5_get_err_text (context, ret));
+	      auth_send_retry();
+	      return;
+	  }
+	  krb5_free_ap_rep_enc_part(context, reply);
+	  mutual_complete = 1;
+	}
+	return;
+    case KRB_FORWARD_ACCEPT:
+	printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
+	return;
+    case KRB_FORWARD_REJECT:
+	printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
+	       cnt, data);
+	return;
+    default:
+	if (auth_debug_mode)
+	    printf("Unknown Kerberos option %d\r\n", data[-1]);
+	return;
+    }
+}
+
+int
+kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+    if (level < AUTH_USER)
+	return(level);
+
+    if (UserNameRequested &&
+	krb5_kuserok(context,
+		     ticket->client,
+		     UserNameRequested))
+	{
+	    strcpy_truncate(name, UserNameRequested, name_sz);
+	    return(AUTH_VALID);
+	} else
+	    return(AUTH_USER);
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+    int i;
+
+    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buflen -= 1;
+
+    switch(data[3]) {
+    case KRB_REJECT:		/* Rejected (reason might follow) */
+	strcpy_truncate((char *)buf, " REJECT ", buflen);
+	goto common;
+
+    case KRB_ACCEPT:		/* Accepted (name might follow) */
+	strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+    common:
+	BUMP(buf, buflen);
+	if (cnt <= 4)
+	    break;
+	ADDC(buf, buflen, '"');
+	for (i = 4; i < cnt; i++)
+	    ADDC(buf, buflen, data[i]);
+	ADDC(buf, buflen, '"');
+	ADDC(buf, buflen, '\0');
+	break;
+
+
+    case KRB_AUTH:			/* Authentication data follows */
+	strcpy_truncate((char *)buf, " AUTH", buflen);
+	goto common2;
+
+    case KRB_RESPONSE:
+	strcpy_truncate((char *)buf, " RESPONSE", buflen);
+	goto common2;
+
+    case KRB_FORWARD:		/* Forwarded credentials follow */
+	strcpy_truncate((char *)buf, " FORWARD", buflen);
+	goto common2;
+
+    case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
+	strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen);
+	goto common2;
+
+    case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
+	/* (reason might follow) */
+	strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen);
+	goto common2;
+
+    default:
+	snprintf(buf, buflen, " %d (unknown)", data[3]);
+    common2:
+	BUMP(buf, buflen);
+	for (i = 4; i < cnt; i++) {
+	    snprintf(buf, buflen, " %d", data[i]);
+	    BUMP(buf, buflen);
+	}
+	break;
+    }
+}
+
+void
+kerberos5_forward(Authenticator *ap)
+{
+    krb5_error_code ret;
+    krb5_ccache     ccache;
+    krb5_creds      creds;
+    krb5_kdc_flags  flags;
+    krb5_data       out_data;
+    krb5_principal  principal;
+
+    ret = krb5_cc_default (context, &ccache);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get default ccache: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    ret = krb5_cc_get_principal (context, ccache, &principal);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get principal: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    memset (&creds, 0, sizeof(creds));
+
+    creds.client = principal;
+    
+    ret = krb5_build_principal (context,
+				&creds.server,
+				strlen(principal->realm),
+				principal->realm,
+				"krbtgt",
+				principal->realm,
+				NULL);
+
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("KerberosV5: could not get principal: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    creds.times.endtime = 0;
+
+    flags.i = 0;
+    flags.b.forwarded = 1;
+    if (forward_flags & OPTS_FORWARDABLE_CREDS)
+	flags.b.forwardable = 1;
+
+    ret = krb5_get_forwarded_creds (context,
+				    auth_context,
+				    ccache,
+				    flags.i,
+				    RemoteHostName,
+				    &creds,
+				    &out_data);
+    if (ret) {
+	if (auth_debug_mode)
+	    printf ("Kerberos V5: error gettting forwarded creds: %s\r\n",
+		    krb5_get_err_text (context, ret));
+	return;
+    }
+
+    if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
+	if (auth_debug_mode)
+	    printf("Not enough room for authentication data\r\n");
+    } else {
+	if (auth_debug_mode)
+	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
+    }
+}
+
+#endif /* KRB5 */
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
new file mode 100644
index 0000000..ee1eee2
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
@@ -0,0 +1,437 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
+
+#ifdef	KRB4_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include <des.h>
+#include <krb.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *);
+int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *);
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_KRB4_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
+#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
+#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
+
+#define KRB_SERVICE_NAME    "rcmd"
+
+static	KTEXT_ST auth;
+static	char name[ANAME_SZ];
+static	char user_passwd[ANAME_SZ];
+static	AUTH_DAT adat = { 0 };
+static des_key_schedule sched;
+static char  challenge[REALM_SZ];
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen(cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+krb4encpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char hostname[80], *cp, *realm;
+	des_clock skey;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+	} else {
+		str_data[3] = TELQUAL_IS;
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		cp = strchr(hostname, '.');
+		if (*cp != NULL) *cp = NULL;
+		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
+					KEYFILE, (char *)skey)) {
+		  return(0);
+		}
+	}
+	return(1);
+}
+
+	int
+krb4encpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying KRB4ENCPWD ... ]\r\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+krb4encpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
+	char  lhostname[ANAME_SZ], *cp;
+	int r;
+	time_t now;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_AUTH:
+		memmove(auth.dat, data, auth.length = cnt);
+
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
+			Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		memmove(session_key, adat.session, sizeof(des_cblock));
+		Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 *  Take the received random challenge text and save
+		 *  for future authentication.
+		 */
+		memmove(challenge, data, sizeof(des_cblock));
+		break;
+
+
+	case KRB4_ENCPWD_ACK:
+		/*
+		 *  Receive ack, if mutual then send random challenge
+		 */
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+		  int i;
+
+		  time(&now);
+		  snprintf(challenge, sizeof(challenge), "%x", now);
+		  Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
+		}
+		break;
+
+	default:
+		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+krb4encpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST krb_token;
+	des_cblock enckey;
+	CREDENTIALS cred;
+	int r;
+	char	randchal[REALM_SZ], instance[ANAME_SZ], *cp;
+	char	hostname[80], *realm;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case KRB4_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case KRB4_ENCPWD_ACCEPT:
+		printf("[ KRB4_ENCPWD accepts you ]\r\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case KRB4_ENCPWD_CHALLENGE:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		gethostname(hostname, sizeof(hostname));
+		realm = krb_realmofhost(hostname);
+		memmove(challenge, data, cnt);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		strcpy_truncate(instance, RemoteHostName, sizeof(instance));
+		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
+
+		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
+		  krb_token.length = 0;
+		}
+
+		if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+krb4encpwd_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
+		strcpy_truncate(name, UserNameRequested, name_sz);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+krb4encpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_CHALLENGE:
+		strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+		goto common2;
+
+	case KRB4_ENCPWD_ACK:
+		strcpy_truncate((char *)buf, " ACK", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = k_getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h b/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h
new file mode 100644
index 0000000..a31d924
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc-proto.h
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: misc-proto.h,v 1.7 1998/07/09 23:16:30 assar Exp $ */
+
+#ifndef	__MISC_PROTO__
+#define	__MISC_PROTO__
+
+void auth_encrypt_init (char *, char *, char *, int);
+void auth_encrypt_user(char *name);
+void auth_encrypt_connect (int);
+void printd (const unsigned char *, int);
+
+char** genget (char *name, char **table, int stlen);
+int isprefix(char *s1, char *s2);
+int Ambiguous(void *s);
+
+/*
+ * These functions are imported from the application
+ */
+int telnet_net_write (unsigned char *, int);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (char *);
+char *telnet_gets (char *, char *, int, int);
+void printsub(int direction, unsigned char *pointer, int length);
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc.c b/crypto/kerberosIV/appl/telnet/libtelnet/misc.c
new file mode 100644
index 0000000..2d9199f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc.c
@@ -0,0 +1,94 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: misc.c,v 1.13 1998/06/13 00:06:54 assar Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+#include "misc.h"
+#include "auth.h"
+#include "encrypt.h"
+
+
+char *RemoteHostName;
+char *LocalHostName;
+char *UserNameRequested = 0;
+int ConnectedCount = 0;
+
+void
+auth_encrypt_init(char *local, char *remote, char *name, int server)
+{
+    RemoteHostName = remote;
+    LocalHostName = local;
+#ifdef AUTHENTICATION
+    auth_init(name, server);
+#endif
+#ifdef ENCRYPTION
+    encrypt_init(name, server);
+#endif
+    if (UserNameRequested) {
+	free(UserNameRequested);
+	UserNameRequested = 0;
+    }
+}
+
+void
+auth_encrypt_user(char *name)
+{
+    if (UserNameRequested)
+	free(UserNameRequested);
+    UserNameRequested = name ? strdup(name) : 0;
+}
+
+void
+auth_encrypt_connect(int cnt)
+{
+}
+
+void
+printd(const unsigned char *data, int cnt)
+{
+    if (cnt > 16)
+	cnt = 16;
+    while (cnt-- > 0) {
+	printf(" %02x", *data);
+	++data;
+    }
+}
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/misc.h b/crypto/kerberosIV/appl/telnet/libtelnet/misc.h
new file mode 100644
index 0000000..41ffa7f
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/misc.h
@@ -0,0 +1,42 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)misc.h	8.1 (Berkeley) 6/4/93
+ */
+
+extern char *UserNameRequested;
+extern char *LocalHostName;
+extern char *RemoteHostName;
+extern int ConnectedCount;
+extern int ReservedPort;
+
+#include "misc-proto.h"
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
new file mode 100644
index 0000000..267e98e
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
@@ -0,0 +1,487 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $");
+
+#ifdef	RSA_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <pwd.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+#include "cdc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_RSA_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
+#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
+#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
+#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
+
+#define NAME_SZ   40
+#define CHAL_SZ   20
+#define PWD_SZ    40
+
+static	KTEXT_ST auth;
+static	char name[NAME_SZ];
+static	char user_passwd[PWD_SZ];
+static  char key_file[2*NAME_SZ];
+static  char lhostname[NAME_SZ];
+static char  challenge[CHAL_SZ];
+static int   challenge_len;
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	if (type != NULL) *p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+rsaencpwd_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	char  *cp;
+	FILE  *fp;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		memset(key_file, 0, sizeof(key_file));
+		gethostname(lhostname, sizeof(lhostname));
+		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
+		snprintf(key_file, sizeof(key_file),
+			 "/etc/.%s_privkey", lhostname);
+		if ((fp=fopen(key_file, "r"))==NULL) return(0);
+		fclose(fp);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+rsaencpwd_send(ap)
+	Authenticator *ap;
+{
+
+	printf("[ Trying RSAENCPWD ... ]\r\n");
+	if (!UserNameRequested) {
+		return(0);
+	}
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+	if (!Data(ap, NULL, NULL, 0)) {
+		return(0);
+	}
+
+
+	return(1);
+}
+
+	void
+rsaencpwd_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
+	char  *cp, key[160];
+	char  chalkey[160], *ptr;
+	FILE  *fp;
+	int r, i, j, chalkey_len, len;
+	time_t now;
+
+	cnt--;
+	switch (*data++) {
+	case RSA_ENCPWD_AUTH:
+		memmove(auth.dat, data, auth.length = cnt);
+
+		if ((fp=fopen(key_file, "r"))==NULL) {
+		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		/*
+		 *  get privkey
+		 */
+		fscanf(fp, "%x;", &len);
+		for (i=0;i<len;i++) {
+		  j = getc(fp);  key[i]=j;
+		}
+		fclose(fp);
+
+		r = accept_rsa_encpwd(&auth, key, challenge,
+				      challenge_len, r_passwd);
+		if (r < 0) {
+		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+		auth_encrypt_userpwd(r_passwd);
+		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
+		  /*
+		   *  illegal username and password
+		   */
+		  Data(ap, RSA_ENCPWD_REJECT, "Illegal password", -1);
+		  auth_finished(ap, AUTH_REJECT);
+		  return;
+		}
+
+		Data(ap, RSA_ENCPWD_ACCEPT, 0, 0);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+
+	case IAC:
+
+		/*
+		 * If we are doing mutual authentication, get set up to send
+		 * the challenge, and verify it when the response comes back.
+		 */
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
+		  int i;
+
+
+		  time(&now);
+		  if ((now % 2) == 0) {
+		    snprintf(challenge, sizeof(challenge), "%x", now);
+		    challenge_len = strlen(challenge);
+		  } else {
+		    strcpy_truncate(challenge, "randchal", sizeof(challenge));
+		    challenge_len = 8;
+		  }
+
+		  if ((fp=fopen(key_file, "r"))==NULL) {
+		    Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+		    auth_finished(ap, AUTH_REJECT);
+		    return;
+		  }
+		  /*
+		   *  skip privkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);
+		  }
+		  /*
+		   * get pubkey
+		   */
+		  fscanf(fp, "%x;", &len);
+		  for (i=0;i<len;i++) {
+		    j = getc(fp);  key[i]=j;
+		  }
+		  fclose(fp);
+		  chalkey[0] = 0x30;
+		  ptr = (char *) &chalkey[1];
+		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
+		  EncodeLength(ptr, chalkey_len);
+		  ptr +=NumEncodeLengthOctets(chalkey_len);
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  *ptr++ = challenge_len;
+		  memmove(ptr, challenge, challenge_len);
+		  ptr += challenge_len;
+		  *ptr++ = 0x04;  /* OCTET STRING */
+		  EncodeLength(ptr, i);
+		  ptr += NumEncodeLengthOctets(i);
+		  memmove(ptr, key, i);
+		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
+		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, chalkey, chalkey_len);
+		}
+		break;
+
+	default:
+		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+rsaencpwd_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	KTEXT_ST token;
+	des_cblock enckey;
+	int r, pubkey_len;
+	char	randchal[CHAL_SZ], *cp;
+	char	chalkey[160], pubkey[128], *ptr;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case RSA_ENCPWD_REJECT:
+		if (cnt > 0) {
+			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case RSA_ENCPWD_ACCEPT:
+		printf("[ RSA_ENCPWD accepts you ]\r\n");
+		auth_finished(ap, AUTH_USER);
+		return;
+	case RSA_ENCPWD_CHALLENGEKEY:
+		/*
+		 * Verify that the response to the challenge is correct.
+		 */
+
+		memmove(chalkey, data, cnt);
+		ptr = (char *) &chalkey[0];
+		ptr += DecodeHeaderLength(chalkey);
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		challenge_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(challenge_len);
+		memmove(challenge, ptr, challenge_len);
+		ptr += challenge_len;
+		if (*ptr != 0x04) {
+		  return;
+		}
+		*ptr++;
+		pubkey_len = DecodeValueLength(ptr);
+		ptr += NumEncodeLengthOctets(pubkey_len);
+		memmove(pubkey, ptr, pubkey_len);
+		memset(user_passwd, 0, sizeof(user_passwd));
+		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+		UserPassword = user_passwd;
+		Challenge = challenge;
+		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
+		if (r < 0) {
+		  token.length = 1;
+		}
+
+		if (!Data(ap, RSA_ENCPWD_AUTH, token.dat, token.length)) {
+		  return;
+		}
+
+		break;
+
+	default:
+		return;
+	}
+}
+
+	int
+rsaencpwd_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	if (level < AUTH_USER)
+		return(level);
+
+	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
+		strcpy_truncate(name, UserNameRequested, name_sz);
+		return(AUTH_VALID);
+	} else {
+		return(AUTH_USER);
+	}
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+rsaencpwd_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	case RSA_ENCPWD_CHALLENGEKEY:
+		strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+int rsaencpwd_passwdok(name, passwd)
+char *name, *passwd;
+{
+  char *crypt();
+  char *salt, *p;
+  struct passwd *pwd;
+  int   passwdok_status = 0;
+
+  if (pwd = k_getpwnam(name))
+    salt = pwd->pw_passwd;
+  else salt = "xx";
+
+  p = crypt(passwd, salt);
+
+  if (pwd && !strcmp(p, pwd->pw_passwd)) {
+    passwdok_status = 1;
+  } else passwdok_status = 0;
+  return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
new file mode 100644
index 0000000..6d2eefe
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
@@ -0,0 +1,586 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $");
+
+#ifdef	SPX
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1.  Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2.  This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility.  DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3.  Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4.  This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc.  It may cease to generate certificates after the expiration
+ * date.  Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5.  Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include "gssapi_defs.h"
+#include <stdlib.h>
+#include <string.h>
+
+#include <pwd.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+			  		AUTHTYPE_SPX, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+					TELQUAL_NAME, };
+
+#define	SPX_AUTH	0		/* Authentication data follows */
+#define	SPX_REJECT	1		/* Rejected (reason might follow) */
+#define SPX_ACCEPT	2		/* Accepted */
+
+static des_key_schedule sched;
+static des_cblock	challenge	= { 0 };
+
+
+/*******************************************************************/
+
+gss_OID_set		actual_mechs;
+gss_OID			actual_mech_type, output_name_type;
+int			major_status, status, msg_ctx = 0, new_status;
+int			req_flags = 0, ret_flags, lifetime_rec;
+gss_cred_id_t		gss_cred_handle;
+gss_ctx_id_t		actual_ctxhandle, context_handle;
+gss_buffer_desc		output_token, input_token, input_name_buffer;
+gss_buffer_desc		status_string;
+gss_name_t		desired_targname, src_name;
+gss_channel_bindings	input_chan_bindings;
+char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
+char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+int			to_addr=0, from_addr=0;
+char			*address;
+gss_buffer_desc		fullname_buffer;
+gss_OID			fullname_type;
+gss_cred_id_t		gss_delegated_cred_handle;
+
+/*******************************************************************/
+
+
+
+	static int
+Data(ap, type, d, c)
+	Authenticator *ap;
+	int type;
+	void *d;
+	int c;
+{
+	unsigned char *p = str_data + 4;
+	unsigned char *cd = (unsigned char *)d;
+
+	if (c == -1)
+		c = strlen((char *)cd);
+
+	if (0) {
+		printf("%s:%d: [%d] (%d)",
+			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+			str_data[3],
+			type, c);
+		printd(d, c);
+		printf("\r\n");
+	}
+	*p++ = ap->type;
+	*p++ = ap->way;
+	*p++ = type;
+	while (c-- > 0) {
+		if ((*p++ = *cd++) == IAC)
+			*p++ = IAC;
+	}
+	*p++ = IAC;
+	*p++ = SE;
+	if (str_data[3] == TELQUAL_IS)
+		printsub('>', &str_data[2], p - (&str_data[2]));
+	return(telnet_net_write(str_data, p - str_data));
+}
+
+	int
+spx_init(ap, server)
+	Authenticator *ap;
+	int server;
+{
+	gss_cred_id_t	tmp_cred_handle;
+
+	if (server) {
+		str_data[3] = TELQUAL_REPLY;
+		gethostname(lhostname, sizeof(lhostname));
+		snprintf (targ_printable, sizeof(targ_printable),
+			  "SERVICE:rcmd@%s", lhostname);
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&tmp_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+		if (major_status != GSS_S_COMPLETE) return(0);
+	} else {
+		str_data[3] = TELQUAL_IS;
+	}
+	return(1);
+}
+
+	int
+spx_send(ap)
+	Authenticator *ap;
+{
+	des_cblock enckey;
+	int r;
+
+	gss_OID	actual_mech_type, output_name_type;
+	int	msg_ctx = 0, new_status, status;
+	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
+	gss_buffer_desc  output_token, input_token, input_name_buffer;
+	gss_buffer_desc  output_name_buffer, status_string;
+	gss_name_t    desired_targname;
+	gss_channel_bindings  input_chan_bindings;
+	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+	int  from_addr=0, to_addr=0, myhostlen, j;
+	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
+	char *address;
+
+	printf("[ Trying SPX ... ]\r\n");
+	snprintf (targ_printable, sizeof(targ_printable),
+		  "SERVICE:rcmd@%s", RemoteHostName);
+
+	input_name_buffer.length = strlen(targ_printable);
+	input_name_buffer.value = targ_printable;
+
+	if (!UserNameRequested) {
+		return(0);
+	}
+
+	major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+
+	major_status = gss_display_name(&status,
+					desired_targname,
+					&output_name_buffer,
+					&output_name_type);
+
+	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
+
+	major_status = gss_release_buffer(&status, &output_name_buffer);
+
+	input_chan_bindings = (gss_channel_bindings)
+	  malloc(sizeof(gss_channel_bindings_desc));
+
+	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->initiator_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->initiator_address.value = (char *) address;
+	address[0] = ((from_addr & 0xff000000) >> 24);
+	address[1] = ((from_addr & 0xff0000) >> 16);
+	address[2] = ((from_addr & 0xff00) >> 8);
+	address[3] = (from_addr & 0xff);
+	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+	input_chan_bindings->acceptor_address.length = 4;
+	address = (char *) malloc(4);
+	input_chan_bindings->acceptor_address.value = (char *) address;
+	address[0] = ((to_addr & 0xff000000) >> 24);
+	address[1] = ((to_addr & 0xff0000) >> 16);
+	address[2] = ((to_addr & 0xff00) >> 8);
+	address[3] = (to_addr & 0xff);
+	input_chan_bindings->application_data.length = 0;
+
+	req_flags = 0;
+	if (deleg_flag)  req_flags = req_flags | 1;
+	if (mutual_flag) req_flags = req_flags | 2;
+	if (replay_flag) req_flags = req_flags | 4;
+	if (seq_flag)    req_flags = req_flags | 8;
+
+	major_status = gss_init_sec_context(&status,         /* minor status */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					GSS_C_NO_BUFFER,     /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+	if ((major_status != GSS_S_COMPLETE) &&
+	    (major_status != GSS_S_CONTINUE_NEEDED)) {
+	  gss_display_status(&new_status,
+				status,
+				GSS_C_MECH_CODE,
+				GSS_C_NULL_OID,
+				&msg_ctx,
+				&status_string);
+	  printf("%s\n", status_string.value);
+	  return(0);
+	}
+
+	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+		return(0);
+	}
+
+	if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
+		return(0);
+	}
+
+	return(1);
+}
+
+	void
+spx_is(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+	des_cblock datablock;
+	int r;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_AUTH:
+		input_token.length = cnt;
+		input_token.value = (char *) data;
+
+		gethostname(lhostname, sizeof(lhostname));
+
+		snprintf(targ_printable, sizeof(targ_printable),
+			 "SERVICE:rcmd@%s", lhostname);
+
+		input_name_buffer.length = strlen(targ_printable);
+		input_name_buffer.value = targ_printable;
+
+		major_status = gss_import_name(&status,
+					&input_name_buffer,
+					GSS_C_NULL_OID,
+					&desired_targname);
+
+		major_status = gss_acquire_cred(&status,
+					desired_targname,
+					0,
+					GSS_C_NULL_OID_SET,
+					GSS_C_ACCEPT,
+					&gss_cred_handle,
+					&actual_mechs,
+					&lifetime_rec);
+
+		major_status = gss_release_name(&status, desired_targname);
+
+		input_chan_bindings = (gss_channel_bindings)
+		  malloc(sizeof(gss_channel_bindings_desc));
+
+		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->initiator_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->initiator_address.value = (char *) address;
+		address[0] = ((from_addr & 0xff000000) >> 24);
+		address[1] = ((from_addr & 0xff0000) >> 16);
+		address[2] = ((from_addr & 0xff00) >> 8);
+		address[3] = (from_addr & 0xff);
+		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+		input_chan_bindings->acceptor_address.length = 4;
+		address = (char *) malloc(4);
+		input_chan_bindings->acceptor_address.value = (char *) address;
+		address[0] = ((to_addr & 0xff000000) >> 24);
+		address[1] = ((to_addr & 0xff0000) >> 16);
+		address[2] = ((to_addr & 0xff00) >> 8);
+		address[3] = (to_addr & 0xff);
+		input_chan_bindings->application_data.length = 0;
+
+		major_status = gss_accept_sec_context(&status,
+						&context_handle,
+						gss_cred_handle,
+						&input_token,
+						input_chan_bindings,
+						&src_name,
+						&actual_mech_type,
+						&output_token,
+						&ret_flags,
+						&lifetime_rec,
+						&gss_delegated_cred_handle);
+
+
+		if (major_status != GSS_S_COMPLETE) {
+
+		  major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+			Data(ap, SPX_REJECT, "auth failed", -1);
+			auth_finished(ap, AUTH_REJECT);
+			return;
+		}
+
+		major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+
+		Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
+		auth_finished(ap, AUTH_USER);
+		break;
+
+	default:
+		Data(ap, SPX_REJECT, 0, 0);
+		break;
+	}
+}
+
+
+	void
+spx_reply(ap, data, cnt)
+	Authenticator *ap;
+	unsigned char *data;
+	int cnt;
+{
+	Session_Key skey;
+
+	if (cnt-- < 1)
+		return;
+	switch (*data++) {
+	case SPX_REJECT:
+		if (cnt > 0) {
+			printf("[ SPX refuses authentication because %.*s ]\r\n",
+				cnt, data);
+		} else
+			printf("[ SPX refuses authentication ]\r\n");
+		auth_send_retry();
+		return;
+	case SPX_ACCEPT:
+		printf("[ SPX accepts you ]\r\n");
+		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+			/*
+			 * Send over the encrypted challenge.
+		 	 */
+		  input_token.value = (char *) data;
+		  input_token.length = cnt;
+
+		  major_status = gss_init_sec_context(&status, /* minor stat */
+					GSS_C_NO_CREDENTIAL, /* cred handle */
+					&actual_ctxhandle,   /* ctx handle */
+					desired_targname,    /* target name */
+					GSS_C_NULL_OID,      /* mech type */
+					req_flags,           /* req flags */
+					0,                   /* time req */
+					input_chan_bindings, /* chan binding */
+					&input_token,        /* input token */
+					&actual_mech_type,   /* actual mech */
+					&output_token,       /* output token */
+					&ret_flags,          /* ret flags */
+					&lifetime_rec);      /* time rec */
+
+		  if (major_status != GSS_S_COMPLETE) {
+		    gss_display_status(&new_status,
+					status,
+					GSS_C_MECH_CODE,
+					GSS_C_NULL_OID,
+					&msg_ctx,
+					&status_string);
+		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
+			 status_string.value);
+		    auth_send_retry();
+		    return;
+		  }
+		}
+		auth_finished(ap, AUTH_USER);
+		return;
+
+	default:
+		return;
+	}
+}
+
+	int
+spx_status(ap, name, name_sz, level)
+	Authenticator *ap;
+	char *name;
+	size_t name_sz;
+	int level;
+{
+
+	gss_buffer_desc  fullname_buffer, acl_file_buffer;
+	gss_OID          fullname_type;
+	char acl_file[160], fullname[160];
+	int major_status, status = 0;
+	struct passwd  *pwd;
+
+	/*
+	 * hard code fullname to
+	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
+	 * and acl_file to "~kannan/.sphinx"
+	 */
+
+	pwd = k_getpwnam(UserNameRequested);
+	if (pwd == NULL) {
+	  return(AUTH_USER);   /*  not authenticated  */
+	}
+
+	snprintf (acl_file, sizeof(acl_file),
+		  "%s/.sphinx", pwd->pw_dir);
+
+	acl_file_buffer.value = acl_file;
+	acl_file_buffer.length = strlen(acl_file);
+
+	major_status = gss_display_name(&status,
+					src_name,
+					&fullname_buffer,
+					&fullname_type);
+
+	if (level < AUTH_USER)
+		return(level);
+
+	major_status = gss__check_acl(&status, &fullname_buffer,
+					&acl_file_buffer);
+
+	if (major_status == GSS_S_COMPLETE) {
+	  strcpy_truncate(name, UserNameRequested, name_sz);
+	  return(AUTH_VALID);
+	} else {
+	   return(AUTH_USER);
+	}
+
+}
+
+#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
+#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+	void
+spx_printsub(data, cnt, buf, buflen)
+	unsigned char *data, *buf;
+	int cnt, buflen;
+{
+	int i;
+
+	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buflen -= 1;
+
+	switch(data[3]) {
+	case SPX_REJECT:		/* Rejected (reason might follow) */
+		strcpy_truncate((char *)buf, " REJECT ", buflen);
+		goto common;
+
+	case SPX_ACCEPT:		/* Accepted (name might follow) */
+		strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+	common:
+		BUMP(buf, buflen);
+		if (cnt <= 4)
+			break;
+		ADDC(buf, buflen, '"');
+		for (i = 4; i < cnt; i++)
+			ADDC(buf, buflen, data[i]);
+		ADDC(buf, buflen, '"');
+		ADDC(buf, buflen, '\0');
+		break;
+
+	case SPX_AUTH:			/* Authentication data follows */
+		strcpy_truncate((char *)buf, " AUTH", buflen);
+		goto common2;
+
+	default:
+		snprintf(buf, buflen, " %d (unknown)", data[3]);
+	common2:
+		BUMP(buf, buflen);
+		for (i = 4; i < cnt; i++) {
+			snprintf(buf, buflen, " %d", data[i]);
+			BUMP(buf, buflen);
+		}
+		break;
+	}
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+	char *msg;
+	unsigned char *key;
+{
+	int i;
+	printf("%s:", msg);
+	for (i = 0; i < 8; i++)
+		printf(" %3d", key[i]);
+	printf("\r\n");
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet.state b/crypto/kerberosIV/appl/telnet/telnet.state
new file mode 100644
index 0000000..1927a2b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet.state
@@ -0,0 +1,80 @@
+
+   Three pieces of state need to be kept for each side of each option.
+   (You need the localside, sending WILL/WONT & receiving DO/DONT, and
+   the remoteside, sending DO/DONT and receiving WILL/WONT)
+
+	MY_STATE:	What state am I in?
+	WANT_STATE:	What state do I want?
+	WANT_RESP:	How many requests have I initiated?
+
+   Default values:
+	MY_STATE = WANT_STATE = DONT
+	WANT_RESP = 0
+
+   The local setup will change based on the state of the Telnet
+   variables.  When we are the originator, we can either make the
+   local setup changes at option request time (in which case if
+   the option is denied we need to change things back) or when
+   the option is acknowledged.
+
+   To initiate a switch to NEW_STATE:
+
+	if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
+			WANT_STATE == NEW_STATE) {
+	    do nothing;
+	} else {
+	    /*
+	     * This is where the logic goes to change the local setup
+	     * if we are doing so at request initiation
+	     */
+	    WANT_STATE = NEW_STATE;
+	    send NEW_STATE;
+	    WANT_RESP += 1;
+	}
+
+   When receiving NEW_STATE:
+
+	if (WANT_RESP) {
+	    --WANT_RESP;
+	    if (WANT_RESP && (NEW_STATE == MY_STATE))
+		--WANT_RESP;
+	}
+	if (WANT_RESP == 0) {
+	    if (NEW_STATE != WANT_STATE) {
+		/*
+		 * This is where the logic goes to decide if it is ok
+		 * to switch to NEW_STATE, and if so, do any necessary
+		 * local setup changes.
+		 */
+		if (ok_to_switch_to NEW_STATE)
+		    WANT_STATE = NEW_STATE;
+		else
+		    WANT_RESP++;
+*		if (MY_STATE != WANT_STATE)
+		    reply with WANT_STATE;
+	    } else {
+		/*
+		 * This is where the logic goes to change the local setup
+		 * if we are doing so at request acknowledgment
+		 */
+	    }
+	}
+	MY_STATE = NEW_STATE;
+
+* This if() line is not needed, it should be ok to always do the
+  "reply with WANT_STATE".  With the if() line, asking to turn on
+  an option that the other side doesn't understand is:
+		Send DO option
+		Recv WONT option
+  Without the if() line, it is:
+		Send DO option
+		Recv WONT option
+		Send DONT option
+  If the other side does not expect to receive the latter case,
+  but generates the latter case, then there is a potential for
+  option negotiation loops.  An implementation that does not expect
+  to get the second case should not generate it, an implementation
+  that does expect to get it may or may not generate it, and things
+  will still work.  Being conservative in what we send, we have the
+  if() statement in, but we expect the other side to generate the
+  last response.
diff --git a/crypto/kerberosIV/appl/telnet/telnet/Makefile.am b/crypto/kerberosIV/appl/telnet/telnet/Makefile.am
new file mode 100644
index 0000000..882aa24
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/Makefile.am
@@ -0,0 +1,20 @@
+# $Id: Makefile.am,v 1.12 1999/06/23 12:37:58 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+bin_PROGRAMS = telnet
+
+CHECK_LOCAL = 
+
+telnet_SOURCES  = authenc.c commands.c main.c network.c ring.c \
+		  sys_bsd.c telnet.c terminal.c \
+		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
+
+LDADD = ../libtelnet/libtelnet.a \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_tgetent) \
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/telnet/telnet/Makefile.in b/crypto/kerberosIV/appl/telnet/telnet/Makefile.in
new file mode 100644
index 0000000..4da3e05
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/Makefile.in
@@ -0,0 +1,75 @@
+# $Id: Makefile.in,v 1.34 1999/03/11 13:50:09 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+PROGS = telnet$(EXECSUFFIX)
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+SOURCES=authenc.c commands.c main.c network.c ring.c \
+	sys_bsd.c telnet.c terminal.c \
+	utilities.c
+
+OBJECTS=authenc.o commands.o main.o network.o ring.o sys_bsd.o \
+	telnet.o terminal.o utilities.o
+
+libtop=@libtop@
+
+LIBKRB		= -L../../../lib/krb -lkrb
+LIBDES		= -L../../../lib/des -ldes
+LIBROKEN	= -L../../../lib/roken -lroken
+
+KLIB=$(LIBKRB) $(LIBDES)
+
+
+all: $(PROGS)
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I.. -I$(srcdir)/.. $(CFLAGS) $(CPPFLAGS) $<
+
+telnet$(EXECSUFFIX): $(OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) -L../libtelnet -ltelnet $(KLIB) $(LIBROKEN) $(LIBS) @LIB_tgetent@ $(LIBROKEN)
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a telnet$(EXECSUFFIX) \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
new file mode 100644
index 0000000..08da93d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
@@ -0,0 +1,91 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $");
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+int
+telnet_net_write(unsigned char *str, int len)
+{
+	if (NETROOM() > len) {
+		ring_supply_data(&netoring, str, len);
+		if (str[0] == IAC && str[1] == SE)
+			printsub('>', &str[2], len-2);
+		return(len);
+	}
+	return(0);
+}
+
+void
+net_encrypt(void)
+{
+#if	defined(ENCRYPTION)
+	if (encrypt_output)
+		ring_encrypt(&netoring, encrypt_output);
+	else
+		ring_clearto(&netoring);
+#endif
+}
+
+int
+telnet_spin(void)
+{
+	return(-1);
+}
+
+char *
+telnet_getenv(char *val)
+{
+	return((char *)env_getvalue((unsigned char *)val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+	int om = globalmode;
+	char *res;
+
+	TerminalNewMode(-1);
+	if (echo) {
+		printf("%s", prompt);
+		res = fgets(result, length, stdin);
+	} else if ((res = getpass(prompt))) {
+		strcpy_truncate(result, res, length);
+		res = result;
+	}
+	TerminalNewMode(om);
+	return(res);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c
new file mode 100644
index 0000000..57803fa
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c
@@ -0,0 +1,2693 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $");
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+int tos = -1;
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+char	*hostname;
+static char _hostname[MaxHostNameLen];
+
+typedef int (*intrtn_t)(int, char**);
+static int call(intrtn_t, ...);
+
+typedef struct {
+	char	*name;		/* command name */
+	char	*help;		/* help string (NULL for no help) */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+} Command;
+
+static char line[256];
+static char saveline[256];
+static int margc;
+static char *margv[20];
+
+static void
+makeargv()
+{
+    char *cp, *cp2, c;
+    char **argp = margv;
+
+    margc = 0;
+    cp = line;
+    if (*cp == '!') {		/* Special case shell escape */
+	/* save for shell command */
+	strcpy_truncate(saveline, line, sizeof(saveline));
+	*argp++ = "!";		/* No room in string to get this */
+	margc++;
+	cp++;
+    }
+    while ((c = *cp)) {
+	int inquote = 0;
+	while (isspace(c))
+	    c = *++cp;
+	if (c == '\0')
+	    break;
+	*argp++ = cp;
+	margc += 1;
+	for (cp2 = cp; c != '\0'; c = *++cp) {
+	    if (inquote) {
+		if (c == inquote) {
+		    inquote = 0;
+		    continue;
+		}
+	    } else {
+		if (c == '\\') {
+		    if ((c = *++cp) == '\0')
+			break;
+		} else if (c == '"') {
+		    inquote = '"';
+		    continue;
+		} else if (c == '\'') {
+		    inquote = '\'';
+		    continue;
+		} else if (isspace(c))
+		    break;
+	    }
+	    *cp2++ = c;
+	}
+	*cp2 = '\0';
+	if (c == '\0')
+	    break;
+	cp++;
+    }
+    *argp++ = 0;
+}
+
+/*
+ * Make a character string into a number.
+ *
+ * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
+ */
+
+static char
+special(char *s)
+{
+	char c;
+	char b;
+
+	switch (*s) {
+	case '^':
+		b = *++s;
+		if (b == '?') {
+		    c = b | 0x40;		/* DEL */
+		} else {
+		    c = b & 0x1f;
+		}
+		break;
+	default:
+		c = *s;
+		break;
+	}
+	return c;
+}
+
+/*
+ * Construct a control character sequence
+ * for a special character.
+ */
+static char *
+control(cc_t c)
+{
+	static char buf[5];
+	/*
+	 * The only way I could get the Sun 3.5 compiler
+	 * to shut up about
+	 *	if ((unsigned int)c >= 0x80)
+	 * was to assign "c" to an unsigned int variable...
+	 * Arggg....
+	 */
+	unsigned int uic = (unsigned int)c;
+
+	if (uic == 0x7f)
+		return ("^?");
+	if (c == (cc_t)_POSIX_VDISABLE) {
+		return "off";
+	}
+	if (uic >= 0x80) {
+		buf[0] = '\\';
+		buf[1] = ((c>>6)&07) + '0';
+		buf[2] = ((c>>3)&07) + '0';
+		buf[3] = (c&07) + '0';
+		buf[4] = 0;
+	} else if (uic >= 0x20) {
+		buf[0] = c;
+		buf[1] = 0;
+	} else {
+		buf[0] = '^';
+		buf[1] = '@'+c;
+		buf[2] = 0;
+	}
+	return (buf);
+}
+
+
+
+/*
+ *	The following are data structures and routines for
+ *	the "send" command.
+ *
+ */
+
+struct sendlist {
+    char	*name;		/* How user refers to it (case independent) */
+    char	*help;		/* Help information (0 ==> no help) */
+    int		needconnect;	/* Need to be connected */
+    int		narg;		/* Number of arguments */
+    int		(*handler)();	/* Routine to perform (for special ops) */
+    int		nbyte;		/* Number of bytes to send this command */
+    int		what;		/* Character to be sent (<0 ==> special) */
+};
+
+
+static int
+	send_esc (void),
+	send_help (void),
+	send_docmd (char *),
+	send_dontcmd (char *),
+	send_willcmd (char *),
+	send_wontcmd (char *);
+
+static struct sendlist Sendlist[] = {
+    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
+    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
+    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
+    { "break",	0,					1, 0, 0, 2, BREAK },
+    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
+    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
+    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
+    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
+    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
+    { "intp",	0,					1, 0, 0, 2, IP },
+    { "interrupt", 0,					1, 0, 0, 2, IP },
+    { "intr",	0,					1, 0, 0, 2, IP },
+    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
+    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
+    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
+    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
+    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
+    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
+    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
+    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
+    { "help",	0,					0, 0, send_help, 0, 0 },
+    { "do",	0,					0, 1, send_docmd, 3, 0 },
+    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
+    { "will",	0,					0, 1, send_willcmd, 3, 0 },
+    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
+    { 0 }
+};
+
+#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
+				sizeof(struct sendlist)))
+
+static int
+sendcmd(int argc, char **argv)
+{
+    int count;		/* how many bytes we are going to need to send */
+    int i;
+    struct sendlist *s;	/* pointer to current command */
+    int success = 0;
+    int needconnect = 0;
+
+    if (argc < 2) {
+	printf("need at least one argument for 'send' command\r\n");
+	printf("'send ?' for help\r\n");
+	return 0;
+    }
+    /*
+     * First, validate all the send arguments.
+     * In addition, we see how much space we are going to need, and
+     * whether or not we will be doing a "SYNCH" operation (which
+     * flushes the network queue).
+     */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	s = GETSEND(argv[i]);
+	if (s == 0) {
+	    printf("Unknown send argument '%s'\r\n'send ?' for help.\r\n",
+			argv[i]);
+	    return 0;
+	} else if (Ambiguous(s)) {
+	    printf("Ambiguous send argument '%s'\r\n'send ?' for help.\r\n",
+			argv[i]);
+	    return 0;
+	}
+	if (i + s->narg >= argc) {
+	    fprintf(stderr,
+	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\r\n",
+		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
+	    return 0;
+	}
+	count += s->nbyte;
+	if (s->handler == send_help) {
+	    send_help();
+	    return 0;
+	}
+
+	i += s->narg;
+	needconnect += s->needconnect;
+    }
+    if (!connected && needconnect) {
+	printf("?Need to be connected first.\r\n");
+	printf("'send ?' for help\r\n");
+	return 0;
+    }
+    /* Now, do we have enough room? */
+    if (NETROOM() < count) {
+	printf("There is not enough room in the buffer TO the network\r\n");
+	printf("to process your request.  Nothing will be done.\r\n");
+	printf("('send synch' will throw away most data in the network\r\n");
+	printf("buffer, if this might help.)\r\n");
+	return 0;
+    }
+    /* OK, they are all OK, now go through again and actually send */
+    count = 0;
+    for (i = 1; i < argc; i++) {
+	if ((s = GETSEND(argv[i])) == 0) {
+	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\r\n");
+	    quit();
+	    /*NOTREACHED*/
+	}
+	if (s->handler) {
+	    count++;
+	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
+				  (s->narg > 1) ? argv[i+2] : 0);
+	    i += s->narg;
+	} else {
+	    NET2ADD(IAC, s->what);
+	    printoption("SENT", IAC, s->what);
+	}
+    }
+    return (count == success);
+}
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name);
+
+static int
+send_esc()
+{
+    NETADD(escape);
+    return 1;
+}
+
+static int
+send_docmd(char *name)
+{
+    return(send_tncmd(send_do, "do", name));
+}
+
+static int
+send_dontcmd(char *name)
+{
+    return(send_tncmd(send_dont, "dont", name));
+}
+
+static int
+send_willcmd(char *name)
+{
+    return(send_tncmd(send_will, "will", name));
+}
+
+static int
+send_wontcmd(char *name)
+{
+    return(send_tncmd(send_wont, "wont", name));
+}
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name)
+{
+    char **cpp;
+    extern char *telopts[];
+    int val = 0;
+
+    if (isprefix(name, "help") || isprefix(name, "?")) {
+	int col, len;
+
+	printf("Usage: send %s <value|option>\r\n", cmd);
+	printf("\"value\" must be from 0 to 255\r\n");
+	printf("Valid options are:\r\n\t");
+
+	col = 8;
+	for (cpp = telopts; *cpp; cpp++) {
+	    len = strlen(*cpp) + 3;
+	    if (col + len > 65) {
+		printf("\r\n\t");
+		col = 8;
+	    }
+	    printf(" \"%s\"", *cpp);
+	    col += len;
+	}
+	printf("\r\n");
+	return 0;
+    }
+    cpp = genget(name, telopts, sizeof(char *));
+    if (Ambiguous(cpp)) {
+	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\r\n",
+					name, cmd);
+	return 0;
+    }
+    if (cpp) {
+	val = cpp - telopts;
+    } else {
+	char *cp = name;
+
+	while (*cp >= '0' && *cp <= '9') {
+	    val *= 10;
+	    val += *cp - '0';
+	    cp++;
+	}
+	if (*cp != 0) {
+	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\r\n",
+					name, cmd);
+	    return 0;
+	} else if (val < 0 || val > 255) {
+	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\r\n",
+					name, cmd);
+	    return 0;
+	}
+    }
+    if (!connected) {
+	printf("?Need to be connected first.\r\n");
+	return 0;
+    }
+    (*func)(val, 1);
+    return 1;
+}
+
+static int
+send_help()
+{
+    struct sendlist *s;	/* pointer to current command */
+    for (s = Sendlist; s->name; s++) {
+	if (s->help)
+	    printf("%-15s %s\r\n", s->name, s->help);
+    }
+    return(0);
+}
+
+/*
+ * The following are the routines and data structures referred
+ * to by the arguments to the "toggle" command.
+ */
+
+static int
+lclchars()
+{
+    donelclchars = 1;
+    return 1;
+}
+
+static int
+togdebug()
+{
+#ifndef	NOT43
+    if (net > 0 &&
+	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
+	    perror("setsockopt (SO_DEBUG)");
+    }
+#else	/* NOT43 */
+    if (debug) {
+	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
+	    perror("setsockopt (SO_DEBUG)");
+    } else
+	printf("Cannot turn off socket debugging\r\n");
+#endif	/* NOT43 */
+    return 1;
+}
+
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+#include <krb.h>
+
+static int
+togkrbdebug(void)
+{
+    if(krb_debug)
+	krb_enable_debug();
+    else
+	krb_disable_debug();
+    return 1;
+}
+#endif
+
+static int
+togcrlf()
+{
+    if (crlf) {
+	printf("Will send carriage returns as telnet <CR><LF>.\r\n");
+    } else {
+	printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
+    }
+    return 1;
+}
+
+int binmode;
+
+static int
+togbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val >= 0) {
+	binmode = val;
+    } else {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+				my_want_state_is_do(TELOPT_BINARY)) {
+	    binmode = 1;
+	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
+				my_want_state_is_dont(TELOPT_BINARY)) {
+	    binmode = 0;
+	}
+	val = binmode ? 0 : 1;
+    }
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY) &&
+					my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already operating in binary mode with remote host.\r\n");
+	} else {
+	    printf("Negotiating binary mode with remote host.\r\n");
+	    tel_enter_binary(3);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY) &&
+					my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already in network ascii mode with remote host.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode with remote host.\r\n");
+	    tel_leave_binary(3);
+	}
+    }
+    return 1;
+}
+
+static int
+togrbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_do(TELOPT_BINARY)) {
+	    printf("Already receiving in binary mode.\r\n");
+	} else {
+	    printf("Negotiating binary mode on input.\r\n");
+	    tel_enter_binary(1);
+	}
+    } else {
+	if (my_want_state_is_dont(TELOPT_BINARY)) {
+	    printf("Already receiving in network ascii mode.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode on input.\r\n");
+	    tel_leave_binary(1);
+	}
+    }
+    return 1;
+}
+
+static int
+togxbinary(int val)
+{
+    donebinarytoggle = 1;
+
+    if (val == -1)
+	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
+
+    if (val == 1) {
+	if (my_want_state_is_will(TELOPT_BINARY)) {
+	    printf("Already transmitting in binary mode.\r\n");
+	} else {
+	    printf("Negotiating binary mode on output.\r\n");
+	    tel_enter_binary(2);
+	}
+    } else {
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    printf("Already transmitting in network ascii mode.\r\n");
+	} else {
+	    printf("Negotiating network ascii mode on output.\r\n");
+	    tel_leave_binary(2);
+	}
+    }
+    return 1;
+}
+
+
+static int togglehelp (void);
+#if	defined(AUTHENTICATION)
+extern int auth_togdebug (int);
+#endif
+#if	defined(ENCRYPTION)
+extern int EncryptAutoEnc (int);
+extern int EncryptAutoDec (int);
+extern int EncryptDebug (int);
+extern int EncryptVerbose (int);
+#endif
+
+struct togglelist {
+    char	*name;		/* name of toggle */
+    char	*help;		/* help message */
+    int		(*handler)();	/* routine to do actual setting */
+    int		*variable;
+    char	*actionexplanation;
+};
+
+static struct togglelist Togglelist[] = {
+    { "autoflush",
+	"flushing of output when sending interrupt characters",
+	    0,
+		&autoflush,
+		    "flush output when sending interrupt characters" },
+    { "autosynch",
+	"automatic sending of interrupt characters in urgent mode",
+	    0,
+		&autosynch,
+		    "send interrupt characters in urgent mode" },
+#if	defined(AUTHENTICATION)
+    { "autologin",
+	"automatic sending of login and/or authentication info",
+	    0,
+		&autologin,
+		    "send login name and/or authentication information" },
+    { "authdebug",
+	"Toggle authentication debugging",
+	    auth_togdebug,
+		0,
+		     "print authentication debugging information" },
+#endif
+#if	defined(ENCRYPTION)
+    { "autoencrypt",
+	"automatic encryption of data stream",
+	    EncryptAutoEnc,
+		0,
+		    "automatically encrypt output" },
+    { "autodecrypt",
+	"automatic decryption of data stream",
+	    EncryptAutoDec,
+		0,
+		    "automatically decrypt input" },
+    { "verbose_encrypt",
+	"Toggle verbose encryption output",
+	    EncryptVerbose,
+		0,
+		    "print verbose encryption output" },
+    { "encdebug",
+	"Toggle encryption debugging",
+	    EncryptDebug,
+		0,
+		    "print encryption debugging information" },
+#endif
+    { "skiprc",
+	"don't read ~/.telnetrc file",
+	    0,
+		&skiprc,
+		    "skip reading of ~/.telnetrc file" },
+    { "binary",
+	"sending and receiving of binary data",
+	    togbinary,
+		0,
+		    0 },
+    { "inbinary",
+	"receiving of binary data",
+	    togrbinary,
+		0,
+		    0 },
+    { "outbinary",
+	"sending of binary data",
+	    togxbinary,
+		0,
+		    0 },
+    { "crlf",
+	"sending carriage returns as telnet <CR><LF>",
+	    togcrlf,
+		&crlf,
+		    0 },
+    { "crmod",
+	"mapping of received carriage returns",
+	    0,
+		&crmod,
+		    "map carriage return on output" },
+    { "localchars",
+	"local recognition of certain control characters",
+	    lclchars,
+		&localchars,
+		    "recognize certain control characters" },
+    { " ", "", 0 },		/* empty line */
+    { "debug",
+	"debugging",
+	    togdebug,
+		&debug,
+		    "turn on socket level debugging" },
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+    { "krb_debug",
+      "kerberos 4 debugging",
+      togkrbdebug,
+      &krb_debug,
+      "turn on kerberos 4 debugging" },
+#endif
+    { "netdata",
+	"printing of hexadecimal network data (debugging)",
+	    0,
+		&netdata,
+		    "print hexadecimal representation of network traffic" },
+    { "prettydump",
+	"output of \"netdata\" to user readable format (debugging)",
+	    0,
+		&prettydump,
+		    "print user readable output for \"netdata\"" },
+    { "options",
+	"viewing of options processing (debugging)",
+	    0,
+		&showoptions,
+		    "show option processing" },
+    { "termdata",
+	"(debugging) toggle printing of hexadecimal terminal data",
+	    0,
+		&termdata,
+		    "print hexadecimal representation of terminal traffic" },
+    { "?",
+	0,
+	    togglehelp },
+    { "help",
+	0,
+	    togglehelp },
+    { 0 }
+};
+
+static int
+togglehelp()
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s toggle %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    printf("\r\n");
+    printf("%-15s %s\r\n", "?", "display help information");
+    return 0;
+}
+
+static void
+settogglehelp(int set)
+{
+    struct togglelist *c;
+
+    for (c = Togglelist; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
+						c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+#define	GETTOGGLE(name) (struct togglelist *) \
+		genget(name, (char **) Togglelist, sizeof(struct togglelist))
+
+static int
+toggle(int argc, char *argv[])
+{
+    int retval = 1;
+    char *name;
+    struct togglelist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'toggle' command.  'toggle ?' for help.\r\n");
+	return 0;
+    }
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	c = GETTOGGLE(name);
+	if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\r\n",
+					name);
+	    return 0;
+	} else if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\r\n",
+					name);
+	    return 0;
+	} else {
+	    if (c->variable) {
+		*c->variable = !*c->variable;		/* invert it */
+		if (c->actionexplanation) {
+		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler) {
+		retval &= (*c->handler)(-1);
+	    }
+	}
+    }
+    return retval;
+}
+
+/*
+ * The following perform the "set" command.
+ */
+
+struct termios new_tc = { 0 };
+
+struct setlist {
+    char *name;				/* name */
+    char *help;				/* help information */
+    void (*handler)();
+    cc_t *charp;			/* where it is located at */
+};
+
+static struct setlist Setlist[] = {
+#ifdef	KLUDGELINEMODE
+    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
+#endif
+    { "escape",	"character to escape back to telnet command mode", 0, &escape },
+    { "rlogin", "rlogin escape character", 0, &rlogin },
+    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
+    { " ", "" },
+    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
+    { "flushoutput", "character to cause an Abort Output", 0, &termFlushChar },
+    { "interrupt", "character to cause an Interrupt Process", 0, &termIntChar },
+    { "quit",	"character to cause an Abort process", 0, &termQuitChar },
+    { "eof",	"character to cause an EOF ", 0, &termEofChar },
+    { " ", "" },
+    { " ", "The following are for local editing in linemode", 0, 0 },
+    { "erase",	"character to use to erase a character", 0, &termEraseChar },
+    { "kill",	"character to use to erase a line", 0, &termKillChar },
+    { "lnext",	"character to use for literal next", 0, &termLiteralNextChar },
+    { "susp",	"character to cause a Suspend Process", 0, &termSuspChar },
+    { "reprint", "character to use for line reprint", 0, &termRprntChar },
+    { "worderase", "character to use to erase a word", 0, &termWerasChar },
+    { "start",	"character to use for XON", 0, &termStartChar },
+    { "stop",	"character to use for XOFF", 0, &termStopChar },
+    { "forw1",	"alternate end of line character", 0, &termForw1Char },
+    { "forw2",	"alternate end of line character", 0, &termForw2Char },
+    { "ayt",	"alternate AYT character", 0, &termAytChar },
+    { 0 }
+};
+
+static struct setlist *
+getset(char *name)
+{
+    return (struct setlist *)
+		genget(name, (char **) Setlist, sizeof(struct setlist));
+}
+
+void
+set_escape_char(char *s)
+{
+	if (rlogin != _POSIX_VDISABLE) {
+		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet rlogin escape character is '%s'.\r\n",
+					control(rlogin));
+	} else {
+		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
+		printf("Telnet escape character is '%s'.\r\n", control(escape));
+	}
+}
+
+static int
+setcmd(int argc, char *argv[])
+{
+    int value;
+    struct setlist *ct;
+    struct togglelist *c;
+
+    if (argc < 2 || argc > 3) {
+	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+	return 0;
+    }
+    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\r\n", ct->name, ct->help);
+	printf("\r\n");
+	settogglehelp(1);
+	printf("%-15s %s\r\n", "?", "display help information");
+	return 0;
+    }
+
+    ct = getset(argv[1]);
+    if (ct == 0) {
+	c = GETTOGGLE(argv[1]);
+	if (c == 0) {
+	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\r\n",
+			argv[1]);
+	    return 0;
+	} else if (Ambiguous(c)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+			argv[1]);
+	    return 0;
+	}
+	if (c->variable) {
+	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
+		*c->variable = 1;
+	    else if (strcmp("off", argv[2]) == 0)
+		*c->variable = 0;
+	    else {
+		printf("Format is 'set togglename [on|off]'\r\n'set ?' for help.\r\n");
+		return 0;
+	    }
+	    if (c->actionexplanation) {
+		printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+	    }
+	}
+	if (c->handler)
+	    (*c->handler)(1);
+    } else if (argc != 3) {
+	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+	return 0;
+    } else if (Ambiguous(ct)) {
+	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+			argv[1]);
+	return 0;
+    } else if (ct->handler) {
+	(*ct->handler)(argv[2]);
+	printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
+    } else {
+	if (strcmp("off", argv[2])) {
+	    value = special(argv[2]);
+	} else {
+	    value = _POSIX_VDISABLE;
+	}
+	*(ct->charp) = (cc_t)value;
+	printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+    }
+    slc_check();
+    return 1;
+}
+
+static int
+unsetcmd(int argc, char *argv[])
+{
+    struct setlist *ct;
+    struct togglelist *c;
+    char *name;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'unset' command.  'unset ?' for help.\r\n");
+	return 0;
+    }
+    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
+	for (ct = Setlist; ct->name; ct++)
+	    printf("%-15s %s\r\n", ct->name, ct->help);
+	printf("\r\n");
+	settogglehelp(0);
+	printf("%-15s %s\r\n", "?", "display help information");
+	return 0;
+    }
+
+    argc--;
+    argv++;
+    while (argc--) {
+	name = *argv++;
+	ct = getset(name);
+	if (ct == 0) {
+	    c = GETTOGGLE(name);
+	    if (c == 0) {
+		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\r\n",
+			name);
+		return 0;
+	    } else if (Ambiguous(c)) {
+		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+			name);
+		return 0;
+	    }
+	    if (c->variable) {
+		*c->variable = 0;
+		if (c->actionexplanation) {
+		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+							c->actionexplanation);
+		}
+	    }
+	    if (c->handler)
+		(*c->handler)(0);
+	} else if (Ambiguous(ct)) {
+	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+			name);
+	    return 0;
+	} else if (ct->handler) {
+	    (*ct->handler)(0);
+	    printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
+	} else {
+	    *(ct->charp) = _POSIX_VDISABLE;
+	    printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+	}
+    }
+    return 1;
+}
+
+/*
+ * The following are the data structures and routines for the
+ * 'mode' command.
+ */
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+
+static int
+dokludgemode(void)
+{
+    kludgelinemode = 1;
+    send_wont(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_SGA, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+#endif
+
+static int
+dolinemode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_dont(TELOPT_SGA, 1);
+#endif
+    send_will(TELOPT_LINEMODE, 1);
+    send_dont(TELOPT_ECHO, 1);
+    return 1;
+}
+
+static int
+docharmode()
+{
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode)
+	send_do(TELOPT_SGA, 1);
+    else
+#endif
+    send_wont(TELOPT_LINEMODE, 1);
+    send_do(TELOPT_ECHO, 1);
+    return 1;
+}
+
+static int
+dolmmode(int bit, int on)
+{
+    unsigned char c;
+    extern int linemode;
+
+    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
+	printf("?Need to have LINEMODE option enabled first.\r\n");
+	printf("'mode ?' for help.\r\n");
+ 	return 0;
+    }
+
+    if (on)
+	c = (linemode | bit);
+    else
+	c = (linemode & ~bit);
+    lm_mode(&c, 1, 1);
+    return 1;
+}
+
+static int
+tn_setmode(int bit)
+{
+    return dolmmode(bit, 1);
+}
+
+static int
+tn_clearmode(int bit)
+{
+    return dolmmode(bit, 0);
+}
+
+struct modelist {
+	char	*name;		/* command name */
+	char	*help;		/* help string */
+	int	(*handler)();	/* routine which executes command */
+	int	needconnect;	/* Do we need to be connected to execute? */
+	int	arg1;
+};
+
+static int modehelp(void);
+
+static struct modelist ModeList[] = {
+    { "character", "Disable LINEMODE option",	docharmode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or disable obsolete line-by-line mode)", 0 },
+#endif
+    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
+#ifdef	KLUDGELINEMODE
+    { "",	"(or enable obsolete line-by-line mode)", 0 },
+#endif
+    { "", "", 0 },
+    { "",	"These require the LINEMODE option to be enabled", 0 },
+    { "isig",	"Enable signal trapping",	tn_setmode, 1, MODE_TRAPSIG },
+    { "+isig",	0,				tn_setmode, 1, MODE_TRAPSIG },
+    { "-isig",	"Disable signal trapping",	tn_clearmode, 1, MODE_TRAPSIG },
+    { "edit",	"Enable character editing",	tn_setmode, 1, MODE_EDIT },
+    { "+edit",	0,				tn_setmode, 1, MODE_EDIT },
+    { "-edit",	"Disable character editing",	tn_clearmode, 1, MODE_EDIT },
+    { "softtabs", "Enable tab expansion",	tn_setmode, 1, MODE_SOFT_TAB },
+    { "+softtabs", 0,				tn_setmode, 1, MODE_SOFT_TAB },
+    { "-softtabs", "Disable character editing",	tn_clearmode, 1, MODE_SOFT_TAB },
+    { "litecho", "Enable literal character echo", tn_setmode, 1, MODE_LIT_ECHO },
+    { "+litecho", 0,				tn_setmode, 1, MODE_LIT_ECHO },
+    { "-litecho", "Disable literal character echo", tn_clearmode, 1, MODE_LIT_ECHO },
+    { "help",	0,				modehelp, 0 },
+#ifdef	KLUDGELINEMODE
+    { "kludgeline", 0,				dokludgemode, 1 },
+#endif
+    { "", "", 0 },
+    { "?",	"Print help information",	modehelp, 0 },
+    { 0 },
+};
+
+
+static int
+modehelp(void)
+{
+    struct modelist *mt;
+
+    printf("format is:  'mode Mode', where 'Mode' is one of:\r\n\r\n");
+    for (mt = ModeList; mt->name; mt++) {
+	if (mt->help) {
+	    if (*mt->help)
+		printf("%-15s %s\r\n", mt->name, mt->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+#define	GETMODECMD(name) (struct modelist *) \
+		genget(name, (char **) ModeList, sizeof(struct modelist))
+
+static int
+modecmd(int argc, char **argv)
+{
+    struct modelist *mt;
+
+    if (argc != 2) {
+	printf("'mode' command requires an argument\r\n");
+	printf("'mode ?' for help.\r\n");
+    } else if ((mt = GETMODECMD(argv[1])) == 0) {
+	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\r\n", argv[1]);
+    } else if (Ambiguous(mt)) {
+	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\r\n", argv[1]);
+    } else if (mt->needconnect && !connected) {
+	printf("?Need to be connected first.\r\n");
+	printf("'mode ?' for help.\r\n");
+    } else if (mt->handler) {
+	return (*mt->handler)(mt->arg1);
+    }
+    return 0;
+}
+
+/*
+ * The following data structures and routines implement the
+ * "display" command.
+ */
+
+static int
+display(int argc, char *argv[])
+{
+    struct togglelist *tl;
+    struct setlist *sl;
+
+#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
+			    if (*tl->variable) { \
+				printf("will"); \
+			    } else { \
+				printf("won't"); \
+			    } \
+			    printf(" %s.\r\n", tl->actionexplanation); \
+			}
+
+#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
+			if (sl->handler == 0) \
+			    printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
+			else \
+			    printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
+		    }
+
+    if (argc == 1) {
+	for (tl = Togglelist; tl->name; tl++) {
+	    dotog(tl);
+	}
+	printf("\r\n");
+	for (sl = Setlist; sl->name; sl++) {
+	    doset(sl);
+	}
+    } else {
+	int i;
+
+	for (i = 1; i < argc; i++) {
+	    sl = getset(argv[i]);
+	    tl = GETTOGGLE(argv[i]);
+	    if (Ambiguous(sl) || Ambiguous(tl)) {
+		printf("?Ambiguous argument '%s'.\r\n", argv[i]);
+		return 0;
+	    } else if (!sl && !tl) {
+		printf("?Unknown argument '%s'.\r\n", argv[i]);
+		return 0;
+	    } else {
+		if (tl) {
+		    dotog(tl);
+		}
+		if (sl) {
+		    doset(sl);
+		}
+	    }
+	}
+    }
+/*@*/optionstatus();
+#if	defined(ENCRYPTION)
+    EncryptStatus();
+#endif
+    return 1;
+#undef	doset
+#undef	dotog
+}
+
+/*
+ * The following are the data structures, and many of the routines,
+ * relating to command processing.
+ */
+
+/*
+ * Set the escape character.
+ */
+static int
+setescape(int argc, char *argv[])
+{
+	char *arg;
+	char buf[50];
+
+	printf(
+	    "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
+				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
+	if (argc > 2)
+		arg = argv[1];
+	else {
+		printf("new escape character: ");
+		fgets(buf, sizeof(buf), stdin);
+		arg = buf;
+	}
+	if (arg[0] != '\0')
+		escape = arg[0];
+	printf("Escape character is '%s'.\r\n", control(escape));
+
+	fflush(stdout);
+	return 1;
+}
+
+static int
+togcrmod()
+{
+    crmod = !crmod;
+    printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
+    printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
+    fflush(stdout);
+    return 1;
+}
+
+static int
+telnetsuspend()
+{
+#ifdef	SIGTSTP
+    setcommandmode();
+    {
+	long oldrows, oldcols, newrows, newcols, err;
+
+	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+	kill(0, SIGTSTP);
+	/*
+	 * If we didn't get the window size before the SUSPEND, but we
+	 * can get them now (?), then send the NAWS to make sure that
+	 * we are set up for the right window size.
+	 */
+	if (TerminalWindowSize(&newrows, &newcols) && connected &&
+	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		sendnaws();
+	}
+    }
+    /* reget parameters in case they were changed */
+    TerminalSaveState();
+    setconnmode(0);
+#else
+    printf("Suspend is not supported.  Try the '!' command instead\r\n");
+#endif
+    return 1;
+}
+
+static int
+shell(int argc, char **argv)
+{
+    long oldrows, oldcols, newrows, newcols, err;
+
+    setcommandmode();
+
+    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+    switch(fork()) {
+    case -1:
+	perror("Fork failed\r\n");
+	break;
+
+    case 0:
+	{
+	    /*
+	     * Fire up the shell in the child.
+	     */
+	    char *shellp, *shellname;
+
+	    shellp = getenv("SHELL");
+	    if (shellp == NULL)
+		shellp = "/bin/sh";
+	    if ((shellname = strrchr(shellp, '/')) == 0)
+		shellname = shellp;
+	    else
+		shellname++;
+	    if (argc > 1)
+		execl(shellp, shellname, "-c", &saveline[1], 0);
+	    else
+		execl(shellp, shellname, 0);
+	    perror("Execl");
+	    _exit(1);
+	}
+    default:
+	    wait((int *)0);	/* Wait for the shell to complete */
+
+	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
+		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
+		    sendnaws();
+	    }
+	    break;
+    }
+    return 1;
+}
+
+static int
+bye(int argc, char **argv)
+{
+    extern int resettermname;
+
+    if (connected) {
+	shutdown(net, 2);
+	printf("Connection closed.\r\n");
+	NetClose(net);
+	connected = 0;
+	resettermname = 1;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif
+	/* reset options */
+	tninit();
+    }
+    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) 
+	longjmp(toplevel, 1);
+    return 0;	/* NOTREACHED */
+}
+
+int
+quit(void)
+{
+	call(bye, "bye", "fromquit", 0);
+	Exit(0);
+	return 0; /*NOTREACHED*/
+}
+
+static int
+logout()
+{
+	send_do(TELOPT_LOGOUT, 1);
+	netflush();
+	return 1;
+}
+
+
+/*
+ * The SLC command.
+ */
+
+struct slclist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	arg;
+};
+
+static void slc_help(void);
+
+struct slclist SlcList[] = {
+    { "export",	"Use local special character definitions",
+						slc_mode_export,	0 },
+    { "import",	"Use remote special character definitions",
+						slc_mode_import,	1 },
+    { "check",	"Verify remote special character definitions",
+						slc_mode_import,	0 },
+    { "help",	0,				slc_help,		0 },
+    { "?",	"Print help information",	slc_help,		0 },
+    { 0 },
+};
+
+static void
+slc_help(void)
+{
+    struct slclist *c;
+
+    for (c = SlcList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+static struct slclist *
+getslc(char *name)
+{
+    return (struct slclist *)
+		genget(name, (char **) SlcList, sizeof(struct slclist));
+}
+
+static int
+slccmd(int argc, char **argv)
+{
+    struct slclist *c;
+
+    if (argc != 2) {
+	fprintf(stderr,
+	    "Need an argument to 'slc' command.  'slc ?' for help.\r\n");
+	return 0;
+    }
+    c = getslc(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    (*c->handler)(c->arg);
+    slcstate();
+    return 1;
+}
+
+/*
+ * The ENVIRON command.
+ */
+
+struct envlist {
+	char	*name;
+	char	*help;
+	void	(*handler)();
+	int	narg;
+};
+
+static void env_help (void);
+
+struct envlist EnvList[] = {
+    { "define",	"Define an environment variable",
+						(void (*)())env_define,	2 },
+    { "undefine", "Undefine an environment variable",
+						env_undefine,	1 },
+    { "export",	"Mark an environment variable for automatic export",
+						env_export,	1 },
+    { "unexport", "Don't mark an environment variable for automatic export",
+						env_unexport,	1 },
+    { "send",	"Send an environment variable", env_send,	1 },
+    { "list",	"List the current environment variables",
+						env_list,	0 },
+    { "help",	0,				env_help,		0 },
+    { "?",	"Print help information",	env_help,		0 },
+    { 0 },
+};
+
+static void
+env_help()
+{
+    struct envlist *c;
+
+    for (c = EnvList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+}
+
+static struct envlist *
+getenvcmd(char *name)
+{
+    return (struct envlist *)
+		genget(name, (char **) EnvList, sizeof(struct envlist));
+}
+
+static int
+env_cmd(int argc, char **argv)
+{
+    struct envlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'environ' command.  'environ ?' for help.\r\n");
+	return 0;
+    }
+    c = getenvcmd(argv[1]);
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\r\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    (*c->handler)(argv[2], argv[3]);
+    return 1;
+}
+
+struct env_lst {
+	struct env_lst *next;	/* pointer to next structure */
+	struct env_lst *prev;	/* pointer to previous structure */
+	unsigned char *var;	/* pointer to variable name */
+	unsigned char *value;	/* pointer to variable value */
+	int export;		/* 1 -> export with default list of variables */
+	int welldefined;	/* A well defined variable */
+};
+
+struct env_lst envlisthead;
+
+struct env_lst *
+env_find(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		if (strcmp((char *)ep->var, (char *)var) == 0)
+			return(ep);
+	}
+	return(NULL);
+}
+
+#if IRIX == 4
+#define environ _environ
+#endif
+
+void
+env_init(void)
+{
+	extern char **environ;
+	char **epp, *cp;
+	struct env_lst *ep;
+
+	for (epp = environ; *epp; epp++) {
+		if ((cp = strchr(*epp, '='))) {
+			*cp = '\0';
+			ep = env_define((unsigned char *)*epp,
+					(unsigned char *)cp+1);
+			ep->export = 0;
+			*cp = '=';
+		}
+	}
+	/*
+	 * Special case for DISPLAY variable.  If it is ":0.0" or
+	 * "unix:0.0", we have to get rid of "unix" and insert our
+	 * hostname.
+	 */
+	if ((ep = env_find("DISPLAY"))
+	    && (*ep->value == ':'
+	    || strncmp((char *)ep->value, "unix:", 5) == 0)) {
+		char hbuf[256+1];
+		char *cp2 = strchr((char *)ep->value, ':');
+
+		/* XXX - should be k_gethostname? */
+		gethostname(hbuf, 256);
+		hbuf[256] = '\0';
+
+		/* If this is not the full name, try to get it via DNS */
+		if (strchr(hbuf, '.') == 0) {
+			struct hostent *he = roken_gethostbyname(hbuf);
+			if (he != NULL)
+				strcpy_truncate(hbuf, he->h_name, 256);
+		}
+
+		asprintf (&cp, "%s%s", hbuf, cp2);
+		free (ep->value);
+		ep->value = (unsigned char *)cp;
+	}
+	/*
+	 * If USER is not defined, but LOGNAME is, then add
+	 * USER with the value from LOGNAME.  By default, we
+	 * don't export the USER variable.
+	 */
+	if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) {
+		env_define((unsigned char *)"USER", ep->value);
+		env_unexport((unsigned char *)"USER");
+	}
+	env_export((unsigned char *)"DISPLAY");
+	env_export((unsigned char *)"PRINTER");
+	env_export((unsigned char *)"XAUTHORITY");
+}
+
+struct env_lst *
+env_define(unsigned char *var, unsigned char *value)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+	} else {
+		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
+		ep->next = envlisthead.next;
+		envlisthead.next = ep;
+		ep->prev = &envlisthead;
+		if (ep->next)
+			ep->next->prev = ep;
+	}
+	ep->welldefined = opt_welldefined((char *)var);
+	ep->export = 1;
+	ep->var = (unsigned char *)strdup((char *)var);
+	ep->value = (unsigned char *)strdup((char *)value);
+	return(ep);
+}
+
+void
+env_undefine(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var))) {
+		ep->prev->next = ep->next;
+		if (ep->next)
+			ep->next->prev = ep->prev;
+		if (ep->var)
+			free(ep->var);
+		if (ep->value)
+			free(ep->value);
+		free(ep);
+	}
+}
+
+void
+env_export(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 1;
+}
+
+void
+env_unexport(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		ep->export = 0;
+}
+
+void
+env_send(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if (my_state_is_wont(TELOPT_NEW_ENVIRON)
+#ifdef	OLD_ENVIRON
+	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
+#endif
+		) {
+		fprintf(stderr,
+		    "Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
+									var);
+		return;
+	}
+	ep = env_find(var);
+	if (ep == 0) {
+		fprintf(stderr, "Cannot send '%s': variable not defined\r\n",
+									var);
+		return;
+	}
+	env_opt_start_info();
+	env_opt_add(ep->var);
+	env_opt_end(0);
+}
+
+void
+env_list(void)
+{
+	struct env_lst *ep;
+
+	for (ep = envlisthead.next; ep; ep = ep->next) {
+		printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
+					ep->var, ep->value);
+	}
+}
+
+unsigned char *
+env_default(int init, int welldefined)
+{
+	static struct env_lst *nep = NULL;
+
+	if (init) {
+		nep = &envlisthead;
+		return NULL;
+	}
+	if (nep) {
+		while ((nep = nep->next)) {
+			if (nep->export && (nep->welldefined == welldefined))
+				return(nep->var);
+		}
+	}
+	return(NULL);
+}
+
+unsigned char *
+env_getvalue(unsigned char *var)
+{
+	struct env_lst *ep;
+
+	if ((ep = env_find(var)))
+		return(ep->value);
+	return(NULL);
+}
+
+
+#if	defined(AUTHENTICATION)
+/*
+ * The AUTHENTICATE command.
+ */
+
+struct authlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	narg;
+};
+
+static int
+	auth_help (void);
+
+struct authlist AuthList[] = {
+    { "status",	"Display current status of authentication information",
+						auth_status,	0 },
+    { "disable", "Disable an authentication type ('auth disable ?' for more)",
+						auth_disable,	1 },
+    { "enable", "Enable an authentication type ('auth enable ?' for more)",
+						auth_enable,	1 },
+    { "help",	0,				auth_help,		0 },
+    { "?",	"Print help information",	auth_help,		0 },
+    { 0 },
+};
+
+static int
+auth_help()
+{
+    struct authlist *c;
+
+    for (c = AuthList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+static int
+auth_cmd(int argc, char **argv)
+{
+    struct authlist *c;
+
+    if (argc < 2) {
+	fprintf(stderr,
+	    "Need an argument to 'auth' command.  'auth ?' for help.\r\n");
+	return 0;
+    }
+
+    c = (struct authlist *)
+		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
+    if (c == 0) {
+	fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (Ambiguous(c)) {
+	fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
+    				argv[1]);
+	return 0;
+    }
+    if (c->narg + 2 != argc) {
+	fprintf(stderr,
+	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\r\n",
+		c->narg < argc + 2 ? "only " : "",
+		c->narg, c->narg == 1 ? "" : "s", c->name);
+	return 0;
+    }
+    return((*c->handler)(argv[2], argv[3]));
+}
+#endif
+
+
+#if	defined(ENCRYPTION)
+/*
+ * The ENCRYPT command.
+ */
+
+struct encryptlist {
+	char	*name;
+	char	*help;
+	int	(*handler)();
+	int	needconnect;
+	int	minarg;
+	int	maxarg;
+};
+
+static int
+	EncryptHelp (void);
+
+struct encryptlist EncryptList[] = {
+    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
+						EncryptEnable, 1, 1, 2 },
+    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
+						EncryptDisable, 0, 1, 2 },
+    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
+						EncryptType, 0, 1, 1 },
+    { "start", "Start encryption. ('encrypt start ?' for more)",
+						EncryptStart, 1, 0, 1 },
+    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
+						EncryptStop, 1, 0, 1 },
+    { "input", "Start encrypting the input stream",
+						EncryptStartInput, 1, 0, 0 },
+    { "-input", "Stop encrypting the input stream",
+						EncryptStopInput, 1, 0, 0 },
+    { "output", "Start encrypting the output stream",
+						EncryptStartOutput, 1, 0, 0 },
+    { "-output", "Stop encrypting the output stream",
+						EncryptStopOutput, 1, 0, 0 },
+
+    { "status",	"Display current status of authentication information",
+						EncryptStatus,	0, 0, 0 },
+    { "help",	0,				EncryptHelp,	0, 0, 0 },
+    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
+    { 0 },
+};
+
+static int
+EncryptHelp()
+{
+    struct encryptlist *c;
+
+    for (c = EncryptList; c->name; c++) {
+	if (c->help) {
+	    if (*c->help)
+		printf("%-15s %s\r\n", c->name, c->help);
+	    else
+		printf("\r\n");
+	}
+    }
+    return 0;
+}
+
+static int
+encrypt_cmd(int argc, char **argv)
+{
+    struct encryptlist *c;
+
+    c = (struct encryptlist *)
+		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
+    if (c == 0) {
+        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
+    				argv[1]);
+        return 0;
+    }
+    if (Ambiguous(c)) {
+        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
+    				argv[1]);
+        return 0;
+    }
+    argc -= 2;
+    if (argc < c->minarg || argc > c->maxarg) {
+	if (c->minarg == c->maxarg) {
+	    fprintf(stderr, "Need %s%d argument%s ",
+		c->minarg < argc ? "only " : "", c->minarg,
+		c->minarg == 1 ? "" : "s");
+	} else {
+	    fprintf(stderr, "Need %s%d-%d arguments ",
+		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
+	}
+	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\r\n",
+		c->name);
+	return 0;
+    }
+    if (c->needconnect && !connected) {
+	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
+	    printf("?Need to be connected first.\r\n");
+	    return 0;
+	}
+    }
+    return ((*c->handler)(argc > 0 ? argv[2] : 0,
+			argc > 1 ? argv[3] : 0,
+			argc > 2 ? argv[4] : 0));
+}
+#endif
+
+
+/*
+ * Print status about the connection.
+ */
+
+static int
+status(int argc, char **argv)
+{
+    if (connected) {
+	printf("Connected to %s.\r\n", hostname);
+	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
+	    int mode = getconnmode();
+
+	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
+		printf("Operating with LINEMODE option\r\n");
+		printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
+		printf("%s catching of signals\r\n",
+					(mode&MODE_TRAPSIG) ? "Local" : "No");
+		slcstate();
+#ifdef	KLUDGELINEMODE
+	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
+		printf("Operating in obsolete linemode\r\n");
+#endif
+	    } else {
+		printf("Operating in single character mode\r\n");
+		if (localchars)
+		    printf("Catching signals locally\r\n");
+	    }
+	    printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
+	    if (my_want_state_is_will(TELOPT_LFLOW))
+		printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
+#if	defined(ENCRYPTION)
+	    encrypt_display();
+#endif
+	}
+    } else {
+	printf("No connection.\r\n");
+    }
+    printf("Escape character is '%s'.\r\n", control(escape));
+    fflush(stdout);
+    return 1;
+}
+
+#ifdef	SIGINFO
+/*
+ * Function that gets called when SIGINFO is received.
+ */
+void
+ayt_status(int ignore)
+{
+    call(status, "status", "notmuch", 0);
+}
+#endif
+
+static Command *getcmd(char *name);
+
+static void
+cmdrc(char *m1, char *m2)
+{
+    static char rcname[128];
+    Command *c;
+    FILE *rcfile;
+    int gotmachine = 0;
+    int l1 = strlen(m1);
+    int l2 = strlen(m2);
+    char m1save[64];
+
+    if (skiprc)
+	return;
+
+    strcpy_truncate(m1save, m1, sizeof(m1save));
+    m1 = m1save;
+
+    if (rcname[0] == 0) {
+	char *home = getenv("HOME");
+
+	snprintf (rcname, sizeof(rcname), "%s/.telnetrc",
+		  home ? home : "");
+    }
+
+    if ((rcfile = fopen(rcname, "r")) == 0) {
+	return;
+    }
+
+    for (;;) {
+	if (fgets(line, sizeof(line), rcfile) == NULL)
+	    break;
+	if (line[0] == 0)
+	    break;
+	if (line[0] == '#')
+	    continue;
+	if (gotmachine) {
+	    if (!isspace(line[0]))
+		gotmachine = 0;
+	}
+	if (gotmachine == 0) {
+	    if (isspace(line[0]))
+		continue;
+	    if (strncasecmp(line, m1, l1) == 0)
+		strncpy(line, &line[l1], sizeof(line) - l1);
+	    else if (strncasecmp(line, m2, l2) == 0)
+		strncpy(line, &line[l2], sizeof(line) - l2);
+	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
+		strncpy(line, &line[7], sizeof(line) - 7);
+	    else
+		continue;
+	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
+		continue;
+	    gotmachine = 1;
+	}
+	makeargv();
+	if (margv[0] == 0)
+	    continue;
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command: %s\r\n", margv[0]);
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command: %s\r\n", margv[0]);
+	    continue;
+	}
+	/*
+	 * This should never happen...
+	 */
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first for %s.\r\n", margv[0]);
+	    continue;
+	}
+	(*c->handler)(margc, margv);
+    }
+    fclose(rcfile);
+}
+
+int
+tn(int argc, char **argv)
+{
+    struct hostent *host = 0;
+#ifdef HAVE_IPV6
+    struct sockaddr_in6 sin6;
+#endif
+    struct sockaddr_in sin;
+    struct sockaddr *sa = NULL;
+    int sa_size = 0;
+    struct servent *sp = 0;
+    unsigned long temp;
+    extern char *inet_ntoa();
+#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    char *srp = 0;
+    int srlen;
+#endif
+    char *cmd, *hostp = 0, *portp = 0;
+    char *user = 0;
+    int family, port = 0;
+    char **addr_list;
+
+    /* clear the socket address prior to use */
+
+    if (connected) {
+	printf("?Already connected to %s\r\n", hostname);
+	setuid(getuid());
+	return 0;
+    }
+    if (argc < 2) {
+	strcpy_truncate(line, "open ", sizeof(line));
+	printf("(to) ");
+	fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
+	makeargv();
+	argc = margc;
+	argv = margv;
+    }
+    cmd = *argv;
+    --argc; ++argv;
+    while (argc) {
+	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
+	    goto usage;
+	if (strcmp(*argv, "-l") == 0) {
+	    --argc; ++argv;
+	    if (argc == 0)
+		goto usage;
+	    user = strdup(*argv++);
+	    --argc;
+	    continue;
+	}
+	if (strcmp(*argv, "-a") == 0) {
+	    --argc; ++argv;
+	    autologin = 1;
+	    continue;
+	}
+	if (hostp == 0) {
+	    hostp = *argv++;
+	    --argc;
+	    continue;
+	}
+	if (portp == 0) {
+	    portp = *argv++;
+	    --argc;
+	    continue;
+	}
+    usage:
+	printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
+	setuid(getuid());
+	return 0;
+    }
+    if (hostp == 0)
+	goto usage;
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    if (hostp[0] == '@' || hostp[0] == '!') {
+	if ((hostname = strrchr(hostp, ':')) == NULL)
+	    hostname = strrchr(hostp, '@');
+	hostname++;
+	srp = 0;
+	temp = sourceroute(hostp, &srp, &srlen);
+	if (temp == 0) {
+	    fprintf (stderr, "%s: %s\r\n", srp ? srp : "", hstrerror(h_errno));
+	    setuid(getuid());
+	    return 0;
+	} else if (temp == -1) {
+	    printf("Bad source route option: %s\r\n", hostp);
+	    setuid(getuid());
+	    return 0;
+	} else {
+	    abort();
+	}
+    } else {
+#endif
+	memset (&sin, 0, sizeof(sin));
+#ifdef HAVE_IPV6
+	memset (&sin6, 0, sizeof(sin6));
+
+	if(inet_pton(AF_INET6, hostp, &sin6.sin6_addr)) {
+	    sin6.sin6_family = family = AF_INET6;
+	    sa = (struct sockaddr *)&sin6;
+	    sa_size = sizeof(sin6);
+	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    hostname =_hostname;
+	} else
+#endif
+	if(inet_aton(hostp, &sin.sin_addr)){
+	    sin.sin_family = family = AF_INET;
+	    sa = (struct sockaddr *)&sin;
+	    sa_size = sizeof(sin);
+	    strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+	    hostname = _hostname;
+	} else {
+#ifdef HAVE_GETHOSTBYNAME2
+#ifdef HAVE_IPV6
+	    host = gethostbyname2(hostp, AF_INET6);
+	    if(host == NULL)
+#endif
+		host = gethostbyname2(hostp, AF_INET);
+#else
+	    host = roken_gethostbyname(hostp);
+#endif
+	    if (host) {
+		strcpy_truncate(_hostname, host->h_name, sizeof(_hostname));
+		family = host->h_addrtype;
+		addr_list = host->h_addr_list;
+
+		switch(family) {
+		case AF_INET:
+		    memset(&sin, 0, sizeof(sin));
+		    sa_size = sizeof(sin);
+		    sa = (struct sockaddr *)&sin;
+		    sin.sin_family = family;
+		    sin.sin_addr   = *((struct in_addr *)(*addr_list));
+		    break;
+#ifdef HAVE_IPV6
+		case AF_INET6:
+		    memset(&sin6, 0, sizeof(sin6));
+		    sa_size = sizeof(sin6);
+		    sa = (struct sockaddr *)&sin6;
+		    sin6.sin6_family = family;
+		    sin6.sin6_addr   = *((struct in6_addr *)(*addr_list));
+		    break;
+#endif
+		default:
+		    fprintf(stderr, "Bad address family: %d\n", family);
+		    return 0;
+		}
+
+		_hostname[sizeof(_hostname)-1] = '\0';
+		hostname = _hostname;
+	    } else {
+	        fprintf (stderr, "%s: %s\r\n", hostp ? hostp : "",
+			 hstrerror(h_errno));
+		setuid(getuid());
+		return 0;
+	    }
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+    }
+#endif
+    if (portp) {
+	if (*portp == '-') {
+	    portp++;
+	    telnetport = 1;
+	} else
+	    telnetport = 0;
+	port = atoi(portp);
+	if (port == 0) {
+	    sp = roken_getservbyname(portp, "tcp");
+	    if (sp)
+		port = sp->s_port;
+	    else {
+		printf("%s: bad port number\r\n", portp);
+		setuid(getuid());
+		return 0;
+	    }
+	} else {
+	    port = htons(port);
+	}
+    } else {
+	if (sp == 0) {
+	    sp = roken_getservbyname("telnet", "tcp");
+	    if (sp == 0) {
+		fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n");
+		setuid(getuid());
+		return 0;
+	    }
+	    port = sp->s_port;
+	}
+	telnetport = 1;
+    }
+    do {
+	switch(family) {
+	case AF_INET:
+	    sin.sin_port = port;
+	    printf("Trying %s...\r\n", inet_ntoa(sin.sin_addr));
+	    break;
+#ifdef HAVE_IPV6
+	case AF_INET6: {
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46 
+#endif
+
+	    char buf[INET6_ADDRSTRLEN];
+
+	    sin6.sin6_port = port;
+#ifdef HAVE_INET_NTOP
+	    printf("Trying %s...\r\n", inet_ntop(AF_INET6,
+						 &sin6.sin6_addr,
+						 buf,
+						 sizeof(buf)));
+#endif
+	    break;
+	}
+#endif
+	default:
+	    abort();
+	}
+
+
+	net = socket(family, SOCK_STREAM, 0);
+	setuid(getuid());
+	if (net < 0) {
+	    perror("telnet: socket");
+	    return 0;
+	}
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT)
+	if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (void *)srp,
+			      srlen) < 0)
+		perror("setsockopt (IP_OPTIONS)");
+#endif
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+	{
+# if	defined(HAVE_GETTOSBYNAME)
+	    struct tosent *tp;
+	    if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+		tos = tp->t_tos;
+# endif
+	    if (tos < 0)
+		tos = 020;	/* Low Delay bit */
+	    if (tos
+		&& (setsockopt(net, IPPROTO_IP, IP_TOS,
+		    (void *)&tos, sizeof(int)) < 0)
+		&& (errno != ENOPROTOOPT))
+		    perror("telnet: setsockopt (IP_TOS) (ignored)");
+	}
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+	if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
+		perror("setsockopt (SO_DEBUG)");
+	}
+
+	if (connect(net, sa, sa_size) < 0) {
+	    if (host && addr_list[1]) {
+		int oerrno = errno;
+
+		switch(family) {
+		case AF_INET :
+		    fprintf(stderr, "telnet: connect to address %s: ",
+			    inet_ntoa(sin.sin_addr));
+		    sin.sin_addr = *((struct in_addr *)(*++addr_list));
+		    break;
+#ifdef HAVE_IPV6
+		case AF_INET6: {
+		    char buf[INET6_ADDRSTRLEN];
+
+		    fprintf(stderr, "telnet: connect to address %s: ",
+			    inet_ntop(AF_INET6, &sin6.sin6_addr, buf,
+				      sizeof(buf)));
+		    sin6.sin6_addr = *((struct in6_addr *)(*++addr_list));
+		    break;
+		}
+#endif
+		default:
+		    abort();
+		}
+		    
+		errno = oerrno;
+		perror(NULL);
+		NetClose(net);
+		continue;
+	    }
+	    perror("telnet: Unable to connect to remote host");
+	    return 0;
+	}
+	connected++;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+	auth_encrypt_connect(connected);
+#endif
+    } while (connected == 0);
+    cmdrc(hostp, hostname);
+    if (autologin && user == NULL)
+	user = (char *)get_default_username ();
+    if (user) {
+	env_define((unsigned char *)"USER", (unsigned char *)user);
+	env_export((unsigned char *)"USER");
+    }
+    call(status, "status", "notmuch", 0);
+    if (setjmp(peerdied) == 0)
+	my_telnet((char *)user);
+    NetClose(net);
+    ExitString("Connection closed by foreign host.\r\n",1);
+    /*NOTREACHED*/
+    return 0;
+}
+
+#define HELPINDENT ((int)sizeof ("connect"))
+
+static char
+	openhelp[] =	"connect to a site",
+	closehelp[] =	"close current connection",
+	logouthelp[] =	"forcibly logout remote user and close the connection",
+	quithelp[] =	"exit telnet",
+	statushelp[] =	"print status information",
+	helphelp[] =	"print help information",
+	sendhelp[] =	"transmit special characters ('send ?' for more)",
+	sethelp[] = 	"set operating parameters ('set ?' for more)",
+	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
+	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
+	slchelp[] =	"change state of special charaters ('slc ?' for more)",
+	displayhelp[] =	"display operating parameters",
+#if	defined(AUTHENTICATION)
+	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
+#endif
+#if	defined(ENCRYPTION)
+	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
+#endif
+	zhelp[] =	"suspend telnet",
+	shellhelp[] =	"invoke a subshell",
+	envhelp[] =	"change environment variables ('environ ?' for more)",
+	modestring[] = "try to enter line or character mode ('mode ?' for more)";
+
+static int help(int argc, char **argv);
+
+static Command cmdtab[] = {
+	{ "close",	closehelp,	bye,		1 },
+	{ "logout",	logouthelp,	logout,		1 },
+	{ "display",	displayhelp,	display,	0 },
+	{ "mode",	modestring,	modecmd,	0 },
+	{ "open",	openhelp,	tn,		0 },
+	{ "quit",	quithelp,	quit,		0 },
+	{ "send",	sendhelp,	sendcmd,	0 },
+	{ "set",	sethelp,	setcmd,		0 },
+	{ "unset",	unsethelp,	unsetcmd,	0 },
+	{ "status",	statushelp,	status,		0 },
+	{ "toggle",	togglestring,	toggle,		0 },
+	{ "slc",	slchelp,	slccmd,		0 },
+#if	defined(AUTHENTICATION)
+	{ "auth",	authhelp,	auth_cmd,	0 },
+#endif
+#if	defined(ENCRYPTION)
+	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
+#endif
+	{ "z",		zhelp,		telnetsuspend,	0 },
+	{ "!",		shellhelp,	shell,		0 },
+	{ "environ",	envhelp,	env_cmd,	0 },
+	{ "?",		helphelp,	help,		0 },
+	{ 0,            0,              0,              0 }
+};
+
+static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
+static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
+
+static Command cmdtab2[] = {
+	{ "help",	0,		help,		0 },
+	{ "escape",	escapehelp,	setescape,	0 },
+	{ "crmod",	crmodhelp,	togcrmod,	0 },
+	{ 0,            0,		0, 		0 }
+};
+
+
+/*
+ * Call routine with argc, argv set from args (terminated by 0).
+ */
+
+static int
+call(intrtn_t routine, ...)
+{
+    va_list ap;
+    char *args[100];
+    int argno = 0;
+
+    va_start(ap, routine);
+    while ((args[argno++] = va_arg(ap, char *)) != 0);
+    va_end(ap);
+    return (*routine)(argno-1, args);
+}
+
+
+static Command
+*getcmd(char *name)
+{
+    Command *cm;
+
+    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
+	return cm;
+    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
+}
+
+void
+command(int top, char *tbuf, int cnt)
+{
+    Command *c;
+
+    setcommandmode();
+    if (!top) {
+	putchar('\n');
+    } else {
+	signal(SIGINT, SIG_DFL);
+	signal(SIGQUIT, SIG_DFL);
+    }
+    for (;;) {
+	if (rlogin == _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	if (tbuf) {
+	    char *cp;
+	    cp = line;
+	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
+		cnt--;
+	    tbuf = 0;
+	    if (cp == line || *--cp != '\n' || cp == line)
+		goto getline;
+	    *cp = '\0';
+	    if (rlogin == _POSIX_VDISABLE)
+		printf("%s\r\n", line);
+	} else {
+	getline:
+	    if (rlogin != _POSIX_VDISABLE)
+		printf("%s> ", prompt);
+	    if (fgets(line, sizeof(line), stdin) == NULL) {
+		if (feof(stdin) || ferror(stdin)) {
+		    quit();
+		    /*NOTREACHED*/
+		}
+		break;
+	    }
+	}
+	if (line[0] == 0)
+	    break;
+	makeargv();
+	if (margv[0] == 0) {
+	    break;
+	}
+	c = getcmd(margv[0]);
+	if (Ambiguous(c)) {
+	    printf("?Ambiguous command\r\n");
+	    continue;
+	}
+	if (c == 0) {
+	    printf("?Invalid command\r\n");
+	    continue;
+	}
+	if (c->needconnect && !connected) {
+	    printf("?Need to be connected first.\r\n");
+	    continue;
+	}
+	if ((*c->handler)(margc, margv)) {
+	    break;
+	}
+    }
+    if (!top) {
+	if (!connected) {
+	    longjmp(toplevel, 1);
+	    /*NOTREACHED*/
+	}
+	setconnmode(0);
+    }
+}
+
+/*
+ * Help command.
+ */
+static int
+help(int argc, char **argv)
+{
+	Command *c;
+
+	if (argc == 1) {
+		printf("Commands may be abbreviated.  Commands are:\r\n\r\n");
+		for (c = cmdtab; c->name; c++)
+			if (c->help) {
+				printf("%-*s\t%s\r\n", HELPINDENT, c->name,
+								    c->help);
+			}
+		return 0;
+	}
+	while (--argc > 0) {
+		char *arg;
+		arg = *++argv;
+		c = getcmd(arg);
+		if (Ambiguous(c))
+			printf("?Ambiguous help command %s\r\n", arg);
+		else if (c == (Command *)0)
+			printf("?Invalid help command %s\r\n", arg);
+		else
+			printf("%s\r\n", c->help);
+	}
+	return 0;
+}
+
+
+#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
+
+/*
+ * Source route is handed in as
+ *	[!]@hop1@hop2...[@|:]dst
+ * If the leading ! is present, it is a
+ * strict source route, otherwise it is
+ * assmed to be a loose source route.
+ *
+ * We fill in the source route option as
+ *	hop1,hop2,hop3...dest
+ * and return a pointer to hop1, which will
+ * be the address to connect() to.
+ *
+ * Arguments:
+ *	arg:	pointer to route list to decipher
+ *
+ *	cpp: 	If *cpp is not equal to NULL, this is a
+ *		pointer to a pointer to a character array
+ *		that should be filled in with the option.
+ *
+ *	lenp:	pointer to an integer that contains the
+ *		length of *cpp if *cpp != NULL.
+ *
+ * Return values:
+ *
+ *	Returns the address of the host to connect to.  If the
+ *	return value is -1, there was a syntax error in the
+ *	option, either unknown characters, or too many hosts.
+ *	If the return value is 0, one of the hostnames in the
+ *	path is unknown, and *cpp is set to point to the bad
+ *	hostname.
+ *
+ *	*cpp:	If *cpp was equal to NULL, it will be filled
+ *		in with a pointer to our static area that has
+ *		the option filled in.  This will be 32bit aligned.
+ *
+ *	*lenp:	This will be filled in with how long the option
+ *		pointed to by *cpp is.
+ *
+ */
+unsigned long
+sourceroute(char *arg, char **cpp, int *lenp)
+{
+	static char lsr[44];
+	char *cp, *cp2, *lsrp, *lsrep;
+	int tmp;
+	struct in_addr sin_addr;
+	struct hostent *host = 0;
+	char c;
+
+	/*
+	 * Verify the arguments, and make sure we have
+	 * at least 7 bytes for the option.
+	 */
+	if (cpp == NULL || lenp == NULL)
+		return((unsigned long)-1);
+	if (*cpp != NULL && *lenp < 7)
+		return((unsigned long)-1);
+	/*
+	 * Decide whether we have a buffer passed to us,
+	 * or if we need to use our own static buffer.
+	 */
+	if (*cpp) {
+		lsrp = *cpp;
+		lsrep = lsrp + *lenp;
+	} else {
+		*cpp = lsrp = lsr;
+		lsrep = lsrp + 44;
+	}
+
+	cp = arg;
+
+	/*
+	 * Next, decide whether we have a loose source
+	 * route or a strict source route, and fill in
+	 * the begining of the option.
+	 */
+	if (*cp == '!') {
+		cp++;
+		*lsrp++ = IPOPT_SSRR;
+	} else
+		*lsrp++ = IPOPT_LSRR;
+
+	if (*cp != '@')
+		return((unsigned long)-1);
+
+	lsrp++;		/* skip over length, we'll fill it in later */
+	*lsrp++ = 4;
+
+	cp++;
+
+	sin_addr.s_addr = 0;
+
+	for (c = 0;;) {
+		if (c == ':')
+			cp2 = 0;
+		else for (cp2 = cp; (c = *cp2); cp2++) {
+			if (c == ',') {
+				*cp2++ = '\0';
+				if (*cp2 == '@')
+					cp2++;
+			} else if (c == '@') {
+				*cp2++ = '\0';
+			} else if (c == ':') {
+				*cp2++ = '\0';
+			} else
+				continue;
+			break;
+		}
+		if (!c)
+			cp2 = 0;
+
+		if ((tmp = inet_addr(cp)) != -1) {
+			sin_addr.s_addr = tmp;
+		} else if ((host = roken_gethostbyname(cp))) {
+			memmove(&sin_addr,
+				host->h_addr_list[0],
+				sizeof(sin_addr));
+		} else {
+			*cpp = cp;
+			return(0);
+		}
+		memmove(lsrp, &sin_addr, 4);
+		lsrp += 4;
+		if (cp2)
+			cp = cp2;
+		else
+			break;
+		/*
+		 * Check to make sure there is space for next address
+		 */
+		if (lsrp + 4 > lsrep)
+			return((unsigned long)-1);
+	}
+	if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
+		*cpp = 0;
+		*lenp = 0;
+		return((unsigned long)-1);
+	}
+	*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
+	*lenp = lsrp - *cpp;
+	return(sin_addr.s_addr);
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnet/defines.h b/crypto/kerberosIV/appl/telnet/telnet/defines.h
new file mode 100644
index 0000000..5c1ac2b
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/defines.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defines.h	8.1 (Berkeley) 6/6/93
+ */
+
+#define	settimer(x)	clocks.x = clocks.system++
+
+#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
+#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
+#define	NETBYTES()	(ring_full_count(&netoring))
+#define	NETROOM()	(ring_empty_count(&netoring))
+
+#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
+				*ttyoring.supply = c; \
+				ring_supplied(&ttyoring, 1); \
+			}
+#define	TTYBYTES()	(ring_full_count(&ttyoring))
+#define	TTYROOM()	(ring_empty_count(&ttyoring))
+
+/*	Various modes */
+#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
+#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
+#define	MODE_COMMAND_LINE(m)	((m)==-1)
+
+#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
+
+
+/* XXX extra mode bits, these should be synced with <arpa/telnet.h> */
+
+#define MODE_OUT8	0x8000 /* binary mode sans -opost */
diff --git a/crypto/kerberosIV/appl/telnet/telnet/externs.h b/crypto/kerberosIV/appl/telnet/telnet/externs.h
new file mode 100644
index 0000000..f8b1668
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/externs.h
@@ -0,0 +1,429 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)externs.h	8.3 (Berkeley) 5/30/95
+ */
+
+/* $Id: externs.h,v 1.18 1998/07/09 23:16:36 assar Exp $ */
+
+#ifndef	BSD
+# define BSD 43
+#endif
+
+#ifndef	_POSIX_VDISABLE
+# ifdef sun
+#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
+# endif
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((cc_t)'\377')
+# endif
+#endif
+
+#define	SUBBUFSIZE	256
+
+extern int
+    autologin,		/* Autologin enabled */
+    skiprc,		/* Don't process the ~/.telnetrc file */
+    eight,		/* use eight bit mode (binary in and/or out */
+    binary,
+    flushout,		/* flush output */
+    connected,		/* Are we connected to the other side? */
+    globalmode,		/* Mode tty should be in */
+    telnetport,		/* Are we connected to the telnet port? */
+    localflow,		/* Flow control handled locally */
+    restartany,		/* If flow control, restart output on any character */
+    localchars,		/* we recognize interrupt/quit */
+    donelclchars,	/* the user has set "localchars" */
+    showoptions,
+    net,		/* Network file descriptor */
+    tin,		/* Terminal input file descriptor */
+    tout,		/* Terminal output file descriptor */
+    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+    autoflush,		/* flush output when interrupting? */
+    autosynch,		/* send interrupt characters with SYNCH? */
+    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
+    donebinarytoggle,	/* the user has put us in binary */
+    dontlecho,		/* do we suppress local echoing right now? */
+    crmod,
+    netdata,		/* Print out network data flow */
+    prettydump,		/* Print "netdata" output in user readable format */
+    termdata,		/* Print out terminal data flow */
+    debug;		/* Debug level */
+
+extern cc_t escape;	/* Escape to command mode */
+extern cc_t rlogin;	/* Rlogin mode escape character */
+#ifdef	KLUDGELINEMODE
+extern cc_t echoc;	/* Toggle local echoing */
+#endif
+
+extern char
+    *prompt;		/* Prompt for command. */
+
+extern char
+    doopt[],
+    dont[],
+    will[],
+    wont[],
+    options[],		/* All the little options */
+    *hostname;		/* Who are we connected to? */
+#if	defined(ENCRYPTION)
+extern void (*encrypt_output) (unsigned char *, int);
+extern int (*decrypt_input) (int);
+#endif
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
+#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
+#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
+#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
+
+#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
+#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
+#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
+#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+
+extern FILE
+    *NetTrace;		/* Where debugging output goes */
+extern char
+    NetTraceFile[];	/* Name of file where debugging output goes */
+extern void
+    SetNetTrace (char *);	/* Function to change where debugging goes */
+
+extern jmp_buf
+    peerdied,
+    toplevel;		/* For error conditions. */
+
+/* authenc.c */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+int telnet_net_write(unsigned char *str, int len);
+void net_encrypt(void);
+int telnet_spin(void);
+char *telnet_getenv(char *val);
+char *telnet_gets(char *prompt, char *result, int length, int echo);
+#endif
+
+/* commands.c */
+
+struct env_lst *env_define (unsigned char *, unsigned char *);
+struct env_lst *env_find(unsigned char *var);
+void env_init (void);
+void env_undefine (unsigned char *);
+void env_export (unsigned char *);
+void env_unexport (unsigned char *);
+void env_send (unsigned char *);
+void env_list (void);
+unsigned char * env_default(int init, int welldefined);
+unsigned char * env_getvalue(unsigned char *var);
+
+void set_escape_char(char *s);
+unsigned long sourceroute(char *arg, char **cpp, int *lenp);
+
+#if	defined(AUTHENTICATION)
+int auth_enable (char *);
+int auth_disable (char *);
+int auth_status (void);
+#endif
+
+#if defined(ENCRYPTION)
+int 	EncryptEnable (char *, char *);
+int 	EncryptDisable (char *, char *);
+int 	EncryptType (char *, char *);
+int 	EncryptStart (char *);
+int 	EncryptStartInput (void);
+int 	EncryptStartOutput (void);
+int 	EncryptStop (char *);
+int 	EncryptStopInput (void);
+int 	EncryptStopOutput (void);
+int 	EncryptStatus (void);
+#endif
+
+#ifdef SIGINFO
+void ayt_status(int);
+#endif
+int tn(int argc, char **argv);
+void command(int top, char *tbuf, int cnt);
+
+/* main.c */
+
+void tninit(void);
+void usage(void);
+
+/* network.c */
+
+void init_network(void);
+int stilloob(void);
+void setneturg(void);
+int netflush(void);
+
+/* sys_bsd.c */
+
+void init_sys(void);
+int TerminalWrite(char *buf, int n);
+int TerminalRead(unsigned char *buf, int n);
+int TerminalAutoFlush(void);
+int TerminalSpecialChars(int c);
+void TerminalFlushOutput(void);
+void TerminalSaveState(void);
+void TerminalDefaultChars(void);
+void TerminalNewMode(int f);
+cc_t *tcval(int func);
+void TerminalSpeeds(long *input_speed, long *output_speed);
+int TerminalWindowSize(long *rows, long *cols);
+int NetClose(int fd);
+void NetNonblockingIO(int fd, int onoff);
+int process_rings(int netin, int netout, int netex, int ttyin, int ttyout,
+		  int poll);
+
+/* telnet.c */
+
+void init_telnet(void);
+
+void tel_leave_binary(int rw);
+void tel_enter_binary(int rw);
+int opt_welldefined(char *ep);
+int telrcv(void);
+int rlogin_susp(void);
+void intp(void);
+void sendbrk(void);
+void sendabort(void);
+void sendsusp(void);
+void sendeof(void);
+void sendayt(void);
+
+void xmitAO(void);
+void xmitEL(void);
+void xmitEC(void);
+
+
+void     Dump (char, unsigned char *, int);
+void     printoption (char *, int, int);
+void     printsub (int, unsigned char *, int);
+void     sendnaws (void);
+void     setconnmode (int);
+void     setcommandmode (void);
+void     setneturg (void);
+void     sys_telnet_init (void);
+void     my_telnet (char *);
+void     tel_enter_binary (int);
+void     TerminalFlushOutput (void);
+void     TerminalNewMode (int);
+void     TerminalRestoreState (void);
+void     TerminalSaveState (void);
+void     tninit (void);
+void     willoption (int);
+void     wontoption (int);
+
+
+void     send_do (int, int);
+void     send_dont (int, int);
+void     send_will (int, int);
+void     send_wont (int, int);
+
+void     lm_will (unsigned char *, int);
+void     lm_wont (unsigned char *, int);
+void     lm_do (unsigned char *, int);
+void     lm_dont (unsigned char *, int);
+void     lm_mode (unsigned char *, int, int);
+
+void     slc_init (void);
+void     slcstate (void);
+void     slc_mode_export (void);
+void     slc_mode_import (int);
+void     slc_import (int);
+void     slc_export (void);
+void     slc (unsigned char *, int);
+void     slc_check (void);
+void     slc_start_reply (void);
+void     slc_add_reply (unsigned char, unsigned char, cc_t);
+void     slc_end_reply (void);
+int	 slc_update (void);
+
+void     env_opt (unsigned char *, int);
+void     env_opt_start (void);
+void     env_opt_start_info (void);
+void     env_opt_add (unsigned char *);
+void     env_opt_end (int);
+
+unsigned char     *env_default (int, int);
+unsigned char     *env_getvalue (unsigned char *);
+
+int get_status (void);
+int dosynch (void);
+
+cc_t *tcval (int);
+
+int quit (void);
+
+/* terminal.c */
+
+void init_terminal(void);
+int ttyflush(int drop);
+int getconnmode(void);
+
+/* utilities.c */
+
+int SetSockOpt(int fd, int level, int option, int yesno);
+void SetNetTrace(char *file);
+void Dump(char direction, unsigned char *buffer, int length);
+void printoption(char *direction, int cmd, int option);
+void optionstatus(void);
+void printsub(int direction, unsigned char *pointer, int length);
+void EmptyTerminal(void);
+void SetForExit(void);
+void Exit(int returnCode);
+void ExitString(char *string, int returnCode);
+
+extern struct	termios new_tc;
+
+# define termEofChar		new_tc.c_cc[VEOF]
+# define termEraseChar		new_tc.c_cc[VERASE]
+# define termIntChar		new_tc.c_cc[VINTR]
+# define termKillChar		new_tc.c_cc[VKILL]
+# define termQuitChar		new_tc.c_cc[VQUIT]
+
+# ifndef	VSUSP
+extern cc_t termSuspChar;
+# else
+#  define termSuspChar		new_tc.c_cc[VSUSP]
+# endif
+# if	defined(VFLUSHO) && !defined(VDISCARD)
+#  define VDISCARD VFLUSHO
+# endif
+# ifndef	VDISCARD
+extern cc_t termFlushChar;
+# else
+#  define termFlushChar		new_tc.c_cc[VDISCARD]
+# endif
+# ifndef VWERASE
+extern cc_t termWerasChar;
+# else
+#  define termWerasChar		new_tc.c_cc[VWERASE]
+# endif
+# ifndef	VREPRINT
+extern cc_t termRprntChar;
+# else
+#  define termRprntChar		new_tc.c_cc[VREPRINT]
+# endif
+# ifndef	VLNEXT
+extern cc_t termLiteralNextChar;
+# else
+#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
+# endif
+# ifndef	VSTART
+extern cc_t termStartChar;
+# else
+#  define termStartChar		new_tc.c_cc[VSTART]
+# endif
+# ifndef	VSTOP
+extern cc_t termStopChar;
+# else
+#  define termStopChar		new_tc.c_cc[VSTOP]
+# endif
+# ifndef	VEOL
+extern cc_t termForw1Char;
+# else
+#  define termForw1Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VEOL2
+extern cc_t termForw2Char;
+# else
+#  define termForw2Char		new_tc.c_cc[VEOL]
+# endif
+# ifndef	VSTATUS
+extern cc_t termAytChar;
+#else
+#  define termAytChar		new_tc.c_cc[VSTATUS]
+#endif
+
+/* Ring buffer structures which are shared */
+
+extern Ring
+    netoring,
+    netiring,
+    ttyoring,
+    ttyiring;
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c
new file mode 100644
index 0000000..2c896eb
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/main.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+static char *copyright[] = {
+    "@(#) Copyright (c) 1988, 1990, 1993\n"
+    "\tThe Regents of the University of California.  All rights reserved.\n",
+    (char*)copyright
+};
+
+#include "telnet_locl.h"
+RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $");
+
+/* These values need to be the same as defined in libtelnet/kerberos5.c */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS	0x00000002
+#define OPTS_FORWARDABLE_CREDS	0x00000001
+
+#if KRB5
+#define FORWARD
+#endif
+
+/*
+ * Initialize variables.
+ */
+void
+tninit(void)
+{
+    init_terminal();
+
+    init_network();
+
+    init_telnet();
+
+    init_sys();
+}
+
+void
+usage(void)
+{
+  fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
+#ifdef	AUTHENTICATION
+	  "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
+	  "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
+#else
+	  "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
+	  "\n\t[-n tracefile]",
+#endif
+	  "[-r] ",
+#ifdef	ENCRYPTION
+	  "[-x] [host-name [port]]"
+#else
+	  "[host-name [port]]"
+#endif
+    );
+  exit(1);
+}
+
+/*
+ * main.  Parse arguments, invoke the protocol or command parser.
+ */
+
+
+#ifdef KRB5
+/* XXX ugly hack to setup dns-proxy stuff */
+#define Authenticator asn1_Authenticator
+#include <krb5.h>
+static void
+krb5_init(void)
+{
+    krb5_context context;
+    krb5_init_context(&context);
+    krb5_free_context(context);
+    
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+	int ch;
+	char *user;
+#ifdef	FORWARD
+	extern int forward_flags;
+#endif	/* FORWARD */
+
+#ifdef KRB5
+	krb5_init();
+#endif
+	
+	tninit();		/* Clear out things */
+
+	TerminalSaveState();
+
+	if ((prompt = strrchr(argv[0], '/')))
+		++prompt;
+	else
+		prompt = argv[0];
+
+	user = NULL;
+
+	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
+
+	/* 
+	 * if AUTHENTICATION and ENCRYPTION is set autologin will be
+	 * se to true after the getopt switch; unless the -K option is
+	 * passed 
+	 */
+	autologin = -1;
+
+	while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) {
+		switch(ch) {
+		case '8':
+			eight = 3;	/* binary output and input */
+			break;
+		case '7':
+			eight = 0;
+			break;
+		case 'b':
+		    binary = 3;
+		    break;
+		case 'D': {
+		    /* sometimes we don't want a mangled display */
+		    char *p;
+		    if((p = getenv("DISPLAY")))
+			env_define("DISPLAY", (unsigned char*)p);
+		    break;
+		}
+		case 'E':
+			rlogin = escape = _POSIX_VDISABLE;
+			break;
+		case 'K':
+#ifdef	AUTHENTICATION
+			autologin = 0;
+#endif
+			break;
+		case 'L':
+			eight |= 2;	/* binary output only */
+			break;
+		case 'S':
+		    {
+#ifdef	HAVE_PARSETOS
+			extern int tos;
+
+			if ((tos = parsetos(optarg, "tcp")) < 0)
+				fprintf(stderr, "%s%s%s%s\n",
+					prompt, ": Bad TOS argument '",
+					optarg,
+					"; will try to use default TOS");
+#else
+			fprintf(stderr,
+			   "%s: Warning: -S ignored, no parsetos() support.\n",
+								prompt);
+#endif
+		    }
+			break;
+		case 'X':
+#ifdef	AUTHENTICATION
+			auth_disable_name(optarg);
+#endif
+			break;
+		case 'a':
+			autologin = 1;
+			break;
+		case 'c':
+			skiprc = 1;
+			break;
+		case 'd':
+			debug = 1;
+			break;
+		case 'e':
+			set_escape_char(optarg);
+			break;
+		case 'f':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'F':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+			if (forward_flags & OPTS_FORWARD_CREDS) {
+			    fprintf(stderr,
+				    "%s: Only one of -f and -F allowed.\n",
+				    prompt);
+			    usage();
+			}
+			forward_flags |= OPTS_FORWARD_CREDS;
+			forward_flags |= OPTS_FORWARDABLE_CREDS;
+#else
+			fprintf(stderr,
+			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
+				prompt);
+#endif
+			break;
+		case 'k':
+#if defined(AUTHENTICATION) && defined(KRB4)
+		    {
+			extern char *dest_realm, dst_realm_buf[];
+			extern int dst_realm_sz;
+			dest_realm = dst_realm_buf;
+			strcpy_truncate(dest_realm, optarg, dst_realm_sz);
+		    }
+#else
+			fprintf(stderr,
+			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
+								prompt);
+#endif
+			break;
+		case 'l':
+		  if(autologin == 0){
+		    fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
+		    autologin = -1;
+		  }
+			user = optarg;
+			break;
+		case 'n':
+				SetNetTrace(optarg);
+			break;
+		case 'r':
+			rlogin = '~';
+			break;
+		case 'x':
+#ifdef	ENCRYPTION
+			encrypt_auto(1);
+			decrypt_auto(1);
+			EncryptVerbose(1);
+#else
+			fprintf(stderr,
+			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
+								prompt);
+#endif
+			break;
+		case '?':
+		default:
+			usage();
+			/* NOTREACHED */
+		}
+	}
+
+	if (autologin == -1) {		/* esc@magic.fi; force  */
+#if defined(AUTHENTICATION)
+		autologin = 1;
+#endif
+#if defined(ENCRYPTION)
+		encrypt_auto(1);
+		decrypt_auto(1);
+#endif
+	}
+
+	if (autologin == -1)
+		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc) {
+		char *args[7], **argp = args;
+
+		if (argc > 2)
+			usage();
+		*argp++ = prompt;
+		if (user) {
+			*argp++ = "-l";
+			*argp++ = user;
+		}
+		*argp++ = argv[0];		/* host */
+		if (argc > 1)
+			*argp++ = argv[1];	/* port */
+		*argp = 0;
+
+		if (setjmp(toplevel) != 0)
+			Exit(0);
+		if (tn(argp - args, args) == 1)
+			return (0);
+		else
+			return (1);
+	}
+	setjmp(toplevel);
+	for (;;) {
+			command(1, 0, 0);
+	}
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c
new file mode 100644
index 0000000..faacc30
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/network.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+
+Ring		netoring, netiring;
+unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
+
+/*
+ * Initialize internal network data structures.
+ */
+
+void
+init_network(void)
+{
+    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
+	exit(1);
+    }
+    NetTrace = stdout;
+}
+
+
+/*
+ * Check to see if any out-of-band data exists on a socket (for
+ * Telnet "synch" processing).
+ */
+
+int
+stilloob(void)
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(net, &excepts);
+	value = select(net+1, 0, 0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	perror("select");
+	quit();
+	/* NOTREACHED */
+    }
+    if (FD_ISSET(net, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+
+/*
+ *  setneturg()
+ *
+ *	Sets "neturg" to the current location.
+ */
+
+void
+setneturg(void)
+{
+    ring_mark(&netoring);
+}
+
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ *
+ *		The return value indicates whether we did any
+ *	useful work.
+ */
+
+
+int
+netflush(void)
+{
+    int n, n1;
+
+#if	defined(ENCRYPTION)
+    if (encrypt_output)
+	ring_encrypt(&netoring, encrypt_output);
+#endif
+    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
+	if (!ring_at_mark(&netoring)) {
+	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
+	} else {
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
+	}
+    }
+    if (n < 0) {
+	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
+	    setcommandmode();
+	    perror(hostname);
+	    NetClose(net);
+	    ring_clear_mark(&netoring);
+	    longjmp(peerdied, -1);
+	    /*NOTREACHED*/
+	}
+	n = 0;
+    }
+    if (netdata && n) {
+	Dump('>', netoring.consume, n);
+    }
+    if (n) {
+	ring_consumed(&netoring, n);
+	/*
+	 * If we sent all, and more to send, then recurse to pick
+	 * up the other half.
+	 */
+	if ((n1 == n) && ring_full_consecutive(&netoring)) {
+	    netflush();
+	}
+	return 1;
+    } else {
+	return 0;
+    }
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/ring.c b/crypto/kerberosIV/appl/telnet/telnet/ring.c
new file mode 100644
index 0000000..d791476
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/ring.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: ring.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+
+/* Internal macros */
+
+#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
+					(a)-(b): (((a)-(b))+(d)->size))
+
+#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
+					(a)+(c) : (((a)+(c))-(d)->size))
+
+#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
+					(a)-(c) : (((a)-(c))-(d)->size))
+
+
+/*
+ * The following is a clock, used to determine full, empty, etc.
+ *
+ * There is some trickiness here.  Since the ring buffers are initialized
+ * to ZERO on allocation, we need to make sure, when interpreting the
+ * clock, that when the times are EQUAL, then the buffer is FULL.
+ */
+static u_long ring_clock = 0;
+
+
+#define	ring_empty(d) (((d)->consume == (d)->supply) && \
+				((d)->consumetime >= (d)->supplytime))
+#define	ring_full(d) (((d)->supply == (d)->consume) && \
+				((d)->supplytime > (d)->consumetime))
+
+
+
+
+
+/* Buffer state transition routines */
+
+int
+ring_init(Ring *ring, unsigned char *buffer, int count)
+{
+    memset(ring, 0, sizeof *ring);
+
+    ring->size = count;
+
+    ring->supply = ring->consume = ring->bottom = buffer;
+
+    ring->top = ring->bottom+ring->size;
+
+#if	defined(ENCRYPTION)
+    ring->clearto = 0;
+#endif
+
+    return 1;
+}
+
+/* Mark routines */
+
+/*
+ * Mark the most recently supplied byte.
+ */
+
+void
+ring_mark(Ring *ring)
+{
+    ring->mark = ring_decrement(ring, ring->supply, 1);
+}
+
+/*
+ * Is the ring pointing to the mark?
+ */
+
+int
+ring_at_mark(Ring *ring)
+{
+    if (ring->mark == ring->consume) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+/*
+ * Clear any mark set on the ring.
+ */
+
+void
+ring_clear_mark(Ring *ring)
+{
+    ring->mark = 0;
+}
+
+/*
+ * Add characters from current segment to ring buffer.
+ */
+void
+ring_supplied(Ring *ring, int count)
+{
+    ring->supply = ring_increment(ring, ring->supply, count);
+    ring->supplytime = ++ring_clock;
+}
+
+/*
+ * We have just consumed "c" bytes.
+ */
+void
+ring_consumed(Ring *ring, int count)
+{
+    if (count == 0)	/* don't update anything */
+	return;
+
+    if (ring->mark &&
+		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
+	ring->mark = 0;
+    }
+#if	defined(ENCRYPTION)
+    if (ring->consume < ring->clearto &&
+		ring->clearto <= ring->consume + count)
+	ring->clearto = 0;
+    else if (ring->consume + count > ring->top &&
+		ring->bottom <= ring->clearto &&
+		ring->bottom + ((ring->consume + count) - ring->top))
+	ring->clearto = 0;
+#endif
+    ring->consume = ring_increment(ring, ring->consume, count);
+    ring->consumetime = ++ring_clock;
+    /*
+     * Try to encourage "ring_empty_consecutive()" to be large.
+     */
+    if (ring_empty(ring)) {
+	ring->consume = ring->supply = ring->bottom;
+    }
+}
+
+
+
+/* Buffer state query routines */
+
+
+/* Number of bytes that may be supplied */
+int
+ring_empty_count(Ring *ring)
+{
+    if (ring_empty(ring)) {	/* if empty */
+	    return ring->size;
+    } else {
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* number of CONSECUTIVE bytes that may be supplied */
+int
+ring_empty_consecutive(Ring *ring)
+{
+    if ((ring->consume < ring->supply) || ring_empty(ring)) {
+			    /*
+			     * if consume is "below" supply, or empty, then
+			     * return distance to the top
+			     */
+	return ring_subtract(ring, ring->top, ring->supply);
+    } else {
+				    /*
+				     * else, return what we may.
+				     */
+	return ring_subtract(ring, ring->consume, ring->supply);
+    }
+}
+
+/* Return the number of bytes that are available for consuming
+ * (but don't give more than enough to get to cross over set mark)
+ */
+
+int
+ring_full_count(Ring *ring)
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if (ring_full(ring)) {
+	    return ring->size;	/* nothing consumed, but full */
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	return ring_subtract(ring, ring->mark, ring->consume);
+    }
+}
+
+/*
+ * Return the number of CONSECUTIVE bytes available for consuming.
+ * However, don't return more than enough to cross over set mark.
+ */
+int
+ring_full_consecutive(Ring *ring)
+{
+    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+	if ((ring->supply < ring->consume) || ring_full(ring)) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {
+	    return ring_subtract(ring, ring->supply, ring->consume);
+	}
+    } else {
+	if (ring->mark < ring->consume) {
+	    return ring_subtract(ring, ring->top, ring->consume);
+	} else {	/* Else, distance to mark */
+	    return ring_subtract(ring, ring->mark, ring->consume);
+	}
+    }
+}
+
+/*
+ * Move data into the "supply" portion of of the ring buffer.
+ */
+void
+ring_supply_data(Ring *ring, unsigned char *buffer, int count)
+{
+    int i;
+
+    while (count) {
+	i = min(count, ring_empty_consecutive(ring));
+	memmove(ring->supply, buffer, i);
+	ring_supplied(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+
+#ifdef notdef
+
+/*
+ * Move data from the "consume" portion of the ring buffer
+ */
+void
+ring_consume_data(Ring *ring, unsigned char *buffer, int count)
+{
+    int i;
+
+    while (count) {
+	i = min(count, ring_full_consecutive(ring));
+	memmove(buffer, ring->consume, i);
+	ring_consumed(ring, i);
+	count -= i;
+	buffer += i;
+    }
+}
+#endif
+
+#if	defined(ENCRYPTION)
+void
+ring_encrypt(Ring *ring, void (*encryptor)())
+{
+    unsigned char *s, *c;
+
+    if (ring_empty(ring) || ring->clearto == ring->supply)
+	return;
+
+    if (!(c = ring->clearto))
+	c = ring->consume;
+
+    s = ring->supply;
+
+    if (s <= c) {
+	(*encryptor)(c, ring->top - c);
+	(*encryptor)(ring->bottom, s - ring->bottom);
+    } else
+	(*encryptor)(c, s - c);
+
+    ring->clearto = ring->supply;
+}
+
+void
+ring_clearto(Ring *ring)
+{
+    if (!ring_empty(ring))
+	ring->clearto = ring->supply;
+    else
+	ring->clearto = 0;
+}
+#endif
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/ring.h b/crypto/kerberosIV/appl/telnet/telnet/ring.h
new file mode 100644
index 0000000..fa7ad18
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/ring.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ring.h	8.1 (Berkeley) 6/6/93
+ */
+
+/* $Id: ring.h,v 1.3 1997/05/04 04:01:09 assar Exp $ */
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ *	full:	[consume, supply)
+ *	empty:	[supply, consume)
+ *]]]
+ *
+ */
+typedef struct {
+    unsigned char	*consume,	/* where data comes out of */
+			*supply,	/* where data comes in to */
+			*bottom,	/* lowest address in buffer */
+			*top,		/* highest address+1 in buffer */
+			*mark;		/* marker (user defined) */
+#if	defined(ENCRYPTION)
+    unsigned char	*clearto;	/* Data to this point is clear text */
+    unsigned char	*encryyptedto;	/* Data is encrypted to here */
+#endif
+    int		size;		/* size in bytes of buffer */
+    u_long	consumetime,	/* help us keep straight full, empty, etc. */
+		supplytime;
+} Ring;
+
+/* Here are some functions and macros to deal with the ring buffer */
+
+/* Initialization routine */
+extern int
+	ring_init (Ring *ring, unsigned char *buffer, int count);
+
+/* Data movement routines */
+extern void
+	ring_supply_data (Ring *ring, unsigned char *buffer, int count);
+#ifdef notdef
+extern void
+	ring_consume_data (Ring *ring, unsigned char *buffer, int count);
+#endif
+
+/* Buffer state transition routines */
+extern void
+	ring_supplied (Ring *ring, int count),
+	ring_consumed (Ring *ring, int count);
+
+/* Buffer state query routines */
+extern int
+	ring_empty_count (Ring *ring),
+	ring_empty_consecutive (Ring *ring),
+	ring_full_count (Ring *ring),
+	ring_full_consecutive (Ring *ring);
+
+#if	defined(ENCRYPTION)
+extern void
+	ring_encrypt (Ring *ring, void (*func)()),
+	ring_clearto (Ring *ring);
+#endif
+
+extern int ring_at_mark(Ring *ring);
+
+extern void
+    ring_clear_mark(Ring *ring),
+    ring_mark(Ring *ring);
diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
new file mode 100644
index 0000000..334ef04
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $");
+
+/*
+ * The following routines try to encapsulate what is system dependent
+ * (at least between 4.x and dos) which is used in telnet.c.
+ */
+
+int
+	tout,			/* Output file descriptor */
+	tin,			/* Input file descriptor */
+	net;
+
+struct	termios old_tc = { 0 };
+extern struct termios new_tc;
+
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
+#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
+#  ifdef CIBAUD
+#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
+#  else
+#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
+#  endif
+# endif /* TCSANOW */
+
+static fd_set ibits, obits, xbits;
+
+
+void
+init_sys(void)
+{
+    tout = fileno(stdout);
+    tin = fileno(stdin);
+    FD_ZERO(&ibits);
+    FD_ZERO(&obits);
+    FD_ZERO(&xbits);
+
+    errno = 0;
+}
+
+
+int
+TerminalWrite(char *buf, int n)
+{
+    return write(tout, buf, n);
+}
+
+int
+TerminalRead(unsigned char *buf, int n)
+{
+    return read(tin, buf, n);
+}
+
+/*
+ *
+ */
+
+int
+TerminalAutoFlush(void)
+{
+#if	defined(LNOFLSH)
+    int flush;
+
+    ioctl(0, TIOCLGET, (char *)&flush);
+    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
+#else	/* LNOFLSH */
+    return 1;
+#endif	/* LNOFLSH */
+}
+
+#ifdef	KLUDGELINEMODE
+extern int kludgelinemode;
+#endif
+/*
+ * TerminalSpecialChars()
+ *
+ * Look at an input character to see if it is a special character
+ * and decide what to do.
+ *
+ * Output:
+ *
+ *	0	Don't add this character.
+ *	1	Do add this character
+ */
+
+int
+TerminalSpecialChars(int c)
+{
+    if (c == termIntChar) {
+	intp();
+	return 0;
+    } else if (c == termQuitChar) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return 0;
+    } else if (c == termEofChar) {
+	if (my_want_state_is_will(TELOPT_LINEMODE)) {
+	    sendeof();
+	    return 0;
+	}
+	return 1;
+    } else if (c == termSuspChar) {
+	sendsusp();
+	return(0);
+    } else if (c == termFlushChar) {
+	xmitAO();		/* Transmit Abort Output */
+	return 0;
+    } else if (!MODE_LOCAL_CHARS(globalmode)) {
+	if (c == termKillChar) {
+	    xmitEL();
+	    return 0;
+	} else if (c == termEraseChar) {
+	    xmitEC();		/* Transmit Erase Character */
+	    return 0;
+	}
+    }
+    return 1;
+}
+
+
+/*
+ * Flush output to the terminal
+ */
+
+void
+TerminalFlushOutput(void)
+{
+#ifdef	TIOCFLUSH
+    ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
+#else
+    ioctl(fileno(stdout), TCFLSH, (char *) 0);
+#endif
+}
+
+void
+TerminalSaveState(void)
+{
+    tcgetattr(0, &old_tc);
+
+    new_tc = old_tc;
+
+#ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+#endif
+#ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+#endif
+#ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+#endif
+#ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+#endif
+#ifndef	VSTART
+    termStartChar = CONTROL('Q');
+#endif
+#ifndef	VSTOP
+    termStopChar = CONTROL('S');
+#endif
+#ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+#endif
+}
+
+cc_t*
+tcval(int func)
+{
+    switch(func) {
+    case SLC_IP:	return(&termIntChar);
+    case SLC_ABORT:	return(&termQuitChar);
+    case SLC_EOF:	return(&termEofChar);
+    case SLC_EC:	return(&termEraseChar);
+    case SLC_EL:	return(&termKillChar);
+    case SLC_XON:	return(&termStartChar);
+    case SLC_XOFF:	return(&termStopChar);
+    case SLC_FORW1:	return(&termForw1Char);
+    case SLC_FORW2:	return(&termForw2Char);
+# ifdef	VDISCARD
+    case SLC_AO:	return(&termFlushChar);
+# endif
+# ifdef	VSUSP
+    case SLC_SUSP:	return(&termSuspChar);
+# endif
+# ifdef	VWERASE
+    case SLC_EW:	return(&termWerasChar);
+# endif
+# ifdef	VREPRINT
+    case SLC_RP:	return(&termRprntChar);
+# endif
+# ifdef	VLNEXT
+    case SLC_LNEXT:	return(&termLiteralNextChar);
+# endif
+# ifdef	VSTATUS
+    case SLC_AYT:	return(&termAytChar);
+# endif
+
+    case SLC_SYNCH:
+    case SLC_BRK:
+    case SLC_EOR:
+    default:
+	return((cc_t *)0);
+    }
+}
+
+void
+TerminalDefaultChars(void)
+{
+    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
+# ifndef	VDISCARD
+    termFlushChar = CONTROL('O');
+# endif
+# ifndef	VWERASE
+    termWerasChar = CONTROL('W');
+# endif
+# ifndef	VREPRINT
+    termRprntChar = CONTROL('R');
+# endif
+# ifndef	VLNEXT
+    termLiteralNextChar = CONTROL('V');
+# endif
+# ifndef	VSTART
+    termStartChar = CONTROL('Q');
+# endif
+# ifndef	VSTOP
+    termStopChar = CONTROL('S');
+# endif
+# ifndef	VSTATUS
+    termAytChar = CONTROL('T');
+# endif
+}
+
+#ifdef notdef
+void
+TerminalRestoreState()
+{
+}
+#endif
+
+/*
+ * TerminalNewMode - set up terminal to a specific mode.
+ *	MODE_ECHO: do local terminal echo
+ *	MODE_FLOW: do local flow control
+ *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
+ *	MODE_EDIT: do local line editing
+ *
+ *	Command mode:
+ *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
+ *		local echo
+ *		local editing
+ *		local xon/xoff
+ *		local signal mapping
+ *
+ *	Linemode:
+ *		local/no editing
+ *	Both Linemode and Single Character mode:
+ *		local/remote echo
+ *		local/no xon/xoff
+ *		local/no signal mapping
+ */
+
+
+#ifdef	SIGTSTP
+static RETSIGTYPE susp();
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+static RETSIGTYPE ayt();
+#endif
+
+void
+TerminalNewMode(int f)
+{
+    static int prevmode = 0;
+    struct termios tmp_tc;
+    int onoff;
+    int old;
+    cc_t esc;
+
+    globalmode = f&~MODE_FORCE;
+    if (prevmode == f)
+	return;
+
+    /*
+     * Write any outstanding data before switching modes
+     * ttyflush() returns 0 only when there is no more data
+     * left to write out, it returns -1 if it couldn't do
+     * anything at all, otherwise it returns 1 + the number
+     * of characters left to write.
+     */
+    old = ttyflush(SYNCHing|flushout);
+    if (old < 0 || old > 1) {
+	tcgetattr(tin, &tmp_tc);
+	do {
+	    /*
+	     * Wait for data to drain, then flush again.
+	     */
+	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
+	    old = ttyflush(SYNCHing|flushout);
+	} while (old < 0 || old > 1);
+    }
+
+    old = prevmode;
+    prevmode = f&~MODE_FORCE;
+    tmp_tc = new_tc;
+
+    if (f&MODE_ECHO) {
+	tmp_tc.c_lflag |= ECHO;
+	tmp_tc.c_oflag |= ONLCR;
+	if (crlf)
+		tmp_tc.c_iflag |= ICRNL;
+    } else {
+	tmp_tc.c_lflag &= ~ECHO;
+	tmp_tc.c_oflag &= ~ONLCR;
+# ifdef notdef
+	if (crlf)
+		tmp_tc.c_iflag &= ~ICRNL;
+# endif
+    }
+
+    if ((f&MODE_FLOW) == 0) {
+	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
+    } else {
+	if (restartany < 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
+	} else if (restartany > 0) {
+		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
+	} else {
+		tmp_tc.c_iflag |= IXOFF|IXON;
+		tmp_tc.c_iflag &= ~IXANY;
+	}
+    }
+
+    if ((f&MODE_TRAPSIG) == 0) {
+	tmp_tc.c_lflag &= ~ISIG;
+	localchars = 0;
+    } else {
+	tmp_tc.c_lflag |= ISIG;
+	localchars = 1;
+    }
+
+    if (f&MODE_EDIT) {
+	tmp_tc.c_lflag |= ICANON;
+    } else {
+	tmp_tc.c_lflag &= ~ICANON;
+	tmp_tc.c_iflag &= ~ICRNL;
+	tmp_tc.c_cc[VMIN] = 1;
+	tmp_tc.c_cc[VTIME] = 0;
+    }
+
+    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
+# ifdef VLNEXT
+	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
+# endif
+    }
+
+    if (f&MODE_SOFT_TAB) {
+# ifdef	OXTABS
+	tmp_tc.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+	tmp_tc.c_oflag |= TAB3;
+# endif
+    } else {
+# ifdef	OXTABS
+	tmp_tc.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+	tmp_tc.c_oflag &= ~TABDLY;
+# endif
+    }
+
+    if (f&MODE_LIT_ECHO) {
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag &= ~ECHOCTL;
+# endif
+    } else {
+# ifdef	ECHOCTL
+	tmp_tc.c_lflag |= ECHOCTL;
+# endif
+    }
+
+    if (f == -1) {
+	onoff = 0;
+    } else {
+	if (f & MODE_INBIN)
+		tmp_tc.c_iflag &= ~ISTRIP;
+	else
+		tmp_tc.c_iflag |= ISTRIP;
+	if ((f & MODE_OUTBIN) || (f & MODE_OUT8)) {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= CS8;
+		if(f & MODE_OUTBIN)
+		    tmp_tc.c_oflag &= ~OPOST;
+		else
+		    tmp_tc.c_oflag |= OPOST;
+	} else {
+		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
+		tmp_tc.c_oflag |= OPOST;
+	}
+	onoff = 1;
+    }
+
+    if (f != -1) {
+
+#ifdef	SIGTSTP
+	signal(SIGTSTP, susp);
+#endif	/* SIGTSTP */
+#ifdef	SIGINFO
+	signal(SIGINFO, ayt);
+#endif
+#ifdef NOKERNINFO
+	tmp_tc.c_lflag |= NOKERNINFO;
+#endif
+	/*
+	 * We don't want to process ^Y here.  It's just another
+	 * character that we'll pass on to the back end.  It has
+	 * to process it because it will be processed when the
+	 * user attempts to read it, not when we send it.
+	 */
+# ifdef	VDSUSP
+	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
+# endif
+	/*
+	 * If the VEOL character is already set, then use VEOL2,
+	 * otherwise use VEOL.
+	 */
+	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
+	if ((tmp_tc.c_cc[VEOL] != esc)
+# ifdef	VEOL2
+	    && (tmp_tc.c_cc[VEOL2] != esc)
+# endif
+	    ) {
+		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL] = esc;
+# ifdef	VEOL2
+		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
+		    tmp_tc.c_cc[VEOL2] = esc;
+# endif
+	}
+    } else {
+        sigset_t sm;
+#ifdef	SIGINFO
+	RETSIGTYPE ayt_status();
+
+	signal(SIGINFO, ayt_status);
+#endif
+#ifdef	SIGTSTP
+	signal(SIGTSTP, SIG_DFL);
+	sigemptyset(&sm);
+	sigaddset(&sm, SIGTSTP);
+	sigprocmask(SIG_UNBLOCK, &sm, NULL);
+#endif	/* SIGTSTP */
+	tmp_tc = old_tc;
+    }
+    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
+	tcsetattr(tin, TCSANOW, &tmp_tc);
+
+    ioctl(tin, FIONBIO, (char *)&onoff);
+    ioctl(tout, FIONBIO, (char *)&onoff);
+
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+#ifndef	B7200
+#define B7200   B4800
+#endif
+
+#ifndef	B14400
+#define B14400  B9600
+#endif
+
+#ifndef	B19200
+# define B19200 B14400
+#endif
+
+#ifndef	B28800
+#define B28800  B19200
+#endif
+
+#ifndef	B38400
+# define B38400 B28800
+#endif
+
+#ifndef B57600
+#define B57600  B38400
+#endif
+
+#ifndef B76800
+#define B76800  B57600
+#endif
+
+#ifndef B115200
+#define B115200 B76800
+#endif
+
+#ifndef B230400
+#define B230400 B115200
+#endif
+
+
+/*
+ * This code assumes that the values B0, B50, B75...
+ * are in ascending order.  They do not have to be
+ * contiguous.
+ */
+struct termspeeds {
+	long speed;
+	long value;
+} termspeeds[] = {
+	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
+	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
+	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
+	{ 230400, B230400 }, { -1,    B230400 }
+};
+#endif	/* DECODE_BAUD */
+
+void
+TerminalSpeeds(long *input_speed, long *output_speed)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+#endif	/* DECODE_BAUD */
+    long in, out;
+
+    out = cfgetospeed(&old_tc);
+    in = cfgetispeed(&old_tc);
+    if (in == 0)
+	in = out;
+
+#ifdef	DECODE_BAUD
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < in))
+	tp++;
+    *input_speed = tp->speed;
+
+    tp = termspeeds;
+    while ((tp->speed != -1) && (tp->value < out))
+	tp++;
+    *output_speed = tp->speed;
+#else	/* DECODE_BAUD */
+	*input_speed = in;
+	*output_speed = out;
+#endif	/* DECODE_BAUD */
+}
+
+int
+TerminalWindowSize(long *rows, long *cols)
+{
+    struct winsize ws;
+
+    if (get_window_size (STDIN_FILENO, &ws) == 0) {
+	*rows = ws.ws_row;
+	*cols = ws.ws_col;
+	return 1;
+    } else
+	return 0;
+}
+
+int
+NetClose(int fd)
+{
+    return close(fd);
+}
+
+
+void
+NetNonblockingIO(int fd, int onoff)
+{
+    ioctl(fd, FIONBIO, (char *)&onoff);
+}
+
+
+/*
+ * Various signal handling routines.
+ */
+
+static RETSIGTYPE deadpeer(int),
+  intr(int), intr2(int), susp(int), sendwin(int);
+#ifdef SIGINFO
+static RETSIGTYPE ayt(int);
+#endif
+  
+
+    /* ARGSUSED */
+static RETSIGTYPE
+deadpeer(int sig)
+{
+	setcommandmode();
+	longjmp(peerdied, -1);
+}
+
+    /* ARGSUSED */
+static RETSIGTYPE
+intr(int sig)
+{
+    if (localchars) {
+	intp();
+	return;
+    }
+    setcommandmode();
+    longjmp(toplevel, -1);
+}
+
+    /* ARGSUSED */
+static RETSIGTYPE
+intr2(int sig)
+{
+    if (localchars) {
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode)
+	    sendbrk();
+	else
+#endif
+	    sendabort();
+	return;
+    }
+}
+
+#ifdef	SIGTSTP
+    /* ARGSUSED */
+static RETSIGTYPE
+susp(int sig)
+{
+    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
+	return;
+    if (localchars)
+	sendsusp();
+}
+#endif
+
+#ifdef	SIGWINCH
+    /* ARGSUSED */
+static RETSIGTYPE
+sendwin(int sig)
+{
+    if (connected) {
+	sendnaws();
+    }
+}
+#endif
+
+#ifdef	SIGINFO
+    /* ARGSUSED */
+static RETSIGTYPE
+ayt(int sig)
+{
+    if (connected)
+	sendayt();
+    else
+	ayt_status(sig);
+}
+#endif
+
+
+void
+sys_telnet_init(void)
+{
+    signal(SIGINT, intr);
+    signal(SIGQUIT, intr2);
+    signal(SIGPIPE, deadpeer);
+#ifdef	SIGWINCH
+    signal(SIGWINCH, sendwin);
+#endif
+#ifdef	SIGTSTP
+    signal(SIGTSTP, susp);
+#endif
+#ifdef	SIGINFO
+    signal(SIGINFO, ayt);
+#endif
+
+    setconnmode(0);
+
+    NetNonblockingIO(net, 1);
+
+
+#if	defined(SO_OOBINLINE)
+    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
+	perror("SetSockOpt");
+    }
+#endif	/* defined(SO_OOBINLINE) */
+}
+
+/*
+ * Process rings -
+ *
+ *	This routine tries to fill up/empty our various rings.
+ *
+ *	The parameter specifies whether this is a poll operation,
+ *	or a block-until-something-happens operation.
+ *
+ *	The return value is 1 if something happened, 0 if not.
+ */
+
+int
+process_rings(int netin,
+	      int netout,
+	      int netex,
+	      int ttyin,
+	      int ttyout,
+	      int poll) /* If 0, then block until something to do */
+{
+    int c;
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue = 0;
+    static struct timeval TimeValue = { 0 };
+
+    if (netout) {
+	FD_SET(net, &obits);
+    }
+    if (ttyout) {
+	FD_SET(tout, &obits);
+    }
+    if (ttyin) {
+	FD_SET(tin, &ibits);
+    }
+    if (netin) {
+	FD_SET(net, &ibits);
+    }
+#if !defined(SO_OOBINLINE)
+    if (netex) {
+	FD_SET(net, &xbits);
+    }
+#endif
+    if ((c = select(16, &ibits, &obits, &xbits,
+			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
+	if (c == -1) {
+		    /*
+		     * we can get EINTR if we are in line mode,
+		     * and the user does an escape (TSTP), or
+		     * some other signal generator.
+		     */
+	    if (errno == EINTR) {
+		return 0;
+	    }
+		    /* I don't like this, does it ever happen? */
+	    printf("sleep(5) from telnet, after select\r\n");
+	    sleep(5);
+	}
+	return 0;
+    }
+
+    /*
+     * Any urgent data?
+     */
+    if (FD_ISSET(net, &xbits)) {
+	FD_CLR(net, &xbits);
+	SYNCHing = 1;
+	ttyflush(1);	/* flush already enqueued data */
+    }
+
+    /*
+     * Something to read from the network...
+     */
+    if (FD_ISSET(net, &ibits)) {
+	int canread;
+
+	FD_CLR(net, &ibits);
+	canread = ring_empty_consecutive(&netiring);
+#if	!defined(SO_OOBINLINE)
+	    /*
+	     * In 4.2 (and some early 4.3) systems, the
+	     * OOB indication and data handling in the kernel
+	     * is such that if two separate TCP Urgent requests
+	     * come in, one byte of TCP data will be overlaid.
+	     * This is fatal for Telnet, but we try to live
+	     * with it.
+	     *
+	     * In addition, in 4.2 (and...), a special protocol
+	     * is needed to pick up the TCP Urgent data in
+	     * the correct sequence.
+	     *
+	     * What we do is:  if we think we are in urgent
+	     * mode, we look to see if we are "at the mark".
+	     * If we are, we do an OOB receive.  If we run
+	     * this twice, we will do the OOB receive twice,
+	     * but the second will fail, since the second
+	     * time we were "at the mark", but there wasn't
+	     * any data there (the kernel doesn't reset
+	     * "at the mark" until we do a normal read).
+	     * Once we've read the OOB data, we go ahead
+	     * and do normal reads.
+	     *
+	     * There is also another problem, which is that
+	     * since the OOB byte we read doesn't put us
+	     * out of OOB state, and since that byte is most
+	     * likely the TELNET DM (data mark), we would
+	     * stay in the TELNET SYNCH (SYNCHing) state.
+	     * So, clocks to the rescue.  If we've "just"
+	     * received a DM, then we test for the
+	     * presence of OOB data when the receive OOB
+	     * fails (and AFTER we did the normal mode read
+	     * to clear "at the mark").
+	     */
+	if (SYNCHing) {
+	    int atmark;
+	    static int bogus_oob = 0, first = 1;
+
+	    ioctl(net, SIOCATMARK, (char *)&atmark);
+	    if (atmark) {
+		c = recv(net, netiring.supply, canread, MSG_OOB);
+		if ((c == -1) && (errno == EINVAL)) {
+		    c = recv(net, netiring.supply, canread, 0);
+		    if (clocks.didnetreceive < clocks.gotDM) {
+			SYNCHing = stilloob();
+		    }
+		} else if (first && c > 0) {
+		    /*
+		     * Bogosity check.  Systems based on 4.2BSD
+		     * do not return an error if you do a second
+		     * recv(MSG_OOB).  So, we do one.  If it
+		     * succeeds and returns exactly the same
+		     * data, then assume that we are running
+		     * on a broken system and set the bogus_oob
+		     * flag.  (If the data was different, then
+		     * we probably got some valid new data, so
+		     * increment the count...)
+		     */
+		    int i;
+		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
+		    if (i == c &&
+			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
+			bogus_oob = 1;
+			first = 0;
+		    } else if (i < 0) {
+			bogus_oob = 0;
+			first = 0;
+		    } else
+			c += i;
+		}
+		if (bogus_oob && c > 0) {
+		    int i;
+		    /*
+		     * Bogosity.  We have to do the read
+		     * to clear the atmark to get out of
+		     * an infinate loop.
+		     */
+		    i = read(net, netiring.supply + c, canread - c);
+		    if (i > 0)
+			c += i;
+		}
+	    } else {
+		c = recv(net, netiring.supply, canread, 0);
+	    }
+	} else {
+	    c = recv(net, netiring.supply, canread, 0);
+	}
+	settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE) */
+	c = recv(net, (char *)netiring.supply, canread, 0);
+#endif	/* !defined(SO_OOBINLINE) */
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else if (c <= 0) {
+	    return -1;
+	}
+	if (netdata) {
+	    Dump('<', netiring.supply, c);
+	}
+	if (c)
+	    ring_supplied(&netiring, c);
+	returnValue = 1;
+    }
+
+    /*
+     * Something to read from the tty...
+     */
+    if (FD_ISSET(tin, &ibits)) {
+	FD_CLR(tin, &ibits);
+	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
+	if (c < 0 && errno == EIO)
+	    c = 0;
+	if (c < 0 && errno == EWOULDBLOCK) {
+	    c = 0;
+	} else {
+	    /* EOF detection for line mode!!!! */
+	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
+			/* must be an EOF... */
+		*ttyiring.supply = termEofChar;
+		c = 1;
+	    }
+	    if (c <= 0) {
+		return -1;
+	    }
+	    if (termdata) {
+		Dump('<', ttyiring.supply, c);
+	    }
+	    ring_supplied(&ttyiring, c);
+	}
+	returnValue = 1;		/* did something useful */
+    }
+
+    if (FD_ISSET(net, &obits)) {
+	FD_CLR(net, &obits);
+	returnValue |= netflush();
+    }
+    if (FD_ISSET(tout, &obits)) {
+	FD_CLR(tout, &obits);
+	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
+    }
+
+    return returnValue;
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet.c b/crypto/kerberosIV/appl/telnet/telnet/telnet.c
new file mode 100644
index 0000000..1df4d6e
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet.c
@@ -0,0 +1,2313 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+#ifdef HAVE_TERMCAP_H
+#include <termcap.h>
+#endif
+
+RCSID("$Id: telnet.c,v 1.25 1999/03/11 13:49:34 joda Exp $");
+
+#define	strip(x) (eight ? (x) : ((x) & 0x7f))
+
+static unsigned char	subbuffer[SUBBUFSIZE],
+			*subpointer, *subend;	 /* buffer for sub-options */
+#define	SB_CLEAR()	subpointer = subbuffer;
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+				*subpointer++ = (c); \
+			}
+
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_PEEK()	((*subpointer)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+char	options[256];		/* The combined options */
+char	do_dont_resp[256];
+char	will_wont_resp[256];
+
+int
+	eight = 3,
+	binary = 0,
+	autologin = 0,	/* Autologin anyone? */
+	skiprc = 0,
+	connected,
+	showoptions,
+	ISend,		/* trying to send network data in */
+	debug = 0,
+	crmod,
+	netdata,	/* Print out network data flow */
+	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+	telnetport,
+	SYNCHing,	/* we are in TELNET SYNCH mode */
+	flushout,	/* flush output */
+	autoflush = 0,	/* flush output when interrupting? */
+	autosynch,	/* send interrupt characters with SYNCH? */
+	localflow,	/* we handle flow control locally */
+	restartany,	/* if flow control enabled, restart on any character */
+	localchars,	/* we recognize interrupt/quit */
+	donelclchars,	/* the user has set "localchars" */
+	donebinarytoggle,	/* the user has put us in binary */
+	dontlecho,	/* do we suppress local echoing right now? */
+	globalmode;
+
+char *prompt = 0;
+
+cc_t escape;
+cc_t rlogin;
+#ifdef	KLUDGELINEMODE
+cc_t echoc;
+#endif
+
+/*
+ * Telnet receiver states for fsm
+ */
+#define	TS_DATA		0
+#define	TS_IAC		1
+#define	TS_WILL		2
+#define	TS_WONT		3
+#define	TS_DO		4
+#define	TS_DONT		5
+#define	TS_CR		6
+#define	TS_SB		7		/* sub-option collection */
+#define	TS_SE		8		/* looking for sub-option end */
+
+static int	telrcv_state;
+#ifdef	OLD_ENVIRON
+unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
+#else
+# define telopt_environ TELOPT_NEW_ENVIRON
+#endif
+
+jmp_buf	toplevel;
+jmp_buf	peerdied;
+
+int	flushline;
+int	linemode;
+
+#ifdef	KLUDGELINEMODE
+int	kludgelinemode = 1;
+#endif
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+Clocks clocks;
+
+static int is_unique(char *name, char **as, char **ae);
+
+
+/*
+ * Initialize telnet environment.
+ */
+
+void
+init_telnet(void)
+{
+    env_init();
+
+    SB_CLEAR();
+    memset(options, 0, sizeof options);
+
+    connected = ISend = localflow = donebinarytoggle = 0;
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    auth_encrypt_connect(connected);
+#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
+    restartany = -1;
+
+    SYNCHing = 0;
+
+    /* Don't change NetTrace */
+
+    escape = CONTROL(']');
+    rlogin = _POSIX_VDISABLE;
+#ifdef	KLUDGELINEMODE
+    echoc = CONTROL('E');
+#endif
+
+    flushline = 1;
+    telrcv_state = TS_DATA;
+}
+
+
+/*
+ * These routines are in charge of sending option negotiations
+ * to the other side.
+ *
+ * The basic idea is that we send the negotiation if either side
+ * is in disagreement as to what the current state should be.
+ */
+
+void
+send_do(int c, int init)
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
+				my_want_state_is_do(c))
+	    return;
+	set_my_want_state_do(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DO);
+    NETADD(c);
+    printoption("SENT", DO, c);
+}
+
+void
+send_dont(int c, int init)
+{
+    if (init) {
+	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
+				my_want_state_is_dont(c))
+	    return;
+	set_my_want_state_dont(c);
+	do_dont_resp[c]++;
+    }
+    NET2ADD(IAC, DONT);
+    NETADD(c);
+    printoption("SENT", DONT, c);
+}
+
+void
+send_will(int c, int init)
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
+				my_want_state_is_will(c))
+	    return;
+	set_my_want_state_will(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WILL);
+    NETADD(c);
+    printoption("SENT", WILL, c);
+}
+
+void
+send_wont(int c, int init)
+{
+    if (init) {
+	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
+				my_want_state_is_wont(c))
+	    return;
+	set_my_want_state_wont(c);
+	will_wont_resp[c]++;
+    }
+    NET2ADD(IAC, WONT);
+    NETADD(c);
+    printoption("SENT", WONT, c);
+}
+
+
+void
+willoption(int option)
+{
+	int new_state_ok = 0;
+
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_do(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_ECHO:
+	    case TELOPT_BINARY:
+	    case TELOPT_SGA:
+		settimer(modenegotiated);
+		/* FALL THROUGH */
+	    case TELOPT_STATUS:
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+#endif
+#if	defined(ENCRYPTION)
+	    case TELOPT_ENCRYPT:
+#endif
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		/*
+		 * Special case for TM.  If we get back a WILL,
+		 * pretend we got back a WONT.
+		 */
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;			/* Never reply to TM will's/wont's */
+
+	    case TELOPT_LINEMODE:
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_do(option);
+		send_do(option, 0);
+		setconnmode(0);		/* possibly set new tty mode */
+	    } else {
+		do_dont_resp[option]++;
+		send_dont(option, 0);
+	    }
+	}
+	set_my_state_do(option);
+#if	defined(ENCRYPTION)
+	if (option == TELOPT_ENCRYPT)
+		encrypt_send_support();
+#endif
+}
+
+void
+wontoption(int option)
+{
+	if (do_dont_resp[option]) {
+	    --do_dont_resp[option];
+	    if (do_dont_resp[option] && my_state_is_dont(option))
+		--do_dont_resp[option];
+	}
+
+	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
+
+	    switch (option) {
+
+#ifdef	KLUDGELINEMODE
+	    case TELOPT_SGA:
+		if (!kludgelinemode)
+		    break;
+		/* FALL THROUGH */
+#endif
+	    case TELOPT_ECHO:
+		settimer(modenegotiated);
+		break;
+
+	    case TELOPT_TM:
+		if (flushout)
+		    flushout = 0;
+		set_my_want_state_dont(option);
+		set_my_state_dont(option);
+		return;		/* Never reply to TM will's/wont's */
+
+#ifdef ENCRYPTION
+  	    case TELOPT_ENCRYPT:
+	      encrypt_not();
+	      break;
+#endif
+	    default:
+		break;
+	    }
+	    set_my_want_state_dont(option);
+	    if (my_state_is_do(option))
+		send_dont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	} else if (option == TELOPT_TM) {
+	    /*
+	     * Special case for TM.
+	     */
+	    if (flushout)
+		flushout = 0;
+	    set_my_want_state_dont(option);
+	}
+	set_my_state_dont(option);
+}
+
+static void
+dooption(int option)
+{
+	int new_state_ok = 0;
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_will(option))
+		--will_wont_resp[option];
+	}
+
+	if (will_wont_resp[option] == 0) {
+	  if (my_want_state_is_wont(option)) {
+
+	    switch (option) {
+
+	    case TELOPT_TM:
+		/*
+		 * Special case for TM.  We send a WILL, but pretend
+		 * we sent WONT.
+		 */
+		send_will(option, 0);
+		set_my_want_state_wont(TELOPT_TM);
+		set_my_state_wont(TELOPT_TM);
+		return;
+
+	    case TELOPT_BINARY:		/* binary mode */
+	    case TELOPT_NAWS:		/* window size */
+	    case TELOPT_TSPEED:		/* terminal speed */
+	    case TELOPT_LFLOW:		/* local flow control */
+	    case TELOPT_TTYPE:		/* terminal type option */
+	    case TELOPT_SGA:		/* no big deal */
+#if	defined(ENCRYPTION)
+	    case TELOPT_ENCRYPT:	/* encryption variable option */
+#endif
+		new_state_ok = 1;
+		break;
+
+	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
+#ifdef	OLD_ENVIRON
+		if (my_state_is_will(TELOPT_OLD_ENVIRON))
+			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
+		goto env_common;
+	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
+		if (my_state_is_will(TELOPT_NEW_ENVIRON))
+			break;		/* Don't enable if new one is in use! */
+	    env_common:
+		telopt_environ = option;
+#endif
+		new_state_ok = 1;
+		break;
+
+#if	defined(AUTHENTICATION)
+	    case TELOPT_AUTHENTICATION:
+		if (autologin)
+			new_state_ok = 1;
+		break;
+#endif
+
+	    case TELOPT_XDISPLOC:	/* X Display location */
+		if (env_getvalue((unsigned char *)"DISPLAY"))
+		    new_state_ok = 1;
+		break;
+
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_want_state_will(TELOPT_LINEMODE);
+		send_will(option, 0);
+		set_my_state_will(TELOPT_LINEMODE);
+		slc_init();
+		return;
+
+	    case TELOPT_ECHO:		/* We're never going to echo... */
+	    default:
+		break;
+	    }
+
+	    if (new_state_ok) {
+		set_my_want_state_will(option);
+		send_will(option, 0);
+		setconnmode(0);			/* Set new tty mode */
+	    } else {
+		will_wont_resp[option]++;
+		send_wont(option, 0);
+	    }
+	  } else {
+	    /*
+	     * Handle options that need more things done after the
+	     * other side has acknowledged the option.
+	     */
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+#ifdef	KLUDGELINEMODE
+		kludgelinemode = 0;
+		send_do(TELOPT_SGA, 1);
+#endif
+		set_my_state_will(option);
+		slc_init();
+		send_do(TELOPT_SGA, 0);
+		return;
+	    }
+	  }
+	}
+	set_my_state_will(option);
+}
+
+static void
+dontoption(int option)
+{
+
+	if (will_wont_resp[option]) {
+	    --will_wont_resp[option];
+	    if (will_wont_resp[option] && my_state_is_wont(option))
+		--will_wont_resp[option];
+	}
+
+	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
+	    switch (option) {
+	    case TELOPT_LINEMODE:
+		linemode = 0;	/* put us back to the default state */
+		break;
+#ifdef	OLD_ENVIRON
+	    case TELOPT_NEW_ENVIRON:
+		/*
+		 * The new environ option wasn't recognized, try
+		 * the old one.
+		 */
+		send_will(TELOPT_OLD_ENVIRON, 1);
+		telopt_environ = TELOPT_OLD_ENVIRON;
+		break;
+#endif
+#if 0
+#ifdef ENCRYPTION
+	    case TELOPT_ENCRYPT:
+	      encrypt_not();
+	      break;
+#endif
+#endif
+	    }
+	    /* we always accept a DONT */
+	    set_my_want_state_wont(option);
+	    if (my_state_is_will(option))
+		send_wont(option, 0);
+	    setconnmode(0);			/* Set new tty mode */
+	}
+	set_my_state_wont(option);
+}
+
+/*
+ * Given a buffer returned by tgetent(), this routine will turn
+ * the pipe seperated list of names in the buffer into an array
+ * of pointers to null terminated names.  We toss out any bad,
+ * duplicate, or verbose names (names with spaces).
+ */
+
+static char *name_unknown = "UNKNOWN";
+static char *unknown[] = { 0, 0 };
+
+static char **
+mklist(char *buf, char *name)
+{
+	int n;
+	char c, *cp, **argvp, *cp2, **argv, **avt;
+
+	if (name) {
+		if ((int)strlen(name) > 40) {
+			name = 0;
+			unknown[0] = name_unknown;
+		} else {
+			unknown[0] = name;
+			strupr(name);
+		}
+	} else
+		unknown[0] = name_unknown;
+	/*
+	 * Count up the number of names.
+	 */
+	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
+		if (*cp == '|')
+			n++;
+	}
+	/*
+	 * Allocate an array to put the name pointers into
+	 */
+	argv = (char **)malloc((n+3)*sizeof(char *));
+	if (argv == 0)
+		return(unknown);
+
+	/*
+	 * Fill up the array of pointers to names.
+	 */
+	*argv = 0;
+	argvp = argv+1;
+	n = 0;
+	for (cp = cp2 = buf; (c = *cp);  cp++) {
+		if (c == '|' || c == ':') {
+			*cp++ = '\0';
+			/*
+			 * Skip entries that have spaces or are over 40
+			 * characters long.  If this is our environment
+			 * name, then put it up front.  Otherwise, as
+			 * long as this is not a duplicate name (case
+			 * insensitive) add it to the list.
+			 */
+			if (n || (cp - cp2 > 41))
+				;
+			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
+				*argv = cp2;
+			else if (is_unique(cp2, argv+1, argvp))
+				*argvp++ = cp2;
+			if (c == ':')
+				break;
+			/*
+			 * Skip multiple delimiters. Reset cp2 to
+			 * the beginning of the next name. Reset n,
+			 * the flag for names with spaces.
+			 */
+			while ((c = *cp) == '|')
+				cp++;
+			cp2 = cp;
+			n = 0;
+		}
+		/*
+		 * Skip entries with spaces or non-ascii values.
+		 * Convert lower case letters to upper case.
+		 */
+#define ISASCII(c) (!((c)&0x80))
+		if ((c == ' ') || !ISASCII(c))
+			n = 1;
+		else if (islower(c))
+			*cp = toupper(c);
+	}
+
+	/*
+	 * Check for an old V6 2 character name.  If the second
+	 * name points to the beginning of the buffer, and is
+	 * only 2 characters long, move it to the end of the array.
+	 */
+	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
+		--argvp;
+		for (avt = &argv[1]; avt < argvp; avt++)
+			*avt = *(avt+1);
+		*argvp++ = buf;
+	}
+
+	/*
+	 * Duplicate last name, for TTYPE option, and null
+	 * terminate the array.  If we didn't find a match on
+	 * our terminal name, put that name at the beginning.
+	 */
+	cp = *(argvp-1);
+	*argvp++ = cp;
+	*argvp = 0;
+
+	if (*argv == 0) {
+		if (name)
+			*argv = name;
+		else {
+			--argvp;
+			for (avt = argv; avt < argvp; avt++)
+				*avt = *(avt+1);
+		}
+	}
+	if (*argv)
+		return(argv);
+	else
+		return(unknown);
+}
+
+static int
+is_unique(char *name, char **as, char **ae)
+{
+	char **ap;
+	int n;
+
+	n = strlen(name) + 1;
+	for (ap = as; ap < ae; ap++)
+		if (strncasecmp(*ap, name, n) == 0)
+			return(0);
+	return (1);
+}
+
+static char termbuf[1024];
+
+static int
+telnet_setupterm(const char *tname, int fd, int *errp)
+{
+	if (tgetent(termbuf, tname) == 1) {
+		termbuf[1023] = '\0';
+		if (errp)
+			*errp = 1;
+		return(0);
+	}
+	if (errp)
+		*errp = 0;
+	return(-1);
+}
+
+int resettermname = 1;
+
+static char *
+gettermname()
+{
+	char *tname;
+	static char **tnamep = 0;
+	static char **next;
+	int err;
+
+	if (resettermname) {
+		resettermname = 0;
+		if (tnamep && tnamep != unknown)
+			free(tnamep);
+		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
+				telnet_setupterm(tname, 1, &err) == 0) {
+			tnamep = mklist(termbuf, tname);
+		} else {
+			if (tname && ((int)strlen(tname) <= 40)) {
+				unknown[0] = tname;
+				strupr(tname);
+			} else
+				unknown[0] = name_unknown;
+			tnamep = unknown;
+		}
+		next = tnamep;
+	}
+	if (*next == 0)
+		next = tnamep;
+	return(*next++);
+}
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *		Terminal type, send request.
+ *		Terminal speed (send request).
+ *		Local flow control (is request).
+ *		Linemode
+ */
+
+static void
+suboption()
+{
+    unsigned char subchar;
+
+    printsub('<', subbuffer, SB_LEN()+2);
+    switch (subchar = SB_GET()) {
+    case TELOPT_TTYPE:
+	if (my_want_state_is_wont(TELOPT_TTYPE))
+	    return;
+	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
+	    return;
+	} else {
+	    char *name;
+	    unsigned char temp[50];
+	    int len;
+
+	    name = gettermname();
+	    len = strlen(name) + 4 + 2;
+	    if (len < NETROOM()) {
+		snprintf((char *)temp, sizeof(temp),
+			 "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+			 TELQUAL_IS, name, IAC, SE);
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', &temp[2], len-2);
+	    } else {
+		ExitString("No room in buffer for terminal type.\n", 1);
+		/*NOTREACHED*/
+	    }
+	}
+	break;
+    case TELOPT_TSPEED:
+	if (my_want_state_is_wont(TELOPT_TSPEED))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    long output_speed, input_speed;
+	    unsigned char temp[50];
+	    int len;
+
+	    TerminalSpeeds(&input_speed, &output_speed);
+
+	    snprintf((char *)temp, sizeof(temp),
+		     "%c%c%c%c%u,%u%c%c", IAC, SB, TELOPT_TSPEED,
+		     TELQUAL_IS,
+		     (unsigned)output_speed,
+		     (unsigned)input_speed, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+    case TELOPT_LFLOW:
+	if (my_want_state_is_wont(TELOPT_LFLOW))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch(SB_GET()) {
+	case LFLOW_RESTART_ANY:
+	    restartany = 1;
+	    break;
+	case LFLOW_RESTART_XON:
+	    restartany = 0;
+	    break;
+	case LFLOW_ON:
+	    localflow = 1;
+	    break;
+	case LFLOW_OFF:
+	    localflow = 0;
+	    break;
+	default:
+	    return;
+	}
+	setcommandmode();
+	setconnmode(0);
+	break;
+
+    case TELOPT_LINEMODE:
+	if (my_want_state_is_wont(TELOPT_LINEMODE))
+	    return;
+	if (SB_EOF())
+	    return;
+	switch (SB_GET()) {
+	case WILL:
+	    lm_will(subpointer, SB_LEN());
+	    break;
+	case WONT:
+	    lm_wont(subpointer, SB_LEN());
+	    break;
+	case DO:
+	    lm_do(subpointer, SB_LEN());
+	    break;
+	case DONT:
+	    lm_dont(subpointer, SB_LEN());
+	    break;
+	case LM_SLC:
+	    slc(subpointer, SB_LEN());
+	    break;
+	case LM_MODE:
+	    lm_mode(subpointer, SB_LEN(), 0);
+	    break;
+	default:
+	    break;
+	}
+	break;
+
+#ifdef	OLD_ENVIRON
+    case TELOPT_OLD_ENVIRON:
+#endif
+    case TELOPT_NEW_ENVIRON:
+	if (SB_EOF())
+	    return;
+	switch(SB_PEEK()) {
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+	    if (my_want_state_is_dont(subchar))
+		return;
+	    break;
+	case TELQUAL_SEND:
+	    if (my_want_state_is_wont(subchar)) {
+		return;
+	    }
+	    break;
+	default:
+	    return;
+	}
+	env_opt(subpointer, SB_LEN());
+	break;
+
+    case TELOPT_XDISPLOC:
+	if (my_want_state_is_wont(TELOPT_XDISPLOC))
+	    return;
+	if (SB_EOF())
+	    return;
+	if (SB_GET() == TELQUAL_SEND) {
+	    unsigned char temp[50], *dp;
+	    int len;
+
+	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
+		/*
+		 * Something happened, we no longer have a DISPLAY
+		 * variable.  So, turn off the option.
+		 */
+		send_wont(TELOPT_XDISPLOC, 1);
+		break;
+	    }
+	    snprintf((char *)temp, sizeof(temp),
+		     "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+		     TELQUAL_IS, dp, IAC, SE);
+	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
+
+	    if (len < NETROOM()) {
+		ring_supply_data(&netoring, temp, len);
+		printsub('>', temp+2, len - 2);
+	    }
+/*@*/	    else printf("lm_will: not enough room in buffer\n");
+	}
+	break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION: {
+		if (!autologin)
+			break;
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case TELQUAL_IS:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_is(subpointer, SB_LEN());
+			break;
+		case TELQUAL_SEND:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_send(subpointer, SB_LEN());
+			break;
+		case TELQUAL_REPLY:
+			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+				return;
+			auth_reply(subpointer, SB_LEN());
+			break;
+		case TELQUAL_NAME:
+			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+				return;
+			auth_name(subpointer, SB_LEN());
+			break;
+		}
+	}
+	break;
+#endif
+#if	defined(ENCRYPTION)
+	case TELOPT_ENCRYPT:
+		if (SB_EOF())
+			return;
+		switch(SB_GET()) {
+		case ENCRYPT_START:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_END:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_end();
+			break;
+		case ENCRYPT_SUPPORT:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_support(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQSTART:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_request_start(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REQEND:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			/*
+			 * We can always send an REQEND so that we cannot
+			 * get stuck encrypting.  We should only get this
+			 * if we have been able to get in the correct mode
+			 * anyhow.
+			 */
+			encrypt_request_end();
+			break;
+		case ENCRYPT_IS:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_is(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_REPLY:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_reply(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_ENC_KEYID:
+			if (my_want_state_is_dont(TELOPT_ENCRYPT))
+				return;
+			encrypt_enc_keyid(subpointer, SB_LEN());
+			break;
+		case ENCRYPT_DEC_KEYID:
+			if (my_want_state_is_wont(TELOPT_ENCRYPT))
+				return;
+			encrypt_dec_keyid(subpointer, SB_LEN());
+			break;
+		default:
+			break;
+		}
+		break;
+#endif
+    default:
+	break;
+    }
+}
+
+static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
+
+void
+lm_will(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	str_lm[3] = DONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_will: not enough room in buffer\n");
+	break;
+    }
+}
+
+void
+lm_wont(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
+    default:
+	/* We are always DONT, so don't respond */
+	return;
+    }
+}
+
+void
+lm_do(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	str_lm[3] = WONT;
+	str_lm[4] = cmd[0];
+	if (NETROOM() > sizeof(str_lm)) {
+	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
+	}
+/*@*/	else printf("lm_do: not enough room in buffer\n");
+	break;
+    }
+}
+
+void
+lm_dont(unsigned char *cmd, int len)
+{
+    if (len < 1) {
+/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
+	return;
+    }
+    switch(cmd[0]) {
+    case LM_FORWARDMASK:
+    default:
+	/* we are always WONT, so don't respond */
+	break;
+    }
+}
+
+static unsigned char str_lm_mode[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
+};
+
+void
+lm_mode(unsigned char *cmd, int len, int init)
+{
+	if (len != 1)
+		return;
+	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
+		return;
+	if (*cmd&MODE_ACK)
+		return;
+	linemode = *cmd&(MODE_MASK&~MODE_ACK);
+	str_lm_mode[4] = linemode;
+	if (!init)
+	    str_lm_mode[4] |= MODE_ACK;
+	if (NETROOM() > sizeof(str_lm_mode)) {
+	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
+	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
+	}
+/*@*/	else printf("lm_mode: not enough room in buffer\n");
+	setconnmode(0);	/* set changed mode */
+}
+
+
+
+/*
+ * slc()
+ * Handle special character suboption of LINEMODE.
+ */
+
+struct spc {
+	cc_t val;
+	cc_t *valp;
+	char flags;	/* Current flags & level */
+	char mylevel;	/* Maximum level & flags */
+} spc_data[NSLC+1];
+
+#define SLC_IMPORT	0
+#define	SLC_EXPORT	1
+#define SLC_RVALUE	2
+static int slc_mode = SLC_EXPORT;
+
+void
+slc_init()
+{
+	struct spc *spcp;
+
+	localchars = 1;
+	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
+		spcp->val = 0;
+		spcp->valp = 0;
+		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
+	}
+
+#define	initfunc(func, flags) { \
+					spcp = &spc_data[func]; \
+					if ((spcp->valp = tcval(func))) { \
+					    spcp->val = *spcp->valp; \
+					    spcp->mylevel = SLC_VARIABLE|flags; \
+					} else { \
+					    spcp->val = 0; \
+					    spcp->mylevel = SLC_DEFAULT; \
+					} \
+				    }
+
+	initfunc(SLC_SYNCH, 0);
+	/* No BRK */
+	initfunc(SLC_AO, 0);
+	initfunc(SLC_AYT, 0);
+	/* No EOR */
+	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
+	initfunc(SLC_EOF, 0);
+	initfunc(SLC_SUSP, SLC_FLUSHIN);
+	initfunc(SLC_EC, 0);
+	initfunc(SLC_EL, 0);
+	initfunc(SLC_EW, 0);
+	initfunc(SLC_RP, 0);
+	initfunc(SLC_LNEXT, 0);
+	initfunc(SLC_XON, 0);
+	initfunc(SLC_XOFF, 0);
+	initfunc(SLC_FORW1, 0);
+	initfunc(SLC_FORW2, 0);
+	/* No FORW2 */
+
+	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
+#undef	initfunc
+
+	if (slc_mode == SLC_EXPORT)
+		slc_export();
+	else
+		slc_import(1);
+
+}
+
+void
+slcstate()
+{
+    printf("Special characters are %s values\n",
+		slc_mode == SLC_IMPORT ? "remote default" :
+		slc_mode == SLC_EXPORT ? "local" :
+					 "remote");
+}
+
+void
+slc_mode_export()
+{
+    slc_mode = SLC_EXPORT;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_export();
+}
+
+void
+slc_mode_import(int def)
+{
+    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
+    if (my_state_is_will(TELOPT_LINEMODE))
+	slc_import(def);
+}
+
+unsigned char slc_import_val[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
+};
+unsigned char slc_import_def[] = {
+	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
+};
+
+void
+slc_import(int def)
+{
+    if (NETROOM() > sizeof(slc_import_val)) {
+	if (def) {
+	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
+	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
+	} else {
+	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
+	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
+	}
+    }
+/*@*/ else printf("slc_import: not enough room\n");
+}
+
+void
+slc_export()
+{
+    struct spc *spcp;
+
+    TerminalDefaultChars();
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->mylevel != SLC_NOSUPPORT) {
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    if (spcp->valp)
+		spcp->val = *spcp->valp;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    slc_update();
+    setconnmode(1);	/* Make sure the character values are set */
+}
+
+void
+slc(unsigned char *cp, int len)
+{
+	struct spc *spcp;
+	int func,level;
+
+	slc_start_reply();
+
+	for (; len >= 3; len -=3, cp +=3) {
+
+		func = cp[SLC_FUNC];
+
+		if (func == 0) {
+			/*
+			 * Client side: always ignore 0 function.
+			 */
+			continue;
+		}
+		if (func > NSLC) {
+			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
+				slc_add_reply(func, SLC_NOSUPPORT, 0);
+			continue;
+		}
+
+		spcp = &spc_data[func];
+
+		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
+
+		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
+		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
+			continue;
+		}
+
+		if (level == (SLC_DEFAULT|SLC_ACK)) {
+			/*
+			 * This is an error condition, the SLC_ACK
+			 * bit should never be set for the SLC_DEFAULT
+			 * level.  Our best guess to recover is to
+			 * ignore the SLC_ACK bit.
+			 */
+			cp[SLC_FLAGS] &= ~SLC_ACK;
+		}
+
+		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
+			spcp->val = (cc_t)cp[SLC_VALUE];
+			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
+			continue;
+		}
+
+		level &= ~SLC_ACK;
+
+		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
+			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
+			spcp->val = (cc_t)cp[SLC_VALUE];
+		}
+		if (level == SLC_DEFAULT) {
+			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
+				spcp->flags = spcp->mylevel;
+			else
+				spcp->flags = SLC_NOSUPPORT;
+		}
+		slc_add_reply(func, spcp->flags, spcp->val);
+	}
+	slc_end_reply();
+	if (slc_update())
+		setconnmode(1);	/* set the  new character values */
+}
+
+void
+slc_check()
+{
+    struct spc *spcp;
+
+    slc_start_reply();
+    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+	if (spcp->valp && spcp->val != *spcp->valp) {
+	    spcp->val = *spcp->valp;
+	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+		spcp->flags = SLC_NOSUPPORT;
+	    else
+		spcp->flags = spcp->mylevel;
+	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+	}
+    }
+    slc_end_reply();
+    setconnmode(1);
+}
+
+
+unsigned char slc_reply[128];
+unsigned char *slc_replyp;
+
+void
+slc_start_reply()
+{
+	slc_replyp = slc_reply;
+	*slc_replyp++ = IAC;
+	*slc_replyp++ = SB;
+	*slc_replyp++ = TELOPT_LINEMODE;
+	*slc_replyp++ = LM_SLC;
+}
+
+void
+slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+{
+	if ((*slc_replyp++ = func) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = flags) == IAC)
+		*slc_replyp++ = IAC;
+	if ((*slc_replyp++ = (unsigned char)value) == IAC)
+		*slc_replyp++ = IAC;
+}
+
+void
+slc_end_reply()
+{
+    int len;
+
+    *slc_replyp++ = IAC;
+    *slc_replyp++ = SE;
+    len = slc_replyp - slc_reply;
+    if (len <= 6)
+	return;
+    if (NETROOM() > len) {
+	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+    }
+/*@*/else printf("slc_end_reply: not enough room\n");
+}
+
+int
+slc_update()
+{
+	struct spc *spcp;
+	int need_update = 0;
+
+	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+		if (!(spcp->flags&SLC_ACK))
+			continue;
+		spcp->flags &= ~SLC_ACK;
+		if (spcp->valp && (*spcp->valp != spcp->val)) {
+			*spcp->valp = spcp->val;
+			need_update = 1;
+		}
+	}
+	return(need_update);
+}
+
+#ifdef	OLD_ENVIRON
+#  define old_env_var OLD_ENV_VAR
+#  define old_env_value OLD_ENV_VALUE
+#endif
+
+void
+env_opt(unsigned char *buf, int len)
+{
+	unsigned char *ep = 0, *epc = 0;
+	int i;
+
+	switch(buf[0]&0xff) {
+	case TELQUAL_SEND:
+		env_opt_start();
+		if (len == 1) {
+			env_opt_add(NULL);
+		} else for (i = 1; i < len; i++) {
+			switch (buf[i]&0xff) {
+#ifdef	OLD_ENVIRON
+			case OLD_ENV_VAR:
+			case OLD_ENV_VALUE:
+				/*
+				 * Although OLD_ENV_VALUE is not legal, we will
+				 * still recognize it, just in case it is an
+				 * old server that has VAR & VALUE mixed up...
+				 */
+				/* FALL THROUGH */
+#else
+			case NEW_ENV_VAR:
+#endif
+			case ENV_USERVAR:
+				if (ep) {
+					*epc = 0;
+					env_opt_add(ep);
+				}
+				ep = epc = &buf[i+1];
+				break;
+			case ENV_ESC:
+				i++;
+				/*FALL THROUGH*/
+			default:
+				if (epc)
+					*epc++ = buf[i];
+				break;
+			}
+		}
+		if (ep) {
+			*epc = 0;
+			env_opt_add(ep);
+		}
+		env_opt_end(1);
+		break;
+
+	case TELQUAL_IS:
+	case TELQUAL_INFO:
+		/* Ignore for now.  We shouldn't get it anyway. */
+		break;
+
+	default:
+		break;
+	}
+}
+
+#define	OPT_REPLY_SIZE	256
+unsigned char *opt_reply;
+unsigned char *opt_replyp;
+unsigned char *opt_replyend;
+
+void
+env_opt_start()
+{
+	if (opt_reply)
+		opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE);
+	else
+		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
+	if (opt_reply == NULL) {
+/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
+		opt_reply = opt_replyp = opt_replyend = NULL;
+		return;
+	}
+	opt_replyp = opt_reply;
+	opt_replyend = opt_reply + OPT_REPLY_SIZE;
+	*opt_replyp++ = IAC;
+	*opt_replyp++ = SB;
+	*opt_replyp++ = telopt_environ;
+	*opt_replyp++ = TELQUAL_IS;
+}
+
+void
+env_opt_start_info()
+{
+	env_opt_start();
+	if (opt_replyp)
+	    opt_replyp[-1] = TELQUAL_INFO;
+}
+
+void
+env_opt_add(unsigned char *ep)
+{
+	unsigned char *vp, c;
+
+	if (opt_reply == NULL)		/*XXX*/
+		return;			/*XXX*/
+
+	if (ep == NULL || *ep == '\0') {
+		/* Send user defined variables first. */
+		env_default(1, 0);
+		while ((ep = env_default(0, 0)))
+			env_opt_add(ep);
+
+		/* Now add the list of well know variables.  */
+		env_default(1, 1);
+		while ((ep = env_default(0, 1)))
+			env_opt_add(ep);
+		return;
+	}
+	vp = env_getvalue(ep);
+	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+				strlen((char *)ep) + 6 > opt_replyend)
+	{
+		int len;
+		opt_replyend += OPT_REPLY_SIZE;
+		len = opt_replyend - opt_reply;
+		opt_reply = (unsigned char *)realloc(opt_reply, len);
+		if (opt_reply == NULL) {
+/*@*/			printf("env_opt_add: realloc() failed!!!\n");
+			opt_reply = opt_replyp = opt_replyend = NULL;
+			return;
+		}
+		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
+		opt_replyend = opt_reply + len;
+	}
+	if (opt_welldefined((char *)ep)) {
+#ifdef	OLD_ENVIRON
+		if (telopt_environ == TELOPT_OLD_ENVIRON)
+			*opt_replyp++ = old_env_var;
+		else
+#endif
+			*opt_replyp++ = NEW_ENV_VAR;
+	} else
+		*opt_replyp++ = ENV_USERVAR;
+	for (;;) {
+		while ((c = *ep++)) {
+			switch(c&0xff) {
+			case IAC:
+				*opt_replyp++ = IAC;
+				break;
+			case NEW_ENV_VAR:
+			case NEW_ENV_VALUE:
+			case ENV_ESC:
+			case ENV_USERVAR:
+				*opt_replyp++ = ENV_ESC;
+				break;
+			}
+			*opt_replyp++ = c;
+		}
+		if ((ep = vp)) {
+#ifdef	OLD_ENVIRON
+			if (telopt_environ == TELOPT_OLD_ENVIRON)
+				*opt_replyp++ = old_env_value;
+			else
+#endif
+				*opt_replyp++ = NEW_ENV_VALUE;
+			vp = NULL;
+		} else
+			break;
+	}
+}
+
+int
+opt_welldefined(char *ep)
+{
+	if ((strcmp(ep, "USER") == 0) ||
+	    (strcmp(ep, "DISPLAY") == 0) ||
+	    (strcmp(ep, "PRINTER") == 0) ||
+	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
+	    (strcmp(ep, "JOB") == 0) ||
+	    (strcmp(ep, "ACCT") == 0))
+		return(1);
+	return(0);
+}
+
+void
+env_opt_end(int emptyok)
+{
+	int len;
+
+	len = opt_replyp - opt_reply + 2;
+	if (emptyok || len > 6) {
+		*opt_replyp++ = IAC;
+		*opt_replyp++ = SE;
+		if (NETROOM() > len) {
+			ring_supply_data(&netoring, opt_reply, len);
+			printsub('>', &opt_reply[2], len - 2);
+		}
+/*@*/		else printf("slc_end_reply: not enough room\n");
+	}
+	if (opt_reply) {
+		free(opt_reply);
+		opt_reply = opt_replyp = opt_replyend = NULL;
+	}
+}
+
+
+
+int
+telrcv(void)
+{
+    int c;
+    int scc;
+    unsigned char *sbp = NULL;
+    int count;
+    int returnValue = 0;
+
+    scc = 0;
+    count = 0;
+    while (TTYROOM() > 2) {
+	if (scc == 0) {
+	    if (count) {
+		ring_consumed(&netiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    sbp = netiring.consume;
+	    scc = ring_full_consecutive(&netiring);
+	    if (scc == 0) {
+		/* No more data coming in */
+		break;
+	    }
+	}
+
+	c = *sbp++ & 0xff, scc--; count++;
+#if	defined(ENCRYPTION)
+	if (decrypt_input)
+		c = (*decrypt_input)(c);
+#endif
+
+	switch (telrcv_state) {
+
+	case TS_CR:
+	    telrcv_state = TS_DATA;
+	    if (c == '\0') {
+		break;	/* Ignore \0 after CR */
+	    }
+	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
+		TTYADD(c);
+		break;
+	    }
+	    /* Else, fall through */
+
+	case TS_DATA:
+	    if (c == IAC) {
+		telrcv_state = TS_IAC;
+		break;
+	    }
+		    /* 
+		     * The 'crmod' hack (see following) is needed
+		     * since we can't set CRMOD on output only.
+		     * Machines like MULTICS like to send \r without
+		     * \n; since we must turn off CRMOD to get proper
+		     * input, the mapping is done here (sigh).
+		     */
+	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
+		if (scc > 0) {
+		    c = *sbp&0xff;
+#if	defined(ENCRYPTION)
+		    if (decrypt_input)
+			c = (*decrypt_input)(c);
+#endif
+		    if (c == 0) {
+			sbp++, scc--; count++;
+			/* a "true" CR */
+			TTYADD('\r');
+		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
+					(c == '\n')) {
+			sbp++, scc--; count++;
+			TTYADD('\n');
+		    } else {
+#if	defined(ENCRYPTION)
+		        if (decrypt_input)
+			    (*decrypt_input)(-1);
+#endif
+
+			TTYADD('\r');
+			if (crmod) {
+				TTYADD('\n');
+			}
+		    }
+		} else {
+		    telrcv_state = TS_CR;
+		    TTYADD('\r');
+		    if (crmod) {
+			    TTYADD('\n');
+		    }
+		}
+	    } else {
+		TTYADD(c);
+	    }
+	    continue;
+
+	case TS_IAC:
+process_iac:
+	    switch (c) {
+
+	    case WILL:
+		telrcv_state = TS_WILL;
+		continue;
+
+	    case WONT:
+		telrcv_state = TS_WONT;
+		continue;
+
+	    case DO:
+		telrcv_state = TS_DO;
+		continue;
+
+	    case DONT:
+		telrcv_state = TS_DONT;
+		continue;
+
+	    case DM:
+		    /*
+		     * We may have missed an urgent notification,
+		     * so make sure we flush whatever is in the
+		     * buffer currently.
+		     */
+		printoption("RCVD", IAC, DM);
+		SYNCHing = 1;
+		ttyflush(1);
+		SYNCHing = stilloob();
+		settimer(gotDM);
+		break;
+
+	    case SB:
+		SB_CLEAR();
+		telrcv_state = TS_SB;
+		continue;
+
+
+	    case IAC:
+		TTYADD(IAC);
+		break;
+
+	    case NOP:
+	    case GA:
+	    default:
+		printoption("RCVD", IAC, c);
+		break;
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WILL:
+	    printoption("RCVD", WILL, c);
+	    willoption(c);
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_WONT:
+	    printoption("RCVD", WONT, c);
+	    wontoption(c);
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DO:
+	    printoption("RCVD", DO, c);
+	    dooption(c);
+	    if (c == TELOPT_NAWS) {
+		sendnaws();
+	    } else if (c == TELOPT_LFLOW) {
+		localflow = 1;
+		setcommandmode();
+		setconnmode(0);
+	    }
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_DONT:
+	    printoption("RCVD", DONT, c);
+	    dontoption(c);
+	    flushline = 1;
+	    setconnmode(0);	/* set new tty mode (maybe) */
+	    telrcv_state = TS_DATA;
+	    continue;
+
+	case TS_SB:
+	    if (c == IAC) {
+		telrcv_state = TS_SE;
+	    } else {
+		SB_ACCUM(c);
+	    }
+	    continue;
+
+	case TS_SE:
+	    if (c != SE) {
+		if (c != IAC) {
+		    /*
+		     * This is an error.  We only expect to get
+		     * "IAC IAC" or "IAC SE".  Several things may
+		     * have happend.  An IAC was not doubled, the
+		     * IAC SE was left off, or another option got
+		     * inserted into the suboption are all possibilities.
+		     * If we assume that the IAC was not doubled,
+		     * and really the IAC SE was left off, we could
+		     * get into an infinate loop here.  So, instead,
+		     * we terminate the suboption, and process the
+		     * partial suboption if we can.
+		     */
+		    SB_ACCUM(IAC);
+		    SB_ACCUM(c);
+		    subpointer -= 2;
+		    SB_TERM();
+
+		    printoption("In SUBOPTION processing, RCVD", IAC, c);
+		    suboption();	/* handle sub-option */
+		    telrcv_state = TS_IAC;
+		    goto process_iac;
+		}
+		SB_ACCUM(c);
+		telrcv_state = TS_SB;
+	    } else {
+		SB_ACCUM(IAC);
+		SB_ACCUM(SE);
+		subpointer -= 2;
+		SB_TERM();
+		suboption();	/* handle sub-option */
+		telrcv_state = TS_DATA;
+	    }
+	}
+    }
+    if (count)
+	ring_consumed(&netiring, count);
+    return returnValue||count;
+}
+
+static int bol = 1, local = 0;
+
+int
+rlogin_susp(void)
+{
+    if (local) {
+	local = 0;
+	bol = 1;
+	command(0, "z\n", 2);
+	return(1);
+    }
+    return(0);
+}
+
+static int
+telsnd()
+{
+    int tcc;
+    int count;
+    int returnValue = 0;
+    unsigned char *tbp = NULL;
+
+    tcc = 0;
+    count = 0;
+    while (NETROOM() > 2) {
+	int sc;
+	int c;
+
+	if (tcc == 0) {
+	    if (count) {
+		ring_consumed(&ttyiring, count);
+		returnValue = 1;
+		count = 0;
+	    }
+	    tbp = ttyiring.consume;
+	    tcc = ring_full_consecutive(&ttyiring);
+	    if (tcc == 0) {
+		break;
+	    }
+	}
+	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
+	if (rlogin != _POSIX_VDISABLE) {
+		if (bol) {
+			bol = 0;
+			if (sc == rlogin) {
+				local = 1;
+				continue;
+			}
+		} else if (local) {
+			local = 0;
+			if (sc == '.' || c == termEofChar) {
+				bol = 1;
+				command(0, "close\n", 6);
+				continue;
+			}
+			if (sc == termSuspChar) {
+				bol = 1;
+				command(0, "z\n", 2);
+				continue;
+			}
+			if (sc == escape) {
+				command(0, (char *)tbp, tcc);
+				bol = 1;
+				count += tcc;
+				tcc = 0;
+				flushline = 1;
+				break;
+			}
+			if (sc != rlogin) {
+				++tcc;
+				--tbp;
+				--count;
+				c = sc = rlogin;
+			}
+		}
+		if ((sc == '\n') || (sc == '\r'))
+			bol = 1;
+	} else if (sc == escape) {
+	    /*
+	     * Double escape is a pass through of a single escape character.
+	     */
+	    if (tcc && strip(*tbp) == escape) {
+		tbp++;
+		tcc--;
+		count++;
+		bol = 0;
+	    } else {
+		command(0, (char *)tbp, tcc);
+		bol = 1;
+		count += tcc;
+		tcc = 0;
+		flushline = 1;
+		break;
+	    }
+	} else
+	    bol = 0;
+#ifdef	KLUDGELINEMODE
+	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
+	    if (tcc > 0 && strip(*tbp) == echoc) {
+		tcc--; tbp++; count++;
+	    } else {
+		dontlecho = !dontlecho;
+		settimer(echotoggle);
+		setconnmode(0);
+		flushline = 1;
+		break;
+	    }
+	}
+#endif
+	if (MODE_LOCAL_CHARS(globalmode)) {
+	    if (TerminalSpecialChars(sc) == 0) {
+		bol = 1;
+		break;
+	    }
+	}
+	if (my_want_state_is_wont(TELOPT_BINARY)) {
+	    switch (c) {
+	    case '\n':
+		    /*
+		     * If we are in CRMOD mode (\r ==> \n)
+		     * on our local machine, then probably
+		     * a newline (unix) is CRLF (TELNET).
+		     */
+		if (MODE_LOCAL_CHARS(globalmode)) {
+		    NETADD('\r');
+		}
+		NETADD('\n');
+		bol = flushline = 1;
+		break;
+	    case '\r':
+		if (!crlf) {
+		    NET2ADD('\r', '\0');
+		} else {
+		    NET2ADD('\r', '\n');
+		}
+		bol = flushline = 1;
+		break;
+	    case IAC:
+		NET2ADD(IAC, IAC);
+		break;
+	    default:
+		NETADD(c);
+		break;
+	    }
+	} else if (c == IAC) {
+	    NET2ADD(IAC, IAC);
+	} else {
+	    NETADD(c);
+	}
+    }
+    if (count)
+	ring_consumed(&ttyiring, count);
+    return returnValue||count;		/* Non-zero if we did anything */
+}
+
+/*
+ * Scheduler()
+ *
+ * Try to do something.
+ *
+ * If we do something useful, return 1; else return 0.
+ *
+ */
+
+
+static int
+Scheduler(int block) /* should we block in the select ? */
+{
+		/* One wants to be a bit careful about setting returnValue
+		 * to one, since a one implies we did some useful work,
+		 * and therefore probably won't be called to block next
+		 * time (TN3270 mode only).
+		 */
+    int returnValue;
+    int netin, netout, netex, ttyin, ttyout;
+
+    /* Decide which rings should be processed */
+
+    netout = ring_full_count(&netoring) &&
+	    (flushline ||
+		(my_want_state_is_wont(TELOPT_LINEMODE)
+#ifdef	KLUDGELINEMODE
+			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
+#endif
+		) ||
+			my_want_state_is_will(TELOPT_BINARY));
+    ttyout = ring_full_count(&ttyoring);
+
+    ttyin = ring_empty_count(&ttyiring);
+
+    netin = !ISend && ring_empty_count(&netiring);
+
+    netex = !SYNCHing;
+
+    /* If we have seen a signal recently, reset things */
+
+    /* Call to system code to process rings */
+
+    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
+
+    /* Now, look at the input rings, looking for work to do. */
+
+    if (ring_full_count(&ttyiring)) {
+	    returnValue |= telsnd();
+    }
+
+    if (ring_full_count(&netiring)) {
+	returnValue |= telrcv();
+    }
+    return returnValue;
+}
+
+/*
+ * Select from tty and network...
+ */
+void
+my_telnet(char *user)
+{
+    sys_telnet_init();
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+    {
+	static char local_host[256] = { 0 };
+
+	if (!local_host[0]) {
+		/* XXX - should be k_gethostname? */
+		gethostname(local_host, sizeof(local_host));
+		local_host[sizeof(local_host)-1] = 0;
+	}
+	auth_encrypt_init(local_host, hostname, "TELNET", 0);
+	auth_encrypt_user(user);
+    }
+#endif
+    if (telnetport) {
+#if	defined(AUTHENTICATION)
+	if (autologin)
+		send_will(TELOPT_AUTHENTICATION, 1);
+#endif
+#if	defined(ENCRYPTION)
+	send_do(TELOPT_ENCRYPT, 1);
+	send_will(TELOPT_ENCRYPT, 1);
+#endif
+	send_do(TELOPT_SGA, 1);
+	send_will(TELOPT_TTYPE, 1);
+	send_will(TELOPT_NAWS, 1);
+	send_will(TELOPT_TSPEED, 1);
+	send_will(TELOPT_LFLOW, 1);
+	send_will(TELOPT_LINEMODE, 1);
+	send_will(TELOPT_NEW_ENVIRON, 1);
+	send_do(TELOPT_STATUS, 1);
+	if (env_getvalue((unsigned char *)"DISPLAY"))
+	    send_will(TELOPT_XDISPLOC, 1);
+	if (binary)
+	    tel_enter_binary(binary);
+    }
+
+    for (;;) {
+	int schedValue;
+
+	while ((schedValue = Scheduler(0)) != 0) {
+	    if (schedValue == -1) {
+		setcommandmode();
+		return;
+	    }
+	}
+
+	if (Scheduler(1) == -1) {
+	    setcommandmode();
+	    return;
+	}
+    }
+}
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+
+static void
+netclear()
+{
+#if	0	/* XXX */
+    char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+    thisitem = netobuf;
+
+    while ((next = nextitem(thisitem)) <= netobuf.send) {
+	thisitem = next;
+    }
+
+    /* Now, thisitem is first before/at boundary. */
+
+    good = netobuf;	/* where the good bytes go */
+
+    while (netoring.add > thisitem) {
+	if (wewant(thisitem)) {
+	    int length;
+
+	    next = thisitem;
+	    do {
+		next = nextitem(next);
+	    } while (wewant(next) && (nfrontp > next));
+	    length = next-thisitem;
+	    memmove(good, thisitem, length);
+	    good += length;
+	    thisitem = next;
+	} else {
+	    thisitem = nextitem(thisitem);
+	}
+    }
+
+#endif	/* 0 */
+}
+
+/*
+ * These routines add various telnet commands to the data stream.
+ */
+
+static void
+doflush()
+{
+    NET2ADD(IAC, DO);
+    NETADD(TELOPT_TM);
+    flushline = 1;
+    flushout = 1;
+    ttyflush(1);			/* Flush/drop output */
+    /* do printoption AFTER flush, otherwise the output gets tossed... */
+    printoption("SENT", DO, TELOPT_TM);
+}
+
+void
+xmitAO(void)
+{
+    NET2ADD(IAC, AO);
+    printoption("SENT", IAC, AO);
+    if (autoflush) {
+	doflush();
+    }
+}
+
+
+void
+xmitEL(void)
+{
+    NET2ADD(IAC, EL);
+    printoption("SENT", IAC, EL);
+}
+
+void
+xmitEC(void)
+{
+    NET2ADD(IAC, EC);
+    printoption("SENT", IAC, EC);
+}
+
+
+int
+dosynch()
+{
+    netclear();			/* clear the path to the network */
+    NETADD(IAC);
+    setneturg();
+    NETADD(DM);
+    printoption("SENT", IAC, DM);
+    return 1;
+}
+
+int want_status_response = 0;
+
+int
+get_status()
+{
+    unsigned char tmp[16];
+    unsigned char *cp;
+
+    if (my_want_state_is_dont(TELOPT_STATUS)) {
+	printf("Remote side does not support STATUS option\n");
+	return 0;
+    }
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_STATUS;
+    *cp++ = TELQUAL_SEND;
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+    ++want_status_response;
+    return 1;
+}
+
+void
+intp(void)
+{
+    NET2ADD(IAC, IP);
+    printoption("SENT", IAC, IP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendbrk(void)
+{
+    NET2ADD(IAC, BREAK);
+    printoption("SENT", IAC, BREAK);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendabort(void)
+{
+    NET2ADD(IAC, ABORT);
+    printoption("SENT", IAC, ABORT);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendsusp(void)
+{
+    NET2ADD(IAC, SUSP);
+    printoption("SENT", IAC, SUSP);
+    flushline = 1;
+    if (autoflush) {
+	doflush();
+    }
+    if (autosynch) {
+	dosynch();
+    }
+}
+
+void
+sendeof(void)
+{
+    NET2ADD(IAC, xEOF);
+    printoption("SENT", IAC, xEOF);
+}
+
+void
+sendayt(void)
+{
+    NET2ADD(IAC, AYT);
+    printoption("SENT", IAC, AYT);
+}
+
+/*
+ * Send a window size update to the remote system.
+ */
+
+void
+sendnaws()
+{
+    long rows, cols;
+    unsigned char tmp[16];
+    unsigned char *cp;
+
+    if (my_state_is_wont(TELOPT_NAWS))
+	return;
+
+#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
+			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
+
+    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
+	return;
+    }
+
+    cp = tmp;
+
+    *cp++ = IAC;
+    *cp++ = SB;
+    *cp++ = TELOPT_NAWS;
+    PUTSHORT(cp, cols);
+    PUTSHORT(cp, rows);
+    *cp++ = IAC;
+    *cp++ = SE;
+    if (NETROOM() >= cp - tmp) {
+	ring_supply_data(&netoring, tmp, cp-tmp);
+	printsub('>', tmp+2, cp - tmp - 2);
+    }
+}
+
+void
+tel_enter_binary(int rw)
+{
+    if (rw&1)
+	send_do(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_will(TELOPT_BINARY, 1);
+}
+
+void
+tel_leave_binary(int rw)
+{
+    if (rw&1)
+	send_dont(TELOPT_BINARY, 1);
+    if (rw&2)
+	send_wont(TELOPT_BINARY, 1);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
new file mode 100644
index 0000000..b4a3782
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
@@ -0,0 +1,176 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#include <errno.h>
+#include <setjmp.h>
+#ifdef HAVE_BSDSETJMP_H
+#include <bsdsetjmp.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/* termios.h *must* be included before curses.h */
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#if defined(SOCKS) && defined(HAVE_CURSES_H)
+#include <curses.h>
+#endif
+
+#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
+#include <sys/termio.h>
+#endif
+
+#if defined(HAVE_TERMCAP_H)
+#include <termcap.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+/* not with SunOS 4 */
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include <roken.h>
+/* krb.h? */
+
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+#include <libtelnet/auth.h>
+#include <libtelnet/encrypt.h>
+#endif
+#include <libtelnet/misc.h>
+#include <libtelnet/misc-proto.h>
+
+#define LINEMODE
+#define KLUDGELINEMODE
+
+#include "ring.h"
+#include "externs.h"
+#include "defines.h"
+#include "types.h"
+
+/* prototypes */
+
diff --git a/crypto/kerberosIV/appl/telnet/telnet/terminal.c b/crypto/kerberosIV/appl/telnet/telnet/terminal.c
new file mode 100644
index 0000000..4404384
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/terminal.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: terminal.c,v 1.10 1997/12/15 19:53:06 joda Exp $");
+
+Ring		ttyoring, ttyiring;
+unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
+
+int termdata;			/* Debugging flag */
+
+# ifndef VDISCARD
+cc_t termFlushChar;
+# endif
+# ifndef VLNEXT
+cc_t termLiteralNextChar;
+# endif
+# ifndef VSUSP
+cc_t termSuspChar;
+# endif
+# ifndef VWERASE
+cc_t termWerasChar;
+# endif
+# ifndef VREPRINT
+cc_t termRprntChar;
+# endif
+# ifndef VSTART
+cc_t termStartChar;
+# endif
+# ifndef VSTOP
+cc_t termStopChar;
+# endif
+# ifndef VEOL
+cc_t termForw1Char;
+# endif
+# ifndef VEOL2
+cc_t termForw2Char;
+# endif
+# ifndef VSTATUS
+cc_t termAytChar;
+# endif
+
+/*
+ * initialize the terminal data structures.
+ */
+
+void
+init_terminal(void)
+{
+    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
+	exit(1);
+    }
+    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
+	exit(1);
+    }
+    autoflush = TerminalAutoFlush();
+}
+
+
+/*
+ *		Send as much data as possible to the terminal.
+ *
+ *		Return value:
+ *			-1: No useful work done, data waiting to go out.
+ *			 0: No data was waiting, so nothing was done.
+ *			 1: All waiting data was written out.
+ *			 n: All data - n was written out.
+ */
+
+
+int
+ttyflush(int drop)
+{
+    int n, n0, n1;
+
+    n0 = ring_full_count(&ttyoring);
+    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
+	if (drop) {
+	    TerminalFlushOutput();
+	    /* we leave 'n' alone! */
+	} else {
+	    n = TerminalWrite((char *)ttyoring.consume, n);
+	}
+    }
+    if (n > 0) {
+	if (termdata && n) {
+	    Dump('>', ttyoring.consume, n);
+	}
+	/*
+	 * If we wrote everything, and the full count is
+	 * larger than what we wrote, then write the
+	 * rest of the buffer.
+	 */
+	if (n1 == n && n0 > n) {
+		n1 = n0 - n;
+		if (!drop)
+			n1 = TerminalWrite((char *)ttyoring.bottom, n1);
+		if (n1 > 0)
+			n += n1;
+	}
+	ring_consumed(&ttyoring, n);
+    }
+    if (n < 0)
+	return -1;
+    if (n == n0) {
+	if (n0)
+	    return -1;
+	return 0;
+    }
+    return n0 - n + 1;
+}
+
+
+/*
+ * These routines decides on what the mode should be (based on the values
+ * of various global variables).
+ */
+
+
+int
+getconnmode(void)
+{
+    extern int linemode;
+    int mode = 0;
+#ifdef	KLUDGELINEMODE
+    extern int kludgelinemode;
+#endif
+
+    if (my_want_state_is_dont(TELOPT_ECHO))
+	mode |= MODE_ECHO;
+
+    if (localflow)
+	mode |= MODE_FLOW;
+
+    if ((eight & 1) || my_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_INBIN;
+
+    if (eight & 2)
+	mode |= MODE_OUT8;
+    if (his_want_state_is_will(TELOPT_BINARY))
+	mode |= MODE_OUTBIN;
+
+#ifdef	KLUDGELINEMODE
+    if (kludgelinemode) {
+	if (my_want_state_is_dont(TELOPT_SGA)) {
+	    mode |= (MODE_TRAPSIG|MODE_EDIT);
+	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
+		mode &= ~MODE_ECHO;
+	    }
+	}
+	return(mode);
+    }
+#endif
+    if (my_want_state_is_will(TELOPT_LINEMODE))
+	mode |= linemode;
+    return(mode);
+}
+
+    void
+setconnmode(force)
+    int force;
+{
+#ifdef	ENCRYPTION
+    static int enc_passwd = 0;
+#endif
+    int newmode;
+
+    newmode = getconnmode()|(force?MODE_FORCE:0);
+
+    TerminalNewMode(newmode);
+    
+#ifdef  ENCRYPTION
+    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
+	if (my_want_state_is_will(TELOPT_ENCRYPT)
+				&& (enc_passwd == 0) && !encrypt_output) {
+	    encrypt_request_start(0, 0);
+	    enc_passwd = 1;
+	}
+    } else {
+	if (enc_passwd) {
+	    encrypt_request_end();
+	    enc_passwd = 0;
+	}
+    }
+#endif
+
+}
+
+
+    void
+setcommandmode()
+{
+    TerminalNewMode(-1);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnet/types.h b/crypto/kerberosIV/appl/telnet/telnet/types.h
new file mode 100644
index 0000000..191d311
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/types.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)types.h	8.1 (Berkeley) 6/6/93
+ */
+
+typedef struct {
+    char *modedescriptions;
+    char modetype;
+} Modelist;
+
+extern Modelist modelist[];
+
+typedef struct {
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	gotDM;			/* when did we last see a data mark */
+} Clocks;
+
+extern Clocks clocks;
diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
new file mode 100644
index 0000000..5d677cf
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
@@ -0,0 +1,863 @@
+/*
+ * Copyright (c) 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define TELOPTS
+#define TELCMDS
+#define SLC_NAMES
+
+#include "telnet_locl.h"
+
+RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $");
+
+FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
+int	prettydump;
+
+/*
+ * SetSockOpt()
+ *
+ * Compensate for differences in 4.2 and 4.3 systems.
+ */
+
+int
+SetSockOpt(int fd, int level, int option, int yesno)
+{
+#ifdef HAVE_SETSOCKOPT
+#ifndef	NOT43
+    return setsockopt(fd, level, option,
+				(void *)&yesno, sizeof yesno);
+#else	/* NOT43 */
+    if (yesno == 0) {		/* Can't do that in 4.2! */
+	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
+				option);
+	return -1;
+    }
+    return setsockopt(fd, level, option, 0, 0);
+#endif	/* NOT43 */
+#else
+    return -1;
+#endif
+}
+
+/*
+ * The following are routines used to print out debugging information.
+ */
+
+char NetTraceFile[256] = "(standard output)";
+
+void
+SetNetTrace(char *file)
+{
+    if (NetTrace && NetTrace != stdout)
+	fclose(NetTrace);
+    if (file  && (strcmp(file, "-") != 0)) {
+	NetTrace = fopen(file, "w");
+	if (NetTrace) {
+	    strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile));
+	    return;
+	}
+	fprintf(stderr, "Cannot open %s.\n", file);
+    }
+    NetTrace = stdout;
+    strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
+}
+
+void
+Dump(char direction, unsigned char *buffer, int length)
+{
+#   define BYTES_PER_LINE	32
+    unsigned char *pThis;
+    int offset;
+
+    offset = 0;
+
+    while (length) {
+	/* print one line */
+	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
+	pThis = buffer;
+	if (prettydump) {
+	    buffer = buffer + min(length, BYTES_PER_LINE/2);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%c%.2x",
+		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
+		    (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE/2;
+	    offset += BYTES_PER_LINE/2;
+	} else {
+	    buffer = buffer + min(length, BYTES_PER_LINE);
+	    while (pThis < buffer) {
+		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
+		pThis++;
+	    }
+	    length -= BYTES_PER_LINE;
+	    offset += BYTES_PER_LINE;
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	if (length < 0) {
+	    fflush(NetTrace);
+	    return;
+	}
+	/* find next unique line */
+    }
+    fflush(NetTrace);
+}
+
+
+void
+printoption(char *direction, int cmd, int option)
+{
+	if (!showoptions)
+		return;
+	if (cmd == IAC) {
+		if (TELCMD_OK(option))
+		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
+		else
+		    fprintf(NetTrace, "%s IAC %d", direction, option);
+	} else {
+		char *fmt;
+		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
+			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
+		if (fmt) {
+		    fprintf(NetTrace, "%s %s ", direction, fmt);
+		    if (TELOPT_OK(option))
+			fprintf(NetTrace, "%s", TELOPT(option));
+		    else if (option == TELOPT_EXOPL)
+			fprintf(NetTrace, "EXOPL");
+		    else
+			fprintf(NetTrace, "%d", option);
+		} else
+		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
+	}
+	if (NetTrace == stdout) {
+	    fprintf(NetTrace, "\r\n");
+	    fflush(NetTrace);
+	} else {
+	    fprintf(NetTrace, "\n");
+	}
+	return;
+}
+
+void
+optionstatus(void)
+{
+    int i;
+    extern char will_wont_resp[], do_dont_resp[];
+
+    for (i = 0; i < 256; i++) {
+	if (do_dont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
+	    else
+		printf("resp DO_DONT %d: %d\n", i,
+				do_dont_resp[i]);
+	    if (my_want_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("want DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DO   %s\n", TELCMD(i));
+		else
+		    printf("want DO   %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want DONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want DONT %s\n", TELCMD(i));
+		else
+		    printf("want DONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_do(i)) {
+		if (TELOPT_OK(i))
+		    printf("     DO   %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     DO   %s\n", TELCMD(i));
+		else
+		    printf("     DO   %d\n", i);
+	    }
+	}
+	if (will_wont_resp[i]) {
+	    if (TELOPT_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
+	    else if (TELCMD_OK(i))
+		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
+	    else
+		printf("resp WILL_WONT %d: %d\n",
+				i, will_wont_resp[i]);
+	    if (my_want_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("want WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WILL %s\n", TELCMD(i));
+		else
+		    printf("want WILL %d\n", i);
+	    } else {
+		if (TELOPT_OK(i))
+		    printf("want WONT %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("want WONT %s\n", TELCMD(i));
+		else
+		    printf("want WONT %d\n", i);
+	    }
+	} else {
+	    if (my_state_is_will(i)) {
+		if (TELOPT_OK(i))
+		    printf("     WILL %s\n", TELOPT(i));
+		else if (TELCMD_OK(i))
+		    printf("     WILL %s\n", TELCMD(i));
+		else
+		    printf("     WILL %d\n", i);
+	    }
+	}
+    }
+
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+{
+    int i;
+    unsigned char buf[512];
+    extern int want_status_response;
+
+    if (showoptions || direction == 0 ||
+	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
+	if (direction) {
+	    fprintf(NetTrace, "%s IAC SB ",
+				(direction == '<')? "RCVD":"SENT");
+	    if (length >= 3) {
+		int j;
+
+		i = pointer[length-2];
+		j = pointer[length-1];
+
+		if (i != IAC || j != SE) {
+		    fprintf(NetTrace, "(terminated by ");
+		    if (TELOPT_OK(i))
+			fprintf(NetTrace, "%s ", TELOPT(i));
+		    else if (TELCMD_OK(i))
+			fprintf(NetTrace, "%s ", TELCMD(i));
+		    else
+			fprintf(NetTrace, "%d ", i);
+		    if (TELOPT_OK(j))
+			fprintf(NetTrace, "%s", TELOPT(j));
+		    else if (TELCMD_OK(j))
+			fprintf(NetTrace, "%s", TELCMD(j));
+		    else
+			fprintf(NetTrace, "%d", j);
+		    fprintf(NetTrace, ", not IAC SE!) ");
+		}
+	    }
+	    length -= 2;
+	}
+	if (length < 1) {
+	    fprintf(NetTrace, "(Empty suboption??\?)");
+	    if (NetTrace == stdout)
+		fflush(NetTrace);
+	    return;
+	}
+	switch (pointer[0]) {
+	case TELOPT_TTYPE:
+	    fprintf(NetTrace, "TERMINAL-TYPE ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace,
+				"- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+	case TELOPT_TSPEED:
+	    fprintf(NetTrace, "TERMINAL-SPEED");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " IS ");
+		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
+		break;
+	    default:
+		if (pointer[1] == 1)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    }
+	    break;
+
+	case TELOPT_LFLOW:
+	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case LFLOW_OFF:
+		fprintf(NetTrace, " OFF"); break;
+	    case LFLOW_ON:
+		fprintf(NetTrace, " ON"); break;
+	    case LFLOW_RESTART_ANY:
+		fprintf(NetTrace, " RESTART-ANY"); break;
+	    case LFLOW_RESTART_XON:
+		fprintf(NetTrace, " RESTART-XON"); break;
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    }
+	    for (i = 2; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+	case TELOPT_NAWS:
+	    fprintf(NetTrace, "NAWS");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    if (length == 2) {
+		fprintf(NetTrace, " ?%d?", pointer[1]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[1], pointer[2],
+		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+	    if (length == 4) {
+		fprintf(NetTrace, " ?%d?", pointer[3]);
+		break;
+	    }
+	    fprintf(NetTrace, " %d %d (%d)",
+		pointer[3], pointer[4],
+		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+	    for (i = 5; i < length; i++)
+		fprintf(NetTrace, " ?%d?", pointer[i]);
+	    break;
+
+#if	defined(AUTHENTICATION)
+	case TELOPT_AUTHENTICATION:
+	    fprintf(NetTrace, "AUTHENTICATION");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case TELQUAL_REPLY:
+	    case TELQUAL_IS:
+		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
+							"IS" : "REPLY");
+		if (AUTHTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, "%d ", pointer[2]);
+		if (length < 3) {
+		    fprintf(NetTrace, "(partial suboption??\?)");
+		    break;
+		}
+		fprintf(NetTrace, "%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+
+		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case TELQUAL_SEND:
+		i = 2;
+		fprintf(NetTrace, " SEND ");
+		while (i < length) {
+		    if (AUTHTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    if (++i >= length) {
+			fprintf(NetTrace, "(partial suboption??\?)");
+			break;
+		    }
+		    fprintf(NetTrace, "%s|%s ",
+			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+							"CLIENT" : "SERVER",
+			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+							"MUTUAL" : "ONE-WAY");
+		    ++i;
+		}
+		break;
+
+	    case TELQUAL_NAME:
+		i = 2;
+		fprintf(NetTrace, " NAME \"");
+		while (i < length)
+		    putc(pointer[i++], NetTrace);
+		putc('"', NetTrace);
+		break;
+
+	    default:
+		    for (i = 2; i < length; i++)
+			fprintf(NetTrace, " ?%d?", pointer[i]);
+		    break;
+	    }
+	    break;
+#endif
+
+#if	defined(ENCRYPTION)
+	case TELOPT_ENCRYPT:
+	    fprintf(NetTrace, "ENCRYPT");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case ENCRYPT_START:
+		fprintf(NetTrace, " START");
+		break;
+
+	    case ENCRYPT_END:
+		fprintf(NetTrace, " END");
+		break;
+
+	    case ENCRYPT_REQSTART:
+		fprintf(NetTrace, " REQUEST-START");
+		break;
+
+	    case ENCRYPT_REQEND:
+		fprintf(NetTrace, " REQUEST-END");
+		break;
+
+	    case ENCRYPT_IS:
+	    case ENCRYPT_REPLY:
+		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
+							"IS" : "REPLY");
+		if (length < 3) {
+		    fprintf(NetTrace, " (partial suboption?)");
+		    break;
+		}
+		if (ENCTYPE_NAME_OK(pointer[2]))
+		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
+
+		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+		fprintf(NetTrace, "%s", buf);
+		break;
+
+	    case ENCRYPT_SUPPORT:
+		i = 2;
+		fprintf(NetTrace, " SUPPORT ");
+		while (i < length) {
+		    if (ENCTYPE_NAME_OK(pointer[i]))
+			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
+		    else
+			fprintf(NetTrace, "%d ", pointer[i]);
+		    i++;
+		}
+		break;
+
+	    case ENCRYPT_ENC_KEYID:
+		fprintf(NetTrace, " ENC_KEYID ");
+		goto encommon;
+
+	    case ENCRYPT_DEC_KEYID:
+		fprintf(NetTrace, " DEC_KEYID ");
+		goto encommon;
+
+	    default:
+		fprintf(NetTrace, " %d (unknown)", pointer[1]);
+	    encommon:
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+		break;
+	    }
+	    break;
+#endif
+
+	case TELOPT_LINEMODE:
+	    fprintf(NetTrace, "LINEMODE ");
+	    if (length < 2) {
+		fprintf(NetTrace, " (empty suboption??\?)");
+		break;
+	    }
+	    switch (pointer[1]) {
+	    case WILL:
+		fprintf(NetTrace, "WILL ");
+		goto common;
+	    case WONT:
+		fprintf(NetTrace, "WONT ");
+		goto common;
+	    case DO:
+		fprintf(NetTrace, "DO ");
+		goto common;
+	    case DONT:
+		fprintf(NetTrace, "DONT ");
+	    common:
+		if (length < 3) {
+		    fprintf(NetTrace, "(no option??\?)");
+		    break;
+		}
+		switch (pointer[2]) {
+		case LM_FORWARDMASK:
+		    fprintf(NetTrace, "Forward Mask");
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %x", pointer[i]);
+		    break;
+		default:
+		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
+		    for (i = 3; i < length; i++)
+			fprintf(NetTrace, " %d", pointer[i]);
+		    break;
+		}
+		break;
+
+	    case LM_SLC:
+		fprintf(NetTrace, "SLC");
+		for (i = 2; i < length - 2; i += 3) {
+		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+		    else
+			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
+		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		    case SLC_NOSUPPORT:
+			fprintf(NetTrace, " NOSUPPORT"); break;
+		    case SLC_CANTCHANGE:
+			fprintf(NetTrace, " CANTCHANGE"); break;
+		    case SLC_VARIABLE:
+			fprintf(NetTrace, " VARIABLE"); break;
+		    case SLC_DEFAULT:
+			fprintf(NetTrace, " DEFAULT"); break;
+		    }
+		    fprintf(NetTrace, "%s%s%s",
+			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+						SLC_FLUSHOUT| SLC_LEVELBITS))
+			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
+		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
+		    if ((pointer[i+SLC_VALUE] == IAC) &&
+			(pointer[i+SLC_VALUE+1] == IAC))
+				i++;
+		}
+		for (; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+
+	    case LM_MODE:
+		fprintf(NetTrace, "MODE ");
+		if (length < 3) {
+		    fprintf(NetTrace, "(no mode??\?)");
+		    break;
+		}
+		{
+		    char tbuf[64];
+		    snprintf(tbuf, sizeof(tbuf),
+			     "%s%s%s%s%s",
+			     pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			     pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			     pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			     pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			     pointer[2]&MODE_ACK ? "|ACK" : "");
+		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
+		}
+		if (pointer[2]&~(MODE_MASK))
+		    fprintf(NetTrace, " (0x%x)", pointer[2]);
+		for (i = 3; i < length; i++)
+		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
+		break;
+	    default:
+		fprintf(NetTrace, "%d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " %d", pointer[i]);
+	    }
+	    break;
+
+	case TELOPT_STATUS: {
+	    char *cp;
+	    int j, k;
+
+	    fprintf(NetTrace, "STATUS");
+
+	    switch (pointer[1]) {
+	    default:
+		if (pointer[1] == TELQUAL_SEND)
+		    fprintf(NetTrace, " SEND");
+		else
+		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
+		for (i = 2; i < length; i++)
+		    fprintf(NetTrace, " ?%d?", pointer[i]);
+		break;
+	    case TELQUAL_IS:
+		if (--want_status_response < 0)
+		    want_status_response = 0;
+		if (NetTrace == stdout)
+		    fprintf(NetTrace, " IS\r\n");
+		else
+		    fprintf(NetTrace, " IS\n");
+
+		for (i = 2; i < length; i++) {
+		    switch(pointer[i]) {
+		    case DO:	cp = "DO"; goto common2;
+		    case DONT:	cp = "DONT"; goto common2;
+		    case WILL:	cp = "WILL"; goto common2;
+		    case WONT:	cp = "WONT"; goto common2;
+		    common2:
+			i++;
+			if (TELOPT_OK((int)pointer[i]))
+			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
+			else
+			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+			break;
+
+		    case SB:
+			fprintf(NetTrace, " SB ");
+			i++;
+			j = k = i;
+			while (j < length) {
+			    if (pointer[j] == SE) {
+				if (j+1 == length)
+				    break;
+				if (pointer[j+1] == SE)
+				    j++;
+				else
+				    break;
+			    }
+			    pointer[k++] = pointer[j++];
+			}
+			printsub(0, &pointer[i], k - i);
+			if (i < length) {
+			    fprintf(NetTrace, " SE");
+			    i = j;
+			} else
+			    i = j - 1;
+
+			if (NetTrace == stdout)
+			    fprintf(NetTrace, "\r\n");
+			else
+			    fprintf(NetTrace, "\n");
+
+			break;
+
+		    default:
+			fprintf(NetTrace, " %d", pointer[i]);
+			break;
+		    }
+		}
+		break;
+	    }
+	    break;
+	  }
+
+	case TELOPT_XDISPLOC:
+	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+		break;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND");
+		break;
+	    default:
+		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
+				pointer[1], pointer[1]);
+	    }
+	    break;
+
+	case TELOPT_NEW_ENVIRON:
+	    fprintf(NetTrace, "NEW-ENVIRON ");
+#ifdef	OLD_ENVIRON
+	    goto env_common1;
+	case TELOPT_OLD_ENVIRON:
+	    fprintf(NetTrace, "OLD-ENVIRON");
+	env_common1:
+#endif
+	    switch (pointer[1]) {
+	    case TELQUAL_IS:
+		fprintf(NetTrace, "IS ");
+		goto env_common;
+	    case TELQUAL_SEND:
+		fprintf(NetTrace, "SEND ");
+		goto env_common;
+	    case TELQUAL_INFO:
+		fprintf(NetTrace, "INFO ");
+	    env_common:
+		{
+		    int noquote = 2;
+		    for (i = 2; i < length; i++ ) {
+			switch (pointer[i]) {
+			case NEW_ENV_VALUE:
+#ifdef OLD_ENVIRON
+		     /*	case NEW_ENV_OVAR: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+				    fprintf(NetTrace, "\" VAR " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VALUE " + noquote);
+			    noquote = 2;
+			    break;
+
+			case NEW_ENV_VAR:
+#ifdef OLD_ENVIRON
+		     /* case OLD_ENV_VALUE: */
+			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
+				    fprintf(NetTrace, "\" VALUE " + noquote);
+			    } else
+#endif /* OLD_ENVIRON */
+				fprintf(NetTrace, "\" VAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_ESC:
+			    fprintf(NetTrace, "\" ESC " + noquote);
+			    noquote = 2;
+			    break;
+
+			case ENV_USERVAR:
+			    fprintf(NetTrace, "\" USERVAR " + noquote);
+			    noquote = 2;
+			    break;
+
+			default:
+			    if (isprint(pointer[i]) && pointer[i] != '"') {
+				if (noquote) {
+				    putc('"', NetTrace);
+				    noquote = 0;
+				}
+				putc(pointer[i], NetTrace);
+			    } else {
+				fprintf(NetTrace, "\" %03o " + noquote,
+							pointer[i]);
+				noquote = 2;
+			    }
+			    break;
+			}
+		    }
+		    if (!noquote)
+			putc('"', NetTrace);
+		    break;
+		}
+	    }
+	    break;
+
+	default:
+	    if (TELOPT_OK(pointer[0]))
+		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
+	    else
+		fprintf(NetTrace, "%d (unknown)", pointer[0]);
+	    for (i = 1; i < length; i++)
+		fprintf(NetTrace, " %d", pointer[i]);
+	    break;
+	}
+	if (direction) {
+	    if (NetTrace == stdout)
+		fprintf(NetTrace, "\r\n");
+	    else
+		fprintf(NetTrace, "\n");
+	}
+	if (NetTrace == stdout)
+	    fflush(NetTrace);
+    }
+}
+
+/* EmptyTerminal - called to make sure that the terminal buffer is empty.
+ *			Note that we consider the buffer to run all the
+ *			way to the kernel (thus the select).
+ */
+
+void
+EmptyTerminal(void)
+{
+    fd_set	outs;
+
+    FD_ZERO(&outs);
+
+    if (TTYBYTES() == 0) {
+	FD_SET(tout, &outs);
+	select(tout+1, 0, &outs, 0,
+		      (struct timeval *) 0); /* wait for TTLOWAT */
+    } else {
+	while (TTYBYTES()) {
+	    ttyflush(0);
+	    FD_SET(tout, &outs);
+	    select(tout+1, 0, &outs, 0,
+			  (struct timeval *) 0); /* wait for TTLOWAT */
+	}
+    }
+}
+
+void
+SetForExit(void)
+{
+    setconnmode(0);
+    do {
+	telrcv();			/* Process any incoming data */
+	EmptyTerminal();
+    } while (ring_full_count(&netiring));	/* While there is any */
+    setcommandmode();
+    fflush(stdout);
+    fflush(stderr);
+    setconnmode(0);
+    EmptyTerminal();			/* Flush the path to the tty */
+    setcommandmode();
+}
+
+void
+Exit(int returnCode)
+{
+    SetForExit();
+    exit(returnCode);
+}
+
+void
+ExitString(char *string, int returnCode)
+{
+    SetForExit();
+    fwrite(string, 1, strlen(string), stderr);
+    exit(returnCode);
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am
new file mode 100644
index 0000000..c228518
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.am
@@ -0,0 +1,21 @@
+# $Id: Makefile.am,v 1.12 1999/04/09 18:24:38 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4)
+
+libexec_PROGRAMS = telnetd
+
+CHECK_LOCAL = 
+
+telnetd_SOURCES  = telnetd.c state.c termstat.c slc.c sys_term.c \
+		   utility.c global.c authenc.c defs.h ext.h telnetd.h
+
+LDADD = \
+	../libtelnet/libtelnet.a \
+	$(LIB_krb5) \
+	$(LIB_krb4) \
+	$(top_builddir)/lib/des/libdes.la \
+	$(LIB_tgetent) \
+	$(LIB_logwtmp) \
+	$(LIB_roken)
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in
new file mode 100644
index 0000000..ed42d1d
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/Makefile.in
@@ -0,0 +1,79 @@
+# $Id: Makefile.in,v 1.38 1999/03/11 13:50:16 joda Exp $
+
+srcdir		= @srcdir@
+top_srcdir	= @top_srcdir@
+VPATH		= @srcdir@
+
+top_builddir		= ../../..
+
+SHELL		= /bin/sh
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+LIBS = @LIBS@
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+transform=@program_transform_name@
+EXECSUFFIX=@EXECSUFFIX@
+
+PROGS = telnetd$(EXECSUFFIX)
+
+SOURCES=telnetd.c state.c termstat.c slc.c sys_term.c \
+	utility.c global.c authenc.c
+
+OBJECTS=telnetd.o state.o termstat.o slc.o sys_term.o \
+	utility.o global.o authenc.o
+
+libtop = @libtop@
+
+LIBKRB		= -L../../../lib/krb -lkrb
+LIBDES		= -L../../../lib/des -ldes
+LIBKAFS		= @KRB_KAFS_LIB@
+LIBROKEN	= -L../../../lib/roken -lroken
+
+KLIB=$(LIBKAFS) $(LIBKRB) $(LIBDES)
+
+
+all: $(PROGS)
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I.. -I$(srcdir)/.. -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
+
+telnetd$(EXECSUFFIX): $(OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS) -L../libtelnet -ltelnet $(KLIB) $(LIBROKEN) $(LIBS) @LIB_tgetent@ $(LIBROKEN)
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+	for x in $(PROGS); do \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+uninstall:
+	for x in $(PROGS); do \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	done
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+clean cleandir:
+	rm -f *.o *.a telnetd$(EXECSUFFIX) \#* *~ core
+
+distclean: clean
+	rm -f Makefile *~
+
+
+.PHONY: all install uninstall clean cleandir distclean
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
new file mode 100644
index 0000000..2a95127
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $");
+
+#ifdef AUTHENTICATION
+
+int
+telnet_net_write(unsigned char *str, int len)
+{
+    if (nfrontp + len < netobuf + BUFSIZ) {
+	memmove(nfrontp, str, len);
+	nfrontp += len;
+	return(len);
+    }
+    return(0);
+}
+
+void
+net_encrypt(void)
+{
+#ifdef ENCRYPTION
+    char *s = (nclearto > nbackp) ? nclearto : nbackp;
+    if (s < nfrontp && encrypt_output) {
+	(*encrypt_output)((unsigned char *)s, nfrontp - s);
+    }
+    nclearto = nfrontp;
+#endif
+}
+
+int
+telnet_spin(void)
+{
+    ttloop();
+    return(0);
+}
+
+char *
+telnet_getenv(char *val)
+{
+    extern char *getenv(const char *);
+    return(getenv(val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+    return NULL;
+}
+#endif
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/defs.h b/crypto/kerberosIV/appl/telnet/telnetd/defs.h
new file mode 100644
index 0000000..dc3f842
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/defs.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)defs.h	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Telnet server defines
+ */
+
+#ifndef __DEFS_H__
+#define __DEFS_H__
+
+#ifndef	BSD
+# define	BSD 43
+#endif
+
+#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
+#define TELOPTS
+#define TELCMDS
+#define	SLC_NAMES
+#endif
+
+#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
+# define	TIOCSCTTY TCSETCTTY
+#endif
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE      0x02
+#endif
+ 
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP  0x10
+#endif
+ 
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP  0x20
+#endif
+
+/*
+ * I/O data buffers defines
+ */
+#define	NETSLOP	64
+#ifdef _CRAY
+#undef BUFSIZ
+#define BUFSIZ  2048
+#endif
+
+#define	NIACCUM(c)	{   *netip++ = c; \
+			    ncc++; \
+			}
+
+/* clock manipulations */
+#define	settimer(x)	(clocks.x = ++clocks.system)
+#define	sequenceIs(x,y)	(clocks.x < clocks.y)
+
+/*
+ * Structures of information for each special character function.
+ */
+typedef struct {
+	unsigned char	flag;		/* the flags for this function */
+	cc_t		val;		/* the value of the special character */
+} slcent, *Slcent;
+
+typedef struct {
+	slcent		defset;		/* the default settings */
+	slcent		current;	/* the current settings */
+	cc_t		*sptr;		/* a pointer to the char in */
+					/* system data structures */
+} slcfun, *Slcfun;
+
+#ifdef DIAGNOSTICS
+/*
+ * Diagnostics capabilities
+ */
+#define	TD_REPORT	0x01	/* Report operations to client */
+#define TD_EXERCISE	0x02	/* Exercise client's implementation */
+#define TD_NETDATA	0x04	/* Display received data stream */
+#define TD_PTYDATA	0x08	/* Display data passed to pty */
+#define	TD_OPTIONS	0x10	/* Report just telnet options */
+#endif /* DIAGNOSTICS */
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define	MY_STATE_WILL		0x01
+#define	MY_WANT_STATE_WILL	0x02
+#define	MY_STATE_DO		0x04
+#define	MY_WANT_STATE_DO	0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
+#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
+
+#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
+#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
+#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
+
+#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
+#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
+#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
+#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
+
+#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
+#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
+#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
+#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
+
+/*
+ * Tricky code here.  What we want to know is if the MY_STATE_WILL
+ * and MY_WANT_STATE_WILL bits have the same value.  Since the two
+ * bits are adjacent, a little arithmatic will show that by adding
+ * in the lower bit, the upper bit will be set if the two bits were
+ * different, and clear if they were the same.
+ */
+#define my_will_wont_is_changing(opt) \
+			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
+
+#define my_do_dont_is_changing(opt) \
+			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
+
+/*
+ * Make everything symetrical
+ */
+
+#define	HIS_STATE_WILL			MY_STATE_DO
+#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
+#define HIS_STATE_DO			MY_STATE_WILL
+#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
+
+#define	his_state_is_do			my_state_is_will
+#define	his_state_is_will		my_state_is_do
+#define his_want_state_is_do		my_want_state_is_will
+#define his_want_state_is_will		my_want_state_is_do
+
+#define	his_state_is_dont		my_state_is_wont
+#define	his_state_is_wont		my_state_is_dont
+#define his_want_state_is_dont		my_want_state_is_wont
+#define his_want_state_is_wont		my_want_state_is_dont
+
+#define	set_his_state_do		set_my_state_will
+#define	set_his_state_will		set_my_state_do
+#define	set_his_want_state_do		set_my_want_state_will
+#define	set_his_want_state_will		set_my_want_state_do
+
+#define	set_his_state_dont		set_my_state_wont
+#define	set_his_state_wont		set_my_state_dont
+#define	set_his_want_state_dont		set_my_want_state_wont
+#define	set_his_want_state_wont		set_my_want_state_dont
+
+#define his_will_wont_is_changing	my_do_dont_is_changing
+#define his_do_dont_is_changing		my_will_wont_is_changing
+
+#endif /* __DEFS_H__ */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
new file mode 100644
index 0000000..83b7166
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ext.h	8.2 (Berkeley) 12/15/93
+ */
+
+/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */
+
+#ifndef __EXT_H__
+#define __EXT_H__
+
+/*
+ * Telnet server variable declarations
+ */
+extern char	options[256];
+extern char	do_dont_resp[256];
+extern char	will_wont_resp[256];
+extern int	flowmode;	/* current flow control state */
+extern int	restartany;	/* restart output on any character state */
+#ifdef DIAGNOSTICS
+extern int	diagnostic;	/* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+extern int	require_otp;
+#ifdef AUTHENTICATION
+extern int	auth_level;
+#endif
+extern const char *new_login;
+
+extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
+
+extern char	*terminaltype;
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+extern char	netibuf[BUFSIZ], *netip;
+
+extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+extern char	*neturg;		/* one past last bye of urgent data */
+
+extern int	pcc, ncc;
+
+extern int	ourpty, net;
+extern char	*line;
+extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
+
+int telnet_net_write (unsigned char *str, int len);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (char *val);
+char *telnet_gets (char *prompt, char *result, int length, int echo);
+void get_slc_defaults (void);
+void telrcv (void);
+void send_do (int option, int init);
+void willoption (int option);
+void send_dont (int option, int init);
+void wontoption (int option);
+void send_will (int option, int init);
+void dooption (int option);
+void send_wont (int option, int init);
+void dontoption (int option);
+void suboption (void);
+void doclientstat (void);
+void send_status (void);
+void init_termbuf (void);
+void set_termbuf (void);
+int spcset (int func, cc_t *valp, cc_t **valpp);
+void set_utid (void);
+int getpty (int *ptynum);
+int tty_isecho (void);
+int tty_flowmode (void);
+int tty_restartany (void);
+void tty_setecho (int on);
+int tty_israw (void);
+void tty_binaryin (int on);
+void tty_binaryout (int on);
+int tty_isbinaryin (void);
+int tty_isbinaryout (void);
+int tty_issofttab (void);
+void tty_setsofttab (int on);
+int tty_islitecho (void);
+void tty_setlitecho (int on);
+int tty_iscrnl (void);
+void tty_tspeed (int val);
+void tty_rspeed (int val);
+void getptyslave (void);
+int cleanopen (char *line);
+void startslave (char *host, int autologin, char *autoname);
+void init_env (void);
+void start_login (char *host, int autologin, char *name);
+void cleanup (int sig);
+int main (int argc, char **argv);
+void usage (void);
+int getterminaltype (char *name, size_t);
+void _gettermname (void);
+int terminaltypeok (char *s);
+void doit (struct sockaddr_in *who);
+void my_telnet (int f, int p, char*, int, char*);
+void interrupt (void);
+void sendbrk (void);
+void sendsusp (void);
+void recv_ayt (void);
+void doeof (void);
+void flowstat (void);
+void clientstat (int code, int parm1, int parm2);
+void ttloop (void);
+int stilloob (int s);
+void ptyflush (void);
+char *nextitem (char *current);
+void netclear (void);
+void netflush (void);
+void writenet (unsigned char *ptr, int len);
+void fatal (int f, char *msg);
+void fatalperror (int f, const char *msg);
+void edithost (char *pat, char *host);
+void putstr (char *s);
+void putchr (int cc);
+void putf (char *cp, char *where);
+void printoption (char *fmt, int option);
+void printsub (int direction, unsigned char *pointer, int length);
+void printdata (char *tag, char *ptr, int cnt);
+int login_tty(int t);
+
+#ifdef ENCRYPTION
+extern void	(*encrypt_output) (unsigned char *, int);
+extern int	(*decrypt_input) (int);
+extern char	*nclearto;
+#endif
+
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t{
+    int
+	system,			/* what the current time is */
+	echotoggle,		/* last time user entered echo character */
+	modenegotiated,		/* last time operating mode negotiated */
+	didnetreceive,		/* last time we read data from network */
+	ttypesubopt,		/* ttype subopt is received */
+	tspeedsubopt,		/* tspeed subopt is received */
+	environsubopt,		/* environ subopt is received */
+	oenvironsubopt,		/* old environ subopt is received */
+	xdisplocsubopt,		/* xdisploc subopt is received */
+	baseline,		/* time started to do timed action */
+	gotDM;			/* when did we last see a data mark */
+};
+extern struct clocks_t clocks;
+
+extern int log_unauth;
+extern int no_warn;
+
+#ifdef STREAMSPTY
+extern int really_stream;
+#endif
+
+#ifndef USE_IM
+# ifdef CRAY
+#  define USE_IM "Cray UNICOS (%h) (%t)"
+# endif
+# ifdef _AIX
+#  define USE_IM "%s %v.%r (%h) (%t)"
+# endif
+# ifndef USE_IM
+#  define USE_IM "%s %r (%h) (%t)"
+# endif
+#endif
+
+#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
+
+#endif /* __EXT_H__ */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/global.c b/crypto/kerberosIV/appl/telnet/telnetd/global.c
new file mode 100644
index 0000000..275cb45
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/global.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* a *lot* of ugly global definitions that really should be removed...
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: global.c,v 1.12 1997/05/11 06:29:59 assar Exp $");
+
+/*
+ * Telnet server variable declarations
+ */
+char	options[256];
+char	do_dont_resp[256];
+char	will_wont_resp[256];
+int	linemode;	/* linemode on/off */
+int	flowmode;	/* current flow control state */
+int	restartany;	/* restart output on any character state */
+#ifdef DIAGNOSTICS
+int	diagnostic;	/* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+int	require_otp;
+
+slcfun	slctab[NSLC + 1];	/* slc mapping table */
+
+char	*terminaltype;
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+char	netibuf[BUFSIZ], *netip;
+
+char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+char	*neturg;		/* one past last bye of urgent data */
+
+int	pcc, ncc;
+
+int	ourpty, net;
+int	SYNCHing;		/* we are in TELNET SYNCH mode */
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t clocks;
+
+
+/* whether to log unauthenticated login attempts */
+int log_unauth;
+
+/* do not print warning if connection is not encrypted */
+int no_warn;
+
+/*
+ * This function appends data to nfrontp and advances nfrontp.
+ */
+
+int
+output_data (const char *format, ...)
+{
+  va_list args;
+  size_t remaining, ret;
+
+  va_start(args, format);
+  remaining = BUFSIZ - (nfrontp - netobuf);
+  ret = vsnprintf (nfrontp,
+		   remaining,
+		   format,
+		   args);
+  nfrontp += ret;
+  va_end(args);
+  return ret;
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/slc.c b/crypto/kerberosIV/appl/telnet/telnetd/slc.c
new file mode 100644
index 0000000..799d2d8
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/slc.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: slc.c,v 1.10 1997/05/11 06:30:00 assar Exp $");
+
+/*
+ * get_slc_defaults
+ *
+ * Initialize the slc mapping table.
+ */
+void
+get_slc_defaults(void)
+{
+    int i;
+    
+    init_termbuf();
+    
+    for (i = 1; i <= NSLC; i++) {
+	slctab[i].defset.flag =
+	    spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
+	slctab[i].current.flag = SLC_NOSUPPORT;
+	slctab[i].current.val = 0;
+    }
+    
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/state.c b/crypto/kerberosIV/appl/telnet/telnetd/state.c
new file mode 100644
index 0000000..80b90ea
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/state.c
@@ -0,0 +1,1356 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: state.c,v 1.13 1999/05/13 23:12:50 assar Exp $");
+
+unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
+unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
+unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
+unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
+int	not42 = 1;
+
+/*
+ * Buffer for sub-options, and macros
+ * for suboptions buffer manipulations
+ */
+unsigned char subbuffer[2048], *subpointer= subbuffer, *subend= subbuffer;
+
+#define	SB_CLEAR()	subpointer = subbuffer
+#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
+#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
+    *subpointer++ = (c); \
+			     }
+#define	SB_GET()	((*subpointer++)&0xff)
+#define	SB_EOF()	(subpointer >= subend)
+#define	SB_LEN()	(subend - subpointer)
+
+#ifdef	ENV_HACK
+unsigned char *subsave;
+#define SB_SAVE()	subsave = subpointer;
+#define	SB_RESTORE()	subpointer = subsave;
+#endif
+
+
+/*
+ * State for recv fsm
+ */
+#define	TS_DATA		0	/* base state */
+#define	TS_IAC		1	/* look for double IAC's */
+#define	TS_CR		2	/* CR-LF ->'s CR */
+#define	TS_SB		3	/* throw away begin's... */
+#define	TS_SE		4	/* ...end's (suboption negotiation) */
+#define	TS_WILL		5	/* will option negotiation */
+#define	TS_WONT		6	/* wont -''- */
+#define	TS_DO		7	/* do -''- */
+#define	TS_DONT		8	/* dont -''- */
+
+void
+telrcv(void)
+{
+    int c;
+    static int state = TS_DATA;
+
+    while (ncc > 0) {
+	if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
+	    break;
+	c = *netip++ & 0377, ncc--;
+#ifdef ENCRYPTION
+	if (decrypt_input)
+	    c = (*decrypt_input)(c);
+#endif
+	switch (state) {
+
+	case TS_CR:
+	    state = TS_DATA;
+	    /* Strip off \n or \0 after a \r */
+	    if ((c == 0) || (c == '\n')) {
+		break;
+	    }
+	    /* FALL THROUGH */
+
+	case TS_DATA:
+	    if (c == IAC) {
+		state = TS_IAC;
+		break;
+	    }
+	    /*
+	     * We now map \r\n ==> \r for pragmatic reasons.
+	     * Many client implementations send \r\n when
+	     * the user hits the CarriageReturn key.
+	     *
+	     * We USED to map \r\n ==> \n, since \r\n says
+	     * that we want to be in column 1 of the next
+	     * printable line, and \n is the standard
+	     * unix way of saying that (\r is only good
+	     * if CRMOD is set, which it normally is).
+	     */
+	    if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
+		int nc = *netip;
+#ifdef ENCRYPTION
+		if (decrypt_input)
+		    nc = (*decrypt_input)(nc & 0xff);
+#endif
+		{
+#ifdef ENCRYPTION
+		    if (decrypt_input)
+			(void)(*decrypt_input)(-1);
+#endif
+		    state = TS_CR;
+		}
+	    }
+	    *pfrontp++ = c;
+	    break;
+
+	case TS_IAC:
+	gotiac:			switch (c) {
+
+	    /*
+	     * Send the process on the pty side an
+	     * interrupt.  Do this with a NULL or
+	     * interrupt char; depending on the tty mode.
+	     */
+	case IP:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    interrupt();
+	    break;
+
+	case BREAK:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    sendbrk();
+	    break;
+
+	    /*
+	     * Are You There?
+	     */
+	case AYT:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    recv_ayt();
+	    break;
+
+	    /*
+	     * Abort Output
+	     */
+	case AO:
+	    {
+		DIAG(TD_OPTIONS,
+		     printoption("td: recv IAC", c));
+		ptyflush();	/* half-hearted */
+		init_termbuf();
+
+		if (slctab[SLC_AO].sptr &&
+		    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
+		    *pfrontp++ =
+			(unsigned char)*slctab[SLC_AO].sptr;
+		}
+
+		netclear();	/* clear buffer back */
+		output_data ("%c%c", IAC, DM);
+		neturg = nfrontp-1; /* off by one XXX */
+		DIAG(TD_OPTIONS,
+		     printoption("td: send IAC", DM));
+		break;
+	    }
+
+	/*
+	 * Erase Character and
+	 * Erase Line
+	 */
+	case EC:
+	case EL:
+	    {
+		cc_t ch;
+
+		DIAG(TD_OPTIONS,
+		     printoption("td: recv IAC", c));
+		ptyflush();	/* half-hearted */
+		init_termbuf();
+		if (c == EC)
+		    ch = *slctab[SLC_EC].sptr;
+		else
+		    ch = *slctab[SLC_EL].sptr;
+		if (ch != (cc_t)(_POSIX_VDISABLE))
+		    *pfrontp++ = (unsigned char)ch;
+		break;
+	    }
+
+	/*
+	 * Check for urgent data...
+	 */
+	case DM:
+	    DIAG(TD_OPTIONS,
+		 printoption("td: recv IAC", c));
+	    SYNCHing = stilloob(net);
+	    settimer(gotDM);
+	    break;
+
+
+	    /*
+	     * Begin option subnegotiation...
+	     */
+	case SB:
+	    state = TS_SB;
+	    SB_CLEAR();
+	    continue;
+
+	case WILL:
+	    state = TS_WILL;
+	    continue;
+
+	case WONT:
+	    state = TS_WONT;
+	    continue;
+
+	case DO:
+	    state = TS_DO;
+	    continue;
+
+	case DONT:
+	    state = TS_DONT;
+	    continue;
+	case EOR:
+	    if (his_state_is_will(TELOPT_EOR))
+		doeof();
+	    break;
+
+	    /*
+	     * Handle RFC 10xx Telnet linemode option additions
+	     * to command stream (EOF, SUSP, ABORT).
+	     */
+	case xEOF:
+	    doeof();
+	    break;
+
+	case SUSP:
+	    sendsusp();
+	    break;
+
+	case ABORT:
+	    sendbrk();
+	    break;
+
+	case IAC:
+	    *pfrontp++ = c;
+	    break;
+	}
+	state = TS_DATA;
+	break;
+
+	case TS_SB:
+	    if (c == IAC) {
+		state = TS_SE;
+	    } else {
+		SB_ACCUM(c);
+	    }
+	    break;
+
+	case TS_SE:
+	    if (c != SE) {
+		if (c != IAC) {
+		    /*
+		     * bad form of suboption negotiation.
+		     * handle it in such a way as to avoid
+		     * damage to local state.  Parse
+		     * suboption buffer found so far,
+		     * then treat remaining stream as
+		     * another command sequence.
+		     */
+
+		    /* for DIAGNOSTICS */
+		    SB_ACCUM(IAC);
+		    SB_ACCUM(c);
+		    subpointer -= 2;
+
+		    SB_TERM();
+		    suboption();
+		    state = TS_IAC;
+		    goto gotiac;
+		}
+		SB_ACCUM(c);
+		state = TS_SB;
+	    } else {
+		/* for DIAGNOSTICS */
+		SB_ACCUM(IAC);
+		SB_ACCUM(SE);
+		subpointer -= 2;
+
+		SB_TERM();
+		suboption();	/* handle sub-option */
+		state = TS_DATA;
+	    }
+	    break;
+
+	case TS_WILL:
+	    willoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_WONT:
+	    wontoption(c);
+	    if (c==TELOPT_ENCRYPT && his_do_dont_is_changing(TELOPT_ENCRYPT) )
+                dontoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_DO:
+	    dooption(c);
+	    state = TS_DATA;
+	    continue;
+
+	case TS_DONT:
+	    dontoption(c);
+	    state = TS_DATA;
+	    continue;
+
+	default:
+	    syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
+	    printf("telnetd: panic state=%d\n", state);
+	    exit(1);
+	}
+    }
+}  /* end of telrcv */
+
+/*
+ * The will/wont/do/dont state machines are based on Dave Borman's
+ * Telnet option processing state machine.
+ *
+ * These correspond to the following states:
+ *	my_state = the last negotiated state
+ *	want_state = what I want the state to go to
+ *	want_resp = how many requests I have sent
+ * All state defaults are negative, and resp defaults to 0.
+ *
+ * When initiating a request to change state to new_state:
+ *
+ * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
+ *	do nothing;
+ * } else {
+ *	want_state = new_state;
+ *	send new_state;
+ *	want_resp++;
+ * }
+ *
+ * When receiving new_state:
+ *
+ * if (want_resp) {
+ *	want_resp--;
+ *	if (want_resp && (new_state == my_state))
+ *		want_resp--;
+ * }
+ * if ((want_resp == 0) && (new_state != want_state)) {
+ *	if (ok_to_switch_to new_state)
+ *		want_state = new_state;
+ *	else
+ *		want_resp++;
+ *	send want_state;
+ * }
+ * my_state = new_state;
+ *
+ * Note that new_state is implied in these functions by the function itself.
+ * will and do imply positive new_state, wont and dont imply negative.
+ *
+ * Finally, there is one catch.  If we send a negative response to a
+ * positive request, my_state will be the positive while want_state will
+ * remain negative.  my_state will revert to negative when the negative
+ * acknowlegment arrives from the peer.  Thus, my_state generally tells
+ * us not only the last negotiated state, but also tells us what the peer
+ * wants to be doing as well.  It is important to understand this difference
+ * as we may wish to be processing data streams based on our desired state
+ * (want_state) or based on what the peer thinks the state is (my_state).
+ *
+ * This all works fine because if the peer sends a positive request, the data
+ * that we receive prior to negative acknowlegment will probably be affected
+ * by the positive state, and we can process it as such (if we can; if we
+ * can't then it really doesn't matter).  If it is that important, then the
+ * peer probably should be buffering until this option state negotiation
+ * is complete.
+ *
+ */
+void
+send_do(int option, int init)
+{
+    if (init) {
+	if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
+	    his_want_state_is_will(option))
+	    return;
+	/*
+	 * Special case for TELOPT_TM:  We send a DO, but pretend
+	 * that we sent a DONT, so that we can send more DOs if
+	 * we want to.
+	 */
+	if (option == TELOPT_TM)
+	    set_his_want_state_wont(option);
+	else
+	    set_his_want_state_will(option);
+	do_dont_resp[option]++;
+    }
+    output_data((const char *)doopt, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send do", option));
+}
+
+#ifdef	AUTHENTICATION
+extern void auth_request(void);
+#endif
+#ifdef	ENCRYPTION
+extern void encrypt_send_support();
+#endif
+
+void
+willoption(int option)
+{
+    int changeok = 0;
+    void (*func)() = 0;
+
+    /*
+     * process input from peer.
+     */
+
+    DIAG(TD_OPTIONS, printoption("td: recv will", option));
+
+    if (do_dont_resp[option]) {
+	do_dont_resp[option]--;
+	if (do_dont_resp[option] && his_state_is_will(option))
+	    do_dont_resp[option]--;
+    }
+    if (do_dont_resp[option] == 0) {
+	if (his_want_state_is_wont(option)) {
+	    switch (option) {
+
+	    case TELOPT_BINARY:
+		init_termbuf();
+		tty_binaryin(1);
+		set_termbuf();
+		changeok++;
+		break;
+
+	    case TELOPT_ECHO:
+		/*
+		 * See comments below for more info.
+		 */
+		not42 = 0;	/* looks like a 4.2 system */
+		break;
+
+	    case TELOPT_TM:
+		/*
+		 * We never respond to a WILL TM, and
+		 * we leave the state WONT.
+		 */
+		return;
+
+	    case TELOPT_LFLOW:
+		/*
+		 * If we are going to support flow control
+		 * option, then don't worry peer that we can't
+		 * change the flow control characters.
+		 */
+		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
+		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
+	    case TELOPT_TTYPE:
+	    case TELOPT_SGA:
+	    case TELOPT_NAWS:
+	    case TELOPT_TSPEED:
+	    case TELOPT_XDISPLOC:
+	    case TELOPT_NEW_ENVIRON:
+	    case TELOPT_OLD_ENVIRON:
+		changeok++;
+		break;
+
+
+#ifdef	AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		func = auth_request;
+		changeok++;
+		break;
+#endif
+
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:
+		func = encrypt_send_support;
+		changeok++;
+		break;
+#endif
+			
+	    default:
+		break;
+	    }
+	    if (changeok) {
+		set_his_want_state_will(option);
+		send_do(option, 0);
+	    } else {
+		do_dont_resp[option]++;
+		send_dont(option, 0);
+	    }
+	} else {
+	    /*
+	     * Option processing that should happen when
+	     * we receive conformation of a change in
+	     * state that we had requested.
+	     */
+	    switch (option) {
+	    case TELOPT_ECHO:
+		not42 = 0;	/* looks like a 4.2 system */
+		/*
+		 * Egads, he responded "WILL ECHO".  Turn
+		 * it off right now!
+		 */
+		send_dont(option, 1);
+		/*
+		 * "WILL ECHO".  Kludge upon kludge!
+		 * A 4.2 client is now echoing user input at
+		 * the tty.  This is probably undesireable and
+		 * it should be stopped.  The client will
+		 * respond WONT TM to the DO TM that we send to
+		 * check for kludge linemode.  When the WONT TM
+		 * arrives, linemode will be turned off and a
+		 * change propogated to the pty.  This change
+		 * will cause us to process the new pty state
+		 * in localstat(), which will notice that
+		 * linemode is off and send a WILL ECHO
+		 * so that we are properly in character mode and
+		 * all is well.
+		 */
+		break;
+
+#ifdef	AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		func = auth_request;
+		break;
+#endif
+
+#ifdef	ENCRYPTION
+	    case TELOPT_ENCRYPT:
+		func = encrypt_send_support;
+		break;
+#endif
+
+	    case TELOPT_LFLOW:
+		func = flowstat;
+		break;
+	    }
+	}
+    }
+    set_his_state_will(option);
+    if (func)
+	(*func)();
+}  /* end of willoption */
+
+void
+send_dont(int option, int init)
+{
+    if (init) {
+	if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
+	    his_want_state_is_wont(option))
+	    return;
+	set_his_want_state_wont(option);
+	do_dont_resp[option]++;
+    }
+    output_data((const char *)dont, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send dont", option));
+}
+
+void
+wontoption(int option)
+{
+    /*
+     * Process client input.
+	 */
+
+    DIAG(TD_OPTIONS, printoption("td: recv wont", option));
+
+    if (do_dont_resp[option]) {
+	do_dont_resp[option]--;
+	if (do_dont_resp[option] && his_state_is_wont(option))
+	    do_dont_resp[option]--;
+    }
+    if (do_dont_resp[option] == 0) {
+	if (his_want_state_is_will(option)) {
+	    /* it is always ok to change to negative state */
+	    switch (option) {
+	    case TELOPT_ECHO:
+		not42 = 1; /* doesn't seem to be a 4.2 system */
+		break;
+
+	    case TELOPT_BINARY:
+		init_termbuf();
+		tty_binaryin(0);
+		set_termbuf();
+		break;
+
+	    case TELOPT_TM:
+		/*
+		 * If we get a WONT TM, and had sent a DO TM,
+		 * don't respond with a DONT TM, just leave it
+		 * as is.  Short circut the state machine to
+		 * achive this.
+		 */
+		set_his_want_state_wont(TELOPT_TM);
+		return;
+
+	    case TELOPT_LFLOW:
+		/*
+		 * If we are not going to support flow control
+		 * option, then let peer know that we can't
+		 * change the flow control characters.
+		 */
+		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
+		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+		slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
+		break;
+
+#ifdef AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		auth_finished(0, AUTH_REJECT);
+		break;
+#endif
+
+		/*
+		 * For options that we might spin waiting for
+		 * sub-negotiation, if the client turns off the
+		 * option rather than responding to the request,
+		 * we have to treat it here as if we got a response
+		 * to the sub-negotiation, (by updating the timers)
+		 * so that we'll break out of the loop.
+		 */
+	    case TELOPT_TTYPE:
+		settimer(ttypesubopt);
+		break;
+
+	    case TELOPT_TSPEED:
+		settimer(tspeedsubopt);
+		break;
+
+	    case TELOPT_XDISPLOC:
+		settimer(xdisplocsubopt);
+		break;
+
+	    case TELOPT_OLD_ENVIRON:
+		settimer(oenvironsubopt);
+		break;
+
+	    case TELOPT_NEW_ENVIRON:
+		settimer(environsubopt);
+		break;
+
+	    default:
+		break;
+	    }
+	    set_his_want_state_wont(option);
+	    if (his_state_is_will(option))
+		send_dont(option, 0);
+	} else {
+	    switch (option) {
+	    case TELOPT_TM:
+		break;
+
+#ifdef AUTHENTICATION
+	    case TELOPT_AUTHENTICATION:
+		auth_finished(0, AUTH_REJECT);
+		break;
+#endif
+	    default:
+		break;
+	    }
+	}
+    }
+    set_his_state_wont(option);
+
+}  /* end of wontoption */
+
+void
+send_will(int option, int init)
+{
+    if (init) {
+	if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
+	    my_want_state_is_will(option))
+	    return;
+	set_my_want_state_will(option);
+	will_wont_resp[option]++;
+    }
+    output_data ((const char *)will, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send will", option));
+}
+
+/*
+ * When we get a DONT SGA, we will try once to turn it
+ * back on.  If the other side responds DONT SGA, we
+ * leave it at that.  This is so that when we talk to
+ * clients that understand KLUDGELINEMODE but not LINEMODE,
+ * we'll keep them in char-at-a-time mode.
+ */
+int turn_on_sga = 0;
+
+void
+dooption(int option)
+{
+    int changeok = 0;
+
+    /*
+     * Process client input.
+     */
+
+    DIAG(TD_OPTIONS, printoption("td: recv do", option));
+
+    if (will_wont_resp[option]) {
+	will_wont_resp[option]--;
+	if (will_wont_resp[option] && my_state_is_will(option))
+	    will_wont_resp[option]--;
+    }
+    if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
+	switch (option) {
+	case TELOPT_ECHO:
+	    {
+		init_termbuf();
+		tty_setecho(1);
+		set_termbuf();
+	    }
+	changeok++;
+	break;
+
+	case TELOPT_BINARY:
+	    init_termbuf();
+	    tty_binaryout(1);
+	    set_termbuf();
+	    changeok++;
+	    break;
+
+	case TELOPT_SGA:
+	    turn_on_sga = 0;
+	    changeok++;
+	    break;
+
+	case TELOPT_STATUS:
+	    changeok++;
+	    break;
+
+	case TELOPT_TM:
+	    /*
+	     * Special case for TM.  We send a WILL, but
+	     * pretend we sent a WONT.
+	     */
+	    send_will(option, 0);
+	    set_my_want_state_wont(option);
+	    set_my_state_wont(option);
+	    return;
+
+	case TELOPT_LOGOUT:
+	    /*
+	     * When we get a LOGOUT option, respond
+	     * with a WILL LOGOUT, make sure that
+	     * it gets written out to the network,
+	     * and then just go away...
+	     */
+	    set_my_want_state_will(TELOPT_LOGOUT);
+	    send_will(TELOPT_LOGOUT, 0);
+	    set_my_state_will(TELOPT_LOGOUT);
+	    netflush();
+	    cleanup(0);
+	    /* NOT REACHED */
+	    break;
+
+#ifdef ENCRYPTION
+	case TELOPT_ENCRYPT:
+	    changeok++;
+	    break;
+#endif
+	case TELOPT_LINEMODE:
+	case TELOPT_TTYPE:
+	case TELOPT_NAWS:
+	case TELOPT_TSPEED:
+	case TELOPT_LFLOW:
+	case TELOPT_XDISPLOC:
+#ifdef	TELOPT_ENVIRON
+	case TELOPT_NEW_ENVIRON:
+#endif
+	case TELOPT_OLD_ENVIRON:
+	default:
+	    break;
+	}
+	if (changeok) {
+	    set_my_want_state_will(option);
+	    send_will(option, 0);
+	} else {
+	    will_wont_resp[option]++;
+	    send_wont(option, 0);
+	}
+    }
+    set_my_state_will(option);
+
+}  /* end of dooption */
+
+void
+send_wont(int option, int init)
+{
+    if (init) {
+	if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
+	    my_want_state_is_wont(option))
+	    return;
+	set_my_want_state_wont(option);
+	will_wont_resp[option]++;
+    }
+    output_data ((const char *)wont, option);
+
+    DIAG(TD_OPTIONS, printoption("td: send wont", option));
+}
+
+void
+dontoption(int option)
+{
+    /*
+     * Process client input.
+	 */
+
+
+    DIAG(TD_OPTIONS, printoption("td: recv dont", option));
+
+    if (will_wont_resp[option]) {
+	will_wont_resp[option]--;
+	if (will_wont_resp[option] && my_state_is_wont(option))
+	    will_wont_resp[option]--;
+    }
+    if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
+	switch (option) {
+	case TELOPT_BINARY:
+	    init_termbuf();
+	    tty_binaryout(0);
+	    set_termbuf();
+	    break;
+
+	case TELOPT_ECHO:	/* we should stop echoing */
+	    {
+		init_termbuf();
+		tty_setecho(0);
+		set_termbuf();
+	    }
+	break;
+
+	case TELOPT_SGA:
+	    set_my_want_state_wont(option);
+	    if (my_state_is_will(option))
+		send_wont(option, 0);
+	    set_my_state_wont(option);
+	    if (turn_on_sga ^= 1)
+		send_will(option, 1);
+	    return;
+
+	default:
+	    break;
+	}
+
+	set_my_want_state_wont(option);
+	if (my_state_is_will(option))
+	    send_wont(option, 0);
+    }
+    set_my_state_wont(option);
+
+}  /* end of dontoption */
+
+#ifdef	ENV_HACK
+int env_ovar = -1;
+int env_ovalue = -1;
+#else	/* ENV_HACK */
+# define env_ovar OLD_ENV_VAR
+# define env_ovalue OLD_ENV_VALUE
+#endif	/* ENV_HACK */
+
+/*
+ * suboption()
+ *
+ *	Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ *	Currently we recognize:
+ *
+ *	Terminal type is
+ *	Linemode
+ *	Window size
+ *	Terminal speed
+ */
+void
+suboption(void)
+{
+    int subchar;
+
+    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
+
+    subchar = SB_GET();
+    switch (subchar) {
+    case TELOPT_TSPEED: {
+	int xspeed, rspeed;
+
+	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
+	    break;
+
+	settimer(tspeedsubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+	    return;
+
+	xspeed = atoi((char *)subpointer);
+
+	while (SB_GET() != ',' && !SB_EOF());
+	if (SB_EOF())
+	    return;
+
+	rspeed = atoi((char *)subpointer);
+	clientstat(TELOPT_TSPEED, xspeed, rspeed);
+
+	break;
+
+    }  /* end of case TELOPT_TSPEED */
+
+    case TELOPT_TTYPE: {		/* Yaaaay! */
+	static char terminalname[41];
+
+	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
+	    break;
+	settimer(ttypesubopt);
+
+	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
+	    return;		/* ??? XXX but, this is the most robust */
+	}
+
+	terminaltype = terminalname;
+
+	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
+	       !SB_EOF()) {
+	    int c;
+
+	    c = SB_GET();
+	    if (isupper(c)) {
+		c = tolower(c);
+	    }
+	    *terminaltype++ = c;    /* accumulate name */
+	}
+	*terminaltype = 0;
+	terminaltype = terminalname;
+	break;
+    }  /* end of case TELOPT_TTYPE */
+
+    case TELOPT_NAWS: {
+	int xwinsize, ywinsize;
+
+	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
+	    break;
+
+	if (SB_EOF())
+	    return;
+	xwinsize = SB_GET() << 8;
+	if (SB_EOF())
+	    return;
+	xwinsize |= SB_GET();
+	if (SB_EOF())
+	    return;
+	ywinsize = SB_GET() << 8;
+	if (SB_EOF())
+	    return;
+	ywinsize |= SB_GET();
+	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
+
+	break;
+
+    }  /* end of case TELOPT_NAWS */
+
+    case TELOPT_STATUS: {
+	int mode;
+
+	if (SB_EOF())
+	    break;
+	mode = SB_GET();
+	switch (mode) {
+	case TELQUAL_SEND:
+	    if (my_state_is_will(TELOPT_STATUS))
+		send_status();
+	    break;
+
+	case TELQUAL_IS:
+	    break;
+
+	default:
+	    break;
+	}
+	break;
+    }  /* end of case TELOPT_STATUS */
+
+    case TELOPT_XDISPLOC: {
+	if (SB_EOF() || SB_GET() != TELQUAL_IS)
+	    return;
+	settimer(xdisplocsubopt);
+	subpointer[SB_LEN()] = '\0';
+	setenv("DISPLAY", (char *)subpointer, 1);
+	break;
+    }  /* end of case TELOPT_XDISPLOC */
+
+#ifdef	TELOPT_NEW_ENVIRON
+    case TELOPT_NEW_ENVIRON:
+#endif
+    case TELOPT_OLD_ENVIRON: {
+	int c;
+	char *cp, *varp, *valp;
+
+	if (SB_EOF())
+	    return;
+	c = SB_GET();
+	if (c == TELQUAL_IS) {
+	    if (subchar == TELOPT_OLD_ENVIRON)
+		settimer(oenvironsubopt);
+	    else
+		settimer(environsubopt);
+	} else if (c != TELQUAL_INFO) {
+	    return;
+	}
+
+#ifdef	TELOPT_NEW_ENVIRON
+	if (subchar == TELOPT_NEW_ENVIRON) {
+	    while (!SB_EOF()) {
+		c = SB_GET();
+		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
+		    break;
+	    }
+	} else
+#endif
+	    {
+#ifdef	ENV_HACK
+		/*
+		 * We only want to do this if we haven't already decided
+		 * whether or not the other side has its VALUE and VAR
+		 * reversed.
+		 */
+		if (env_ovar < 0) {
+		    int last = -1;		/* invalid value */
+		    int empty = 0;
+		    int got_var = 0, got_value = 0, got_uservar = 0;
+
+		    /*
+		     * The other side might have its VALUE and VAR values
+		     * reversed.  To be interoperable, we need to determine
+		     * which way it is.  If the first recognized character
+		     * is a VAR or VALUE, then that will tell us what
+		     * type of client it is.  If the fist recognized
+		     * character is a USERVAR, then we continue scanning
+		     * the suboption looking for two consecutive
+		     * VAR or VALUE fields.  We should not get two
+		     * consecutive VALUE fields, so finding two
+		     * consecutive VALUE or VAR fields will tell us
+		     * what the client is.
+		     */
+		    SB_SAVE();
+		    while (!SB_EOF()) {
+			c = SB_GET();
+			switch(c) {
+			case OLD_ENV_VAR:
+			    if (last < 0 || last == OLD_ENV_VAR
+				|| (empty && (last == OLD_ENV_VALUE)))
+				goto env_ovar_ok;
+			    got_var++;
+			    last = OLD_ENV_VAR;
+			    break;
+			case OLD_ENV_VALUE:
+			    if (last < 0 || last == OLD_ENV_VALUE
+				|| (empty && (last == OLD_ENV_VAR)))
+				goto env_ovar_wrong;
+			    got_value++;
+			    last = OLD_ENV_VALUE;
+			    break;
+			case ENV_USERVAR:
+			    /* count strings of USERVAR as one */
+			    if (last != ENV_USERVAR)
+				got_uservar++;
+			    if (empty) {
+				if (last == OLD_ENV_VALUE)
+				    goto env_ovar_ok;
+				if (last == OLD_ENV_VAR)
+				    goto env_ovar_wrong;
+			    }
+			    last = ENV_USERVAR;
+			    break;
+			case ENV_ESC:
+			    if (!SB_EOF())
+				c = SB_GET();
+			    /* FALL THROUGH */
+			default:
+			    empty = 0;
+			    continue;
+			}
+			empty = 1;
+		    }
+		    if (empty) {
+			if (last == OLD_ENV_VALUE)
+			    goto env_ovar_ok;
+			if (last == OLD_ENV_VAR)
+			    goto env_ovar_wrong;
+		    }
+		    /*
+		     * Ok, the first thing was a USERVAR, and there
+		     * are not two consecutive VAR or VALUE commands,
+		     * and none of the VAR or VALUE commands are empty.
+		     * If the client has sent us a well-formed option,
+		     * then the number of VALUEs received should always
+		     * be less than or equal to the number of VARs and
+		     * USERVARs received.
+		     *
+		     * If we got exactly as many VALUEs as VARs and
+		     * USERVARs, the client has the same definitions.
+		     *
+		     * If we got exactly as many VARs as VALUEs and
+		     * USERVARS, the client has reversed definitions.
+		     */
+		    if (got_uservar + got_var == got_value) {
+		    env_ovar_ok:
+			env_ovar = OLD_ENV_VAR;
+			env_ovalue = OLD_ENV_VALUE;
+		    } else if (got_uservar + got_value == got_var) {
+		    env_ovar_wrong:
+			env_ovar = OLD_ENV_VALUE;
+			env_ovalue = OLD_ENV_VAR;
+			DIAG(TD_OPTIONS, {
+			    output_data("ENVIRON VALUE and VAR are reversed!\r\n");
+			});
+
+		    }
+		}
+		SB_RESTORE();
+#endif
+
+		while (!SB_EOF()) {
+		    c = SB_GET();
+		    if ((c == env_ovar) || (c == ENV_USERVAR))
+			break;
+		}
+	    }
+
+	if (SB_EOF())
+	    return;
+
+	cp = varp = (char *)subpointer;
+	valp = 0;
+
+	while (!SB_EOF()) {
+	    c = SB_GET();
+	    if (subchar == TELOPT_OLD_ENVIRON) {
+		if (c == env_ovar)
+		    c = NEW_ENV_VAR;
+		else if (c == env_ovalue)
+		    c = NEW_ENV_VALUE;
+	    }
+	    switch (c) {
+
+	    case NEW_ENV_VALUE:
+		*cp = '\0';
+		cp = valp = (char *)subpointer;
+		break;
+
+	    case NEW_ENV_VAR:
+	    case ENV_USERVAR:
+		*cp = '\0';
+		if (valp)
+		    setenv(varp, valp, 1);
+		else
+		    unsetenv(varp);
+		cp = varp = (char *)subpointer;
+		valp = 0;
+		break;
+
+	    case ENV_ESC:
+		if (SB_EOF())
+		    break;
+		c = SB_GET();
+		/* FALL THROUGH */
+	    default:
+		*cp++ = c;
+		break;
+	    }
+	}
+	*cp = '\0';
+	if (valp)
+	    setenv(varp, valp, 1);
+	else
+	    unsetenv(varp);
+	break;
+    }  /* end of case TELOPT_NEW_ENVIRON */
+#ifdef AUTHENTICATION
+    case TELOPT_AUTHENTICATION:
+	if (SB_EOF())
+	    break;
+	switch(SB_GET()) {
+	case TELQUAL_SEND:
+	case TELQUAL_REPLY:
+	    /*
+	     * These are sent by us and cannot be sent by
+	     * the client.
+	     */
+	    break;
+	case TELQUAL_IS:
+	    auth_is(subpointer, SB_LEN());
+	    break;
+	case TELQUAL_NAME:
+	    auth_name(subpointer, SB_LEN());
+	    break;
+	}
+	break;
+#endif
+#ifdef ENCRYPTION
+    case TELOPT_ENCRYPT:
+	if (SB_EOF())
+	    break;
+	switch(SB_GET()) {
+	case ENCRYPT_SUPPORT:
+	    encrypt_support(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_IS:
+	    encrypt_is(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_REPLY:
+	    encrypt_reply(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_START:
+	    encrypt_start(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_END:
+	    encrypt_end();
+	    break;
+	case ENCRYPT_REQSTART:
+	    encrypt_request_start(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_REQEND:
+	    /*
+	     * We can always send an REQEND so that we cannot
+	     * get stuck encrypting.  We should only get this
+	     * if we have been able to get in the correct mode
+	     * anyhow.
+	     */
+	    encrypt_request_end();
+	    break;
+	case ENCRYPT_ENC_KEYID:
+	    encrypt_enc_keyid(subpointer, SB_LEN());
+	    break;
+	case ENCRYPT_DEC_KEYID:
+	    encrypt_dec_keyid(subpointer, SB_LEN());
+	    break;
+	default:
+	    break;
+	}
+	break;
+#endif
+
+    default:
+	break;
+    }  /* end of switch */
+
+}  /* end of suboption */
+
+void
+doclientstat(void)
+{
+    clientstat(TELOPT_LINEMODE, WILL, 0);
+}
+
+#define	ADD(c)	 *ncp++ = c
+#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
+
+void
+send_status(void)
+{
+    unsigned char statusbuf[256];
+    unsigned char *ncp;
+    unsigned char i;
+
+    ncp = statusbuf;
+
+    netflush();	/* get rid of anything waiting to go out */
+
+    ADD(IAC);
+    ADD(SB);
+    ADD(TELOPT_STATUS);
+    ADD(TELQUAL_IS);
+
+    /*
+     * We check the want_state rather than the current state,
+     * because if we received a DO/WILL for an option that we
+     * don't support, and the other side didn't send a DONT/WONT
+     * in response to our WONT/DONT, then the "state" will be
+     * WILL/DO, and the "want_state" will be WONT/DONT.  We
+     * need to go by the latter.
+     */
+    for (i = 0; i < (unsigned char)NTELOPTS; i++) {
+	if (my_want_state_is_will(i)) {
+	    ADD(WILL);
+	    ADD_DATA(i);
+	}
+	if (his_want_state_is_will(i)) {
+	    ADD(DO);
+	    ADD_DATA(i);
+	}
+    }
+
+    if (his_want_state_is_will(TELOPT_LFLOW)) {
+	ADD(SB);
+	ADD(TELOPT_LFLOW);
+	if (flowmode) {
+	    ADD(LFLOW_ON);
+	} else {
+	    ADD(LFLOW_OFF);
+	}
+	ADD(SE);
+
+	if (restartany >= 0) {
+	    ADD(SB);
+	    ADD(TELOPT_LFLOW);
+	    if (restartany) {
+		ADD(LFLOW_RESTART_ANY);
+	    } else {
+		ADD(LFLOW_RESTART_XON);
+	    }
+	    ADD(SE);
+	}
+    }
+
+
+    ADD(IAC);
+    ADD(SE);
+
+    writenet(statusbuf, ncp - statusbuf);
+    netflush();	/* Send it on its way */
+
+    DIAG(TD_OPTIONS,
+	 {printsub('>', statusbuf, ncp - statusbuf); netflush();});
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
new file mode 100644
index 0000000..09753c0
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
@@ -0,0 +1,1863 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $");
+
+#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
+# define PARENT_DOES_UTMP
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+struct	utmpx wtmp;
+#elif defined(HAVE_UTMP_H)
+struct	utmp wtmp;
+#endif /* HAVE_UTMPX_H */
+
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+int	utmp_len = sizeof(wtmp.ut_host);
+#else
+int	utmp_len = MaxHostNameLen;
+#endif
+
+#ifndef UTMP_FILE
+#ifdef _PATH_UTMP
+#define UTMP_FILE _PATH_UTMP
+#else
+#define UTMP_FILE "/etc/utmp"
+#endif
+#endif
+
+#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+#define WTMP_FILE _PATH_WTMP
+#endif
+
+#ifndef PARENT_DOES_UTMP
+#ifdef WTMP_FILE
+char	wtmpf[] = WTMP_FILE;
+#else
+char	wtmpf[]	= "/usr/adm/wtmp";
+#endif
+char	utmpf[] = UTMP_FILE;
+#else /* PARENT_DOES_UTMP */
+#ifdef WTMP_FILE
+char	wtmpf[] = WTMP_FILE;
+#else
+char	wtmpf[]	= "/etc/wtmp";
+#endif
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef HAVE_TMPDIR_H
+#include <tmpdir.h>
+#endif	/* CRAY */
+
+#ifdef	STREAMSPTY
+
+#ifdef HAVE_SAC_H
+#include <sac.h>
+#endif
+
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+#endif /* STREAMSPTY */
+
+#ifdef	HAVE_SYS_STREAM_H
+#ifdef  HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef __hpux
+#undef SE
+#endif
+#include <sys/stream.h>
+#endif
+#if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
+#include <sys/tty.h>
+#endif
+#ifdef	t_erase
+#undef	t_erase
+#undef	t_kill
+#undef	t_intrc
+#undef	t_quitc
+#undef	t_startc
+#undef	t_stopc
+#undef	t_eofc
+#undef	t_brkc
+#undef	t_suspc
+#undef	t_dsuspc
+#undef	t_rprntc
+#undef	t_flushc
+#undef	t_werasc
+#undef	t_lnextc
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#else
+#ifdef HAVE_TERMIO_H
+#include <termio.h>
+#endif
+#endif
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+# ifndef	TCSANOW
+#  ifdef TCSETS
+#   define	TCSANOW		TCSETS
+#   define	TCSADRAIN	TCSETSW
+#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
+#  else
+#   ifdef TCSETA
+#    define	TCSANOW		TCSETA
+#    define	TCSADRAIN	TCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
+#   else
+#    define	TCSANOW		TIOCSETA
+#    define	TCSADRAIN	TIOCSETAW
+#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
+#   endif
+#  endif
+#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
+#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+(tp)->c_cflag |= (val)
+#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
+#  ifdef CIBAUD
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
+     (tp)->c_cflag |= ((val)<<IBSHIFT)
+#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
+#  else
+#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
+     (tp)->c_cflag |= (val)
+#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
+#  endif
+# endif /* TCSANOW */
+     struct termios termbuf, termbuf2;	/* pty control structure */
+# ifdef  STREAMSPTY
+     static int ttyfd = -1;
+     int really_stream = 0;
+# endif
+
+     const char *new_login = _PATH_LOGIN;
+
+/*
+ * init_termbuf()
+ * copy_termbuf(cp)
+ * set_termbuf()
+ *
+ * These three routines are used to get and set the "termbuf" structure
+ * to and from the kernel.  init_termbuf() gets the current settings.
+ * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
+ * set_termbuf() writes the structure into the kernel.
+ */
+
+     void
+     init_termbuf(void)
+{
+# ifdef  STREAMSPTY
+    if (really_stream)
+	tcgetattr(ttyfd, &termbuf);
+    else
+# endif
+	tcgetattr(ourpty, &termbuf);
+    termbuf2 = termbuf;
+}
+
+void
+set_termbuf(void)
+{
+    /*
+     * Only make the necessary changes.
+	 */
+    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf)))
+# ifdef  STREAMSPTY
+	if (really_stream)
+	    tcsetattr(ttyfd, TCSANOW, &termbuf);
+	else
+# endif
+	    tcsetattr(ourpty, TCSANOW, &termbuf);
+}
+
+
+/*
+ * spcset(func, valp, valpp)
+ *
+ * This function takes various special characters (func), and
+ * sets *valp to the current value of that character, and
+ * *valpp to point to where in the "termbuf" structure that
+ * value is kept.
+ *
+ * It returns the SLC_ level of support for this function.
+ */
+
+
+int
+spcset(int func, cc_t *valp, cc_t **valpp)
+{
+
+#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
+    *valpp = &termbuf.c_cc[a]; \
+				   return(b);
+#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
+
+    switch(func) {
+    case SLC_EOF:
+	setval(VEOF, SLC_VARIABLE);
+    case SLC_EC:
+	setval(VERASE, SLC_VARIABLE);
+    case SLC_EL:
+	setval(VKILL, SLC_VARIABLE);
+    case SLC_IP:
+	setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+    case SLC_ABORT:
+	setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+    case SLC_XON:
+#ifdef	VSTART
+	setval(VSTART, SLC_VARIABLE);
+#else
+	defval(0x13);
+#endif
+    case SLC_XOFF:
+#ifdef	VSTOP
+	setval(VSTOP, SLC_VARIABLE);
+#else
+	defval(0x11);
+#endif
+    case SLC_EW:
+#ifdef	VWERASE
+	setval(VWERASE, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_RP:
+#ifdef	VREPRINT
+	setval(VREPRINT, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_LNEXT:
+#ifdef	VLNEXT
+	setval(VLNEXT, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+    case SLC_AO:
+#if	!defined(VDISCARD) && defined(VFLUSHO)
+# define VDISCARD VFLUSHO
+#endif
+#ifdef	VDISCARD
+	setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
+#else
+	defval(0);
+#endif
+    case SLC_SUSP:
+#ifdef	VSUSP
+	setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
+#else
+	defval(0);
+#endif
+#ifdef	VEOL
+    case SLC_FORW1:
+	setval(VEOL, SLC_VARIABLE);
+#endif
+#ifdef	VEOL2
+    case SLC_FORW2:
+	setval(VEOL2, SLC_VARIABLE);
+#endif
+    case SLC_AYT:
+#ifdef	VSTATUS
+	setval(VSTATUS, SLC_VARIABLE);
+#else
+	defval(0);
+#endif
+
+    case SLC_BRK:
+    case SLC_SYNCH:
+    case SLC_EOR:
+	defval(0);
+
+    default:
+	*valp = 0;
+	*valpp = 0;
+	return(SLC_NOSUPPORT);
+    }
+}
+
+#ifdef _CRAY
+/*
+ * getnpty()
+ *
+ * Return the number of pty's configured into the system.
+ */
+int
+getnpty()
+{
+#ifdef _SC_CRAY_NPTY
+    int numptys;
+
+    if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
+	return numptys;
+    else
+#endif /* _SC_CRAY_NPTY */
+	return 128;
+}
+#endif /* CRAY */
+
+/*
+ * getpty()
+ *
+ * Allocate a pty.  As a side effect, the external character
+ * array "line" contains the name of the slave side.
+ *
+ * Returns the file descriptor of the opened pty.
+ */
+
+static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char *line = Xline;
+
+#ifdef	_CRAY
+char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+#endif	/* CRAY */
+
+#if !defined(HAVE_PTSNAME) && defined(STREAMSPTY)
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+    return ttyname(fd);
+#else
+    return NULL;
+#endif
+}
+#endif
+
+int getpty(int *ptynum)
+{
+#ifdef __osf__ /* XXX */
+    int master;
+    int slave;
+    if(openpty(&master, &slave, line, 0, 0) == 0){
+	close(slave);
+	return master;
+    }
+    return -1;
+#else
+#ifdef HAVE__GETPTY
+    int master, slave;
+    char *p;
+    p = _getpty(&master, O_RDWR, 0600, 1);
+    if(p == NULL)
+	return -1;
+    strcpy_truncate(line, p, sizeof(Xline));
+    return master;
+#else
+
+    int p;
+    char *cp, *p1, *p2;
+    int i;
+#if SunOS == 40
+    int dummy;
+#endif
+#if 0 /* && defined(HAVE_OPENPTY) */
+    int master;
+    int slave;
+    if(openpty(&master, &slave, line, 0, 0) == 0){
+	close(slave);
+	return master;
+    }
+#else
+#ifdef	STREAMSPTY
+    char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
+		      "/dev/ptym/clone", 0 };
+
+    char **q;
+    for(q=clone; *q; q++){
+	p=open(*q, O_RDWR);
+	if(p >= 0){
+#ifdef HAVE_GRANTPT
+	    grantpt(p);
+#endif
+#ifdef HAVE_UNLOCKPT
+	    unlockpt(p);
+#endif
+	    strcpy_truncate(line, ptsname(p), sizeof(Xline));
+	    really_stream = 1;
+	    return p;
+	}
+    }
+#endif /* STREAMSPTY */
+#ifndef _CRAY
+
+#ifndef	__hpux
+    snprintf(line, sizeof(Xline), "/dev/ptyXX");
+    p1 = &line[8];
+    p2 = &line[9];
+#else
+    snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
+    p1 = &line[13];
+    p2 = &line[14];
+#endif
+
+	
+    for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
+	struct stat stb;
+
+	*p1 = *cp;
+	*p2 = '0';
+	/*
+	 * This stat() check is just to keep us from
+	 * looping through all 256 combinations if there
+	 * aren't that many ptys available.
+	 */
+	if (stat(line, &stb) < 0)
+	    break;
+	for (i = 0; i < 16; i++) {
+	    *p2 = "0123456789abcdef"[i];
+	    p = open(line, O_RDWR);
+	    if (p > 0) {
+#ifndef	__hpux
+		line[5] = 't';
+#else
+		for (p1 = &line[8]; *p1; p1++)
+		    *p1 = *(p1+1);
+		line[9] = 't';
+#endif
+		chown(line, 0, 0);
+		chmod(line, 0600);
+#if SunOS == 40
+		if (ioctl(p, TIOCGPGRP, &dummy) == 0
+		    || errno != EIO) {
+		    chmod(line, 0666);
+		    close(p);
+		    line[5] = 'p';
+		} else
+#endif /* SunOS == 40 */
+		    return(p);
+	    }
+	}
+    }
+#else	/* CRAY */
+    extern lowpty, highpty;
+    struct stat sb;
+
+    for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
+	snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
+	p = open(myline, 2);
+	if (p < 0)
+	    continue;
+	snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
+	/*
+	 * Here are some shenanigans to make sure that there
+	 * are no listeners lurking on the line.
+	 */
+	if(stat(line, &sb) < 0) {
+	    close(p);
+	    continue;
+	}
+	if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+	    chown(line, 0, 0);
+	    chmod(line, 0600);
+	    close(p);
+	    p = open(myline, 2);
+	    if (p < 0)
+		continue;
+	}
+	/*
+	 * Now it should be safe...check for accessability.
+	 */
+	if (access(line, 6) == 0)
+	    return(p);
+	else {
+	    /* no tty side to pty so skip it */
+	    close(p);
+	}
+    }
+#endif	/* CRAY */
+#endif	/* STREAMSPTY */
+#endif /* OPENPTY */
+    return(-1);
+#endif
+}
+
+
+int
+tty_isecho(void)
+{
+    return (termbuf.c_lflag & ECHO);
+}
+
+int
+tty_flowmode(void)
+{
+    return((termbuf.c_iflag & IXON) ? 1 : 0);
+}
+
+int
+tty_restartany(void)
+{
+    return((termbuf.c_iflag & IXANY) ? 1 : 0);
+}
+
+void
+tty_setecho(int on)
+{
+    if (on)
+	termbuf.c_lflag |= ECHO;
+    else
+	termbuf.c_lflag &= ~ECHO;
+}
+
+int
+tty_israw(void)
+{
+    return(!(termbuf.c_lflag & ICANON));
+}
+
+void
+tty_binaryin(int on)
+{
+    if (on) {
+	termbuf.c_iflag &= ~ISTRIP;
+    } else {
+	termbuf.c_iflag |= ISTRIP;
+    }
+}
+
+void
+tty_binaryout(int on)
+{
+    if (on) {
+	termbuf.c_cflag &= ~(CSIZE|PARENB);
+	termbuf.c_cflag |= CS8;
+	termbuf.c_oflag &= ~OPOST;
+    } else {
+	termbuf.c_cflag &= ~CSIZE;
+	termbuf.c_cflag |= CS7|PARENB;
+	termbuf.c_oflag |= OPOST;
+    }
+}
+
+int
+tty_isbinaryin(void)
+{
+    return(!(termbuf.c_iflag & ISTRIP));
+}
+
+int
+tty_isbinaryout(void)
+{
+    return(!(termbuf.c_oflag&OPOST));
+}
+
+
+int
+tty_issofttab(void)
+{
+# ifdef	OXTABS
+    return (termbuf.c_oflag & OXTABS);
+# endif
+# ifdef	TABDLY
+    return ((termbuf.c_oflag & TABDLY) == TAB3);
+# endif
+}
+
+void
+tty_setsofttab(int on)
+{
+    if (on) {
+# ifdef	OXTABS
+	termbuf.c_oflag |= OXTABS;
+# endif
+# ifdef	TABDLY
+	termbuf.c_oflag &= ~TABDLY;
+	termbuf.c_oflag |= TAB3;
+# endif
+    } else {
+# ifdef	OXTABS
+	termbuf.c_oflag &= ~OXTABS;
+# endif
+# ifdef	TABDLY
+	termbuf.c_oflag &= ~TABDLY;
+	termbuf.c_oflag |= TAB0;
+# endif
+    }
+}
+
+int
+tty_islitecho(void)
+{
+# ifdef	ECHOCTL
+    return (!(termbuf.c_lflag & ECHOCTL));
+# endif
+# ifdef	TCTLECH
+    return (!(termbuf.c_lflag & TCTLECH));
+# endif
+# if	!defined(ECHOCTL) && !defined(TCTLECH)
+    return (0);	/* assumes ctl chars are echoed '^x' */
+# endif
+}
+
+void
+tty_setlitecho(int on)
+{
+# ifdef	ECHOCTL
+    if (on)
+	termbuf.c_lflag &= ~ECHOCTL;
+    else
+	termbuf.c_lflag |= ECHOCTL;
+# endif
+# ifdef	TCTLECH
+    if (on)
+	termbuf.c_lflag &= ~TCTLECH;
+    else
+	termbuf.c_lflag |= TCTLECH;
+# endif
+}
+
+int
+tty_iscrnl(void)
+{
+    return (termbuf.c_iflag & ICRNL);
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define	DECODE_BAUD
+#endif
+
+#ifdef	DECODE_BAUD
+
+/*
+ * A table of available terminal speeds
+ */
+struct termspeeds {
+    int	speed;
+    int	value;
+} termspeeds[] = {
+    { 0,      B0 },      { 50,    B50 },    { 75,     B75 },
+    { 110,    B110 },    { 134,   B134 },   { 150,    B150 },
+    { 200,    B200 },    { 300,   B300 },   { 600,    B600 },
+    { 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
+    { 4800,   B4800 },
+#ifdef	B7200
+    { 7200,  B7200 },
+#endif
+    { 9600,   B9600 },
+#ifdef	B14400
+    { 14400,  B14400 },
+#endif
+#ifdef	B19200
+    { 19200,  B19200 },
+#endif
+#ifdef	B28800
+    { 28800,  B28800 },
+#endif
+#ifdef	B38400
+    { 38400,  B38400 },
+#endif
+#ifdef	B57600
+    { 57600,  B57600 },
+#endif
+#ifdef	B115200
+    { 115200, B115200 },
+#endif
+#ifdef	B230400
+    { 230400, B230400 },
+#endif
+    { -1,     0 }
+};
+#endif	/* DECODE_BUAD */
+
+void
+tty_tspeed(int val)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+
+    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+	;
+    if (tp->speed == -1)	/* back up to last valid value */
+	--tp;
+    cfsetospeed(&termbuf, tp->value);
+#else	/* DECODE_BUAD */
+    cfsetospeed(&termbuf, val);
+#endif	/* DECODE_BUAD */
+}
+
+void
+tty_rspeed(int val)
+{
+#ifdef	DECODE_BAUD
+    struct termspeeds *tp;
+
+    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+	;
+    if (tp->speed == -1)	/* back up to last valid value */
+	--tp;
+    cfsetispeed(&termbuf, tp->value);
+#else	/* DECODE_BAUD */
+    cfsetispeed(&termbuf, val);
+#endif	/* DECODE_BAUD */
+}
+
+#ifdef PARENT_DOES_UTMP
+extern	struct utmp wtmp;
+extern char wtmpf[];
+
+extern void utmp_sig_init (void);
+extern void utmp_sig_reset (void);
+extern void utmp_sig_wait (void);
+extern void utmp_sig_notify (int);
+# endif /* PARENT_DOES_UTMP */
+
+#ifdef STREAMSPTY
+
+/* I_FIND seems to live a life of its own */
+static int my_find(int fd, char *module)
+{
+#if defined(I_FIND) && defined(I_LIST)
+    static int flag;
+    static struct str_list sl;
+    int n;
+    int i;
+  
+    if(!flag){
+	n = ioctl(fd, I_LIST, 0);
+	if(n < 0){
+	    perror("ioctl(fd, I_LIST, 0)");
+	    return -1;
+	}
+	sl.sl_modlist=(struct str_mlist*)malloc(n * sizeof(struct str_mlist));
+	sl.sl_nmods = n;
+	n = ioctl(fd, I_LIST, &sl);
+	if(n < 0){
+	    perror("ioctl(fd, I_LIST, n)");
+	    return -1;
+	}
+	flag = 1;
+    }
+  
+    for(i=0; i<sl.sl_nmods; i++)
+	if(!strcmp(sl.sl_modlist[i].l_name, module))
+	    return 1;
+#endif
+    return 0;
+}
+
+static void maybe_push_modules(int fd, char **modules)
+{
+    char **p;
+    int err;
+
+    for(p=modules; *p; p++){
+	err = my_find(fd, *p);
+	if(err == 1)
+	    break;
+	if(err < 0 && errno != EINVAL)
+	    fatalperror(net, "my_find()");
+	/* module not pushed or does not exist */
+    }
+    /* p points to null or to an already pushed module, now push all
+       modules before this one */
+  
+    for(p--; p >= modules; p--){
+	err = ioctl(fd, I_PUSH, *p);
+	if(err < 0 && errno != EINVAL)
+	    fatalperror(net, "I_PUSH");
+    }
+}
+#endif
+
+/*
+ * getptyslave()
+ *
+ * Open the slave side of the pty, and do any initialization
+ * that is necessary.  The return value is a file descriptor
+ * for the slave side.
+ */
+void getptyslave(void)
+{
+    int t = -1;
+
+    struct winsize ws;
+    extern int def_row, def_col;
+    extern int def_tspeed, def_rspeed;
+    /*
+     * Opening the slave side may cause initilization of the
+     * kernel tty structure.  We need remember the state of
+     * 	if linemode was turned on
+     *	terminal window size
+     *	terminal speed
+     * so that we can re-set them if we need to.
+     */
+
+
+    /*
+     * Make sure that we don't have a controlling tty, and
+     * that we are the session (process group) leader.
+     */
+
+#ifdef HAVE_SETSID
+    if(setsid()<0)
+	fatalperror(net, "setsid()");
+#else
+# ifdef	TIOCNOTTY
+    t = open(_PATH_TTY, O_RDWR);
+    if (t >= 0) {
+	ioctl(t, TIOCNOTTY, (char *)0);
+	close(t);
+    }
+# endif
+#endif
+
+# ifdef PARENT_DOES_UTMP
+    /*
+     * Wait for our parent to get the utmp stuff to get done.
+     */
+    utmp_sig_wait();
+# endif
+
+    t = cleanopen(line);
+    if (t < 0)
+	fatalperror(net, line);
+
+#ifdef  STREAMSPTY
+    ttyfd = t;
+	  
+
+    /*
+     * Not all systems have (or need) modules ttcompat and pckt so
+     * don't flag it as a fatal error if they don't exist.
+     */
+
+    if (really_stream)
+	{
+	    /* these are the streams modules that we want pushed. note
+	       that they are in reverse order, ptem will be pushed
+	       first. maybe_push_modules() will try to push all modules
+	       before the first one that isn't already pushed. i.e if
+	       ldterm is pushed, only ttcompat will be attempted.
+
+	       all this is because we don't know which modules are
+	       available, and we don't know which modules are already
+	       pushed (via autopush, for instance).
+
+	       */
+	     
+	    char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+	    char *ptymodules[] = { "pckt", NULL };
+
+	    maybe_push_modules(t, ttymodules);
+	    maybe_push_modules(ourpty, ptymodules);
+	}
+#endif
+    /*
+     * set up the tty modes as we like them to be.
+     */
+    init_termbuf();
+# ifdef	TIOCSWINSZ
+    if (def_row || def_col) {
+	memset(&ws, 0, sizeof(ws));
+	ws.ws_col = def_col;
+	ws.ws_row = def_row;
+	ioctl(t, TIOCSWINSZ, (char *)&ws);
+    }
+# endif
+
+    /*
+     * Settings for sgtty based systems
+     */
+
+    /*
+     * Settings for UNICOS (and HPUX)
+     */
+# if defined(_CRAY) || defined(__hpux)
+    termbuf.c_oflag = OPOST|ONLCR|TAB3;
+    termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
+    termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
+    termbuf.c_cflag = EXTB|HUPCL|CS8;
+# endif
+
+    /*
+     * Settings for all other termios/termio based
+     * systems, other than 4.4BSD.  In 4.4BSD the
+     * kernel does the initial terminal setup.
+     */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43)
+#  ifndef	OXTABS
+#   define OXTABS	0
+#  endif
+    termbuf.c_lflag |= ECHO;
+    termbuf.c_oflag |= ONLCR|OXTABS;
+    termbuf.c_iflag |= ICRNL;
+    termbuf.c_iflag &= ~IXOFF;
+# endif
+    tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
+    tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
+
+    /*
+     * Set the tty modes, and make this our controlling tty.
+     */
+    set_termbuf();
+    if (login_tty(t) == -1)
+	fatalperror(net, "login_tty");
+    if (net > 2)
+	close(net);
+    if (ourpty > 2) {
+	close(ourpty);
+	ourpty = -1;
+    }
+}
+
+#ifndef	O_NOCTTY
+#define	O_NOCTTY	0
+#endif
+/*
+ * Open the specified slave side of the pty,
+ * making sure that we have a clean tty.
+ */
+
+int cleanopen(char *line)
+{
+    int t;
+
+#ifdef STREAMSPTY
+    if (!really_stream)
+#endif
+	{
+	    /*
+	     * Make sure that other people can't open the
+	     * slave side of the connection.
+	     */
+	    chown(line, 0, 0);
+	    chmod(line, 0600);
+	}
+
+#ifdef HAVE_REVOKE
+    revoke(line);
+#endif
+
+    t = open(line, O_RDWR|O_NOCTTY);
+
+    if (t < 0)
+	return(-1);
+
+    /*
+     * Hangup anybody else using this ttyp, then reopen it for
+     * ourselves.
+     */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
+    signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+    vhangup();
+#else
+#endif
+    signal(SIGHUP, SIG_DFL);
+    t = open(line, O_RDWR|O_NOCTTY);
+    if (t < 0)
+	return(-1);
+# endif
+# if	defined(_CRAY) && defined(TCVHUP)
+    {
+	int i;
+	signal(SIGHUP, SIG_IGN);
+	ioctl(t, TCVHUP, (char *)0);
+	signal(SIGHUP, SIG_DFL);
+
+	i = open(line, O_RDWR);
+
+	if (i < 0)
+	    return(-1);
+	close(t);
+	t = i;
+    }
+# endif	/* defined(CRAY) && defined(TCVHUP) */
+    return(t);
+}
+
+#if !defined(BSD4_4)
+
+int login_tty(int t)
+{
+# if defined(TIOCSCTTY) && !defined(__hpux)
+    if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
+	fatalperror(net, "ioctl(sctty)");
+#  ifdef _CRAY
+    /*
+     * Close the hard fd to /dev/ttypXXX, and re-open through
+     * the indirect /dev/tty interface.
+     */
+    close(t);
+    if ((t = open("/dev/tty", O_RDWR)) < 0)
+	fatalperror(net, "open(/dev/tty)");
+#  endif
+# else
+    /*
+     * We get our controlling tty assigned as a side-effect
+     * of opening up a tty device.  But on BSD based systems,
+     * this only happens if our process group is zero.  The
+     * setsid() call above may have set our pgrp, so clear
+     * it out before opening the tty...
+     */
+#ifdef HAVE_SETPGID
+    setpgid(0, 0);
+#else
+    setpgrp(0, 0); /* if setpgid isn't available, setpgrp
+		      probably takes arguments */
+#endif
+    close(open(line, O_RDWR));
+# endif
+    if (t != 0)
+	dup2(t, 0);
+    if (t != 1)
+	dup2(t, 1);
+    if (t != 2)
+	dup2(t, 2);
+    if (t > 2)
+	close(t);
+    return(0);
+}
+#endif	/* BSD <= 43 */
+
+/*
+ * This comes from ../../bsd/tty.c and should not really be here.
+ */
+
+/*
+ * Clean the tty name.  Return a pointer to the cleaned version.
+ */
+
+static char *
+clean_ttyname (char *tty)
+{
+  char *res = tty;
+
+  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+    res += strlen(_PATH_DEV);
+  if (strncmp (res, "pty/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "ptym/", 5) == 0)
+    res += 5;
+  return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+static char *
+make_id (char *tty)
+{
+  char *res = tty;
+  
+  if (strncmp (res, "pts/", 4) == 0)
+    res += 4;
+  if (strncmp (res, "tty", 3) == 0)
+    res += 3;
+  return res;
+}
+#endif
+
+/*
+ * startslave(host)
+ *
+ * Given a hostname, do whatever
+ * is necessary to startup the login process on the slave side of the pty.
+ */
+
+/* ARGSUSED */
+void
+startslave(char *host, int autologin, char *autoname)
+{
+    int i;
+
+#ifdef AUTHENTICATION
+    if (!autoname || !autoname[0])
+	autologin = 0;
+
+    if (autologin < auth_level) {
+	fatal(net, "Authorization failed");
+	exit(1);
+    }
+#endif
+
+    {
+	char *tbuf =
+	    "\r\n*** Connection not encrypted! "
+	    "Communication may be eavesdropped. ***\r\n";
+#ifdef ENCRYPTION
+	if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
+#endif
+	    writenet((unsigned char*)tbuf, strlen(tbuf));
+    }
+# ifdef	PARENT_DOES_UTMP
+    utmp_sig_init();
+# endif	/* PARENT_DOES_UTMP */
+
+    if ((i = fork()) < 0)
+	fatalperror(net, "fork");
+    if (i) {
+# ifdef PARENT_DOES_UTMP
+	/*
+	 * Cray parent will create utmp entry for child and send
+	 * signal to child to tell when done.  Child waits for signal
+	 * before doing anything important.
+	 */
+	int pid = i;
+	void sigjob (int);
+
+	setpgrp();
+	utmp_sig_reset();		/* reset handler to default */
+	/*
+	 * Create utmp entry for child
+	 */
+	time(&wtmp.ut_time);
+	wtmp.ut_type = LOGIN_PROCESS;
+	wtmp.ut_pid = pid;
+	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
+	strncpy(wtmp.ut_host,  host, sizeof(wtmp.ut_host));
+	strncpy(wtmp.ut_line,  clean_ttyname(line), sizeof(wtmp.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+	strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
+#endif
+
+	pututline(&wtmp);
+	endutent();
+	if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
+	    write(i, &wtmp, sizeof(struct utmp));
+	    close(i);
+	}
+#ifdef	_CRAY
+	signal(WJSIGNAL, sigjob);
+#endif
+	utmp_sig_notify(pid);
+# endif	/* PARENT_DOES_UTMP */
+    } else {
+	getptyslave();
+	start_login(host, autologin, autoname);
+	/*NOTREACHED*/
+    }
+}
+
+char	*envinit[3];
+extern char **environ;
+
+void
+init_env(void)
+{
+    extern char *getenv(const char *);
+    char **envp;
+
+    envp = envinit;
+    if ((*envp = getenv("TZ")))
+	*envp++ -= 3;
+#if defined(_CRAY) || defined(__hpux)
+    else
+	*envp++ = "TZ=GMT0";
+#endif
+    *envp = 0;
+    environ = envinit;
+}
+
+/*
+ * scrub_env()
+ *
+ * Remove variables from the environment that might cause login to
+ * behave in a bad manner. To avoid this, login should be staticly
+ * linked.
+ */
+
+static void scrub_env(void)
+{
+    static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL };
+
+    char **cpp, **cpp2;
+    char **p;
+  
+    for (cpp2 = cpp = environ; *cpp; cpp++) {
+	for(p = remove; *p; p++)
+	    if(strncmp(*cpp, *p, strlen(*p)) == 0)
+		break;
+	if(*p == NULL)
+	    *cpp2++ = *cpp;
+    }
+    *cpp2 = 0;
+}
+
+
+struct arg_val {
+    int size;
+    int argc;
+    char **argv;
+};
+
+static int addarg(struct arg_val*, char*);
+
+/*
+ * start_login(host)
+ *
+ * Assuming that we are now running as a child processes, this
+ * function will turn us into the login process.
+ */
+
+void
+start_login(char *host, int autologin, char *name)
+{
+    struct arg_val argv;
+    char *user;
+
+#ifdef HAVE_UTMPX_H
+    int pid = getpid();
+    struct utmpx utmpx;
+    char *clean_tty;
+
+    /*
+     * Create utmp entry for child
+     */
+
+    clean_tty = clean_ttyname(line);
+    memset(&utmpx, 0, sizeof(utmpx));
+    strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
+    strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+    strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
+#endif
+    utmpx.ut_pid = pid;
+	
+    utmpx.ut_type = LOGIN_PROCESS;
+
+    gettimeofday (&utmpx.ut_tv, NULL);
+    if (pututxline(&utmpx) == NULL)
+	fatal(net, "pututxline failed");
+#endif
+
+    scrub_env();
+	
+    /*
+     * -h : pass on name of host.
+     *		WARNING:  -h is accepted by login if and only if
+     *			getuid() == 0.
+     * -p : don't clobber the environment (so terminal type stays set).
+     *
+     * -f : force this login, he has already been authenticated
+     */
+
+    /* init argv structure */ 
+    argv.size=0;
+    argv.argc=0;
+    argv.argv=(char**)malloc(0); /*so we can call realloc later */
+    addarg(&argv, "login");
+    addarg(&argv, "-h");
+    addarg(&argv, host);
+    addarg(&argv, "-p");
+    if(name[0])
+	user = name;
+    else
+	user = getenv("USER");
+#ifdef AUTHENTICATION
+    if (auth_level < 0 || autologin != AUTH_VALID) {
+	if(!no_warn) {
+	    printf("User not authenticated. ");
+	    if (require_otp)
+		printf("Using one-time password\r\n");
+	    else
+		printf("Using plaintext username and password\r\n");
+	}
+	if (require_otp) {
+	    addarg(&argv, "-a");
+	    addarg(&argv, "otp");
+	}
+	if(log_unauth) 
+	    syslog(LOG_INFO, "unauthenticated access from %s (%s)", 
+		   host, user ? user : "unknown user");
+    }
+    if (auth_level >= 0 && autologin == AUTH_VALID)
+	addarg(&argv, "-f");
+#endif
+    if(user){
+	addarg(&argv, "--");
+	addarg(&argv, strdup(user));
+    }
+    if (getenv("USER")) {
+	/*
+	 * Assume that login will set the USER variable
+	 * correctly.  For SysV systems, this means that
+	 * USER will no longer be set, just LOGNAME by
+	 * login.  (The problem is that if the auto-login
+	 * fails, and the user then specifies a different
+	 * account name, he can get logged in with both
+	 * LOGNAME and USER in his environment, but the
+	 * USER value will be wrong.
+	 */
+	unsetenv("USER");
+    }
+    closelog();
+    /*
+     * This sleep(1) is in here so that telnetd can
+     * finish up with the tty.  There's a race condition
+     * the login banner message gets lost...
+     */
+    sleep(1);
+
+    execv(new_login, argv.argv);
+
+    syslog(LOG_ERR, "%s: %m\n", new_login);
+    fatalperror(net, new_login);
+    /*NOTREACHED*/
+}
+
+
+
+static int addarg(struct arg_val *argv, char *val)
+{
+    if(argv->size <= argv->argc+1){
+	argv->argv = (char**)realloc(argv->argv, sizeof(char*) * (argv->size + 10));
+	if(argv->argv == NULL)
+	    return 1; /* this should probably be handled better */
+	argv->size+=10;
+    }
+    argv->argv[argv->argc++]=val;
+    argv->argv[argv->argc]=NULL;
+    return 0;
+}
+
+
+/*
+ * rmut()
+ *
+ * This is the function called by cleanup() to
+ * remove the utmp entry for this person.
+ */
+
+#ifdef HAVE_UTMPX_H
+static void
+rmut(void)
+{
+    struct utmpx *utxp, utmpx;
+    char *clean_tty = clean_ttyname(line);
+
+    /*
+     * This updates the utmpx and utmp entries and make a wtmp/x entry
+     */
+
+    setutxent();
+    memset(&utmpx, 0, sizeof(utmpx));
+    strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
+    utmpx.ut_type = LOGIN_PROCESS;
+    utxp = getutxline(&utmpx);
+    if (utxp) {
+	utxp->ut_user[0] = '\0';
+	utxp->ut_type = DEAD_PROCESS;
+#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+	utxp->ut_exit.__e_termination = 0;
+	utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+	utxp->ut_exit.ut_termination = 0;
+	utxp->ut_exit.ut_exit = 0;
+#else	
+	utxp->ut_exit.e_termination = 0;
+	utxp->ut_exit.e_exit = 0;
+#endif
+#endif
+	gettimeofday(&utxp->ut_tv, NULL);
+	pututxline(utxp);
+#ifdef WTMPX_FILE
+	updwtmpx(WTMPX_FILE, utxp);
+#elif defined(WTMP_FILE)
+	/* This is a strange system with a utmpx and a wtmp! */
+	{
+	  int f = open(wtmpf, O_WRONLY|O_APPEND);
+	  struct utmp wtmp;
+	  if (f >= 0) {
+	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
+	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
+#endif
+	    time(&wtmp.ut_time);
+	    write(f, &wtmp, sizeof(wtmp));
+	    close(f);
+	  }
+	}
+#else
+
+#endif
+    }
+    endutxent();
+}  /* end of rmut */
+#endif
+
+#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) && BSD <= 43
+static void
+rmut(void)
+{
+    int f;
+    int found = 0;
+    struct utmp *u, *utmp;
+    int nutmp;
+    struct stat statbf;
+    char *clean_tty = clean_ttyname(line);
+
+    f = open(utmpf, O_RDWR);
+    if (f >= 0) {
+	fstat(f, &statbf);
+	utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
+	if (!utmp)
+	    syslog(LOG_ERR, "utmp malloc failed");
+	if (statbf.st_size && utmp) {
+	    nutmp = read(f, utmp, (int)statbf.st_size);
+	    nutmp /= sizeof(struct utmp);
+
+	    for (u = utmp ; u < &utmp[nutmp] ; u++) {
+		if (strncmp(u->ut_line,
+			    clean_tty,
+			    sizeof(u->ut_line)) ||
+		    u->ut_name[0]==0)
+		    continue;
+		lseek(f, ((long)u)-((long)utmp), L_SET);
+		strncpy(u->ut_name,  "", sizeof(u->ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+		strncpy(u->ut_host,  "", sizeof(u->ut_host));
+#endif
+		time(&u->ut_time);
+		write(f, u, sizeof(wtmp));
+		found++;
+	    }
+	}
+	close(f);
+    }
+    if (found) {
+	f = open(wtmpf, O_WRONLY|O_APPEND);
+	if (f >= 0) {
+	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
+	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
+#endif
+	    time(&wtmp.ut_time);
+	    write(f, &wtmp, sizeof(wtmp));
+	    close(f);
+	}
+    }
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    line[strlen("/dev/")] = 'p';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+}  /* end of rmut */
+#endif	/* CRAY */
+
+#if defined(__hpux) && !defined(HAVE_UTMPX_H)
+static void
+rmut (char *line)
+{
+    struct utmp utmp;
+    struct utmp *utptr;
+    int fd;			/* for /etc/wtmp */
+
+    utmp.ut_type = USER_PROCESS;
+    strncpy(utmp.ut_line, clean_ttyname(line), sizeof(utmp.ut_line));
+    setutent();
+    utptr = getutline(&utmp);
+    /* write it out only if it exists */
+    if (utptr) {
+	utptr->ut_type = DEAD_PROCESS;
+	utptr->ut_time = time(NULL);
+	pututline(utptr);
+	/* set wtmp entry if wtmp file exists */
+	if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
+	    write(fd, utptr, sizeof(utmp));
+	    close(fd);
+	}
+    }
+    endutent();
+
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    line[14] = line[13];
+    line[13] = line[12];
+    line[8] = 'm';
+    line[9] = '/';
+    line[10] = 'p';
+    line[11] = 't';
+    line[12] = 'y';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+}
+#endif
+
+/*
+ * cleanup()
+ *
+ * This is the routine to call when we are all through, to
+ * clean up anything that needs to be cleaned up.
+ */
+
+#ifdef PARENT_DOES_UTMP
+
+void
+cleanup(int sig)
+{
+#ifdef _CRAY
+    static int incleanup = 0;
+    int t;
+    int child_status; /* status of child process as returned by waitpid */
+    int flags = WNOHANG|WUNTRACED;
+    
+    /*
+     * 1: Pick up the zombie, if we are being called
+     *    as the signal handler.
+     * 2: If we are a nested cleanup(), return.
+     * 3: Try to clean up TMPDIR.
+     * 4: Fill in utmp with shutdown of process.
+     * 5: Close down the network and pty connections.
+     * 6: Finish up the TMPDIR cleanup, if needed.
+     */
+    if (sig == SIGCHLD) {
+	while (waitpid(-1, &child_status, flags) > 0)
+	    ;	/* VOID */
+	/* Check if the child process was stopped
+	 * rather than exited.  We want cleanup only if
+	 * the child has died.
+	 */
+	if (WIFSTOPPED(child_status)) {
+	    return;
+	}
+    }
+    t = sigblock(sigmask(SIGCHLD));
+    if (incleanup) {
+	sigsetmask(t);
+	return;
+    }
+    incleanup = 1;
+    sigsetmask(t);
+    
+    t = cleantmp(&wtmp);
+    setutent();	/* just to make sure */
+#endif /* CRAY */
+    rmut(line);
+    close(ourpty);
+    shutdown(net, 2);
+#ifdef _CRAY
+    if (t == 0)
+	cleantmp(&wtmp);
+#endif /* CRAY */
+    exit(1);
+}
+
+#else /* PARENT_DOES_UTMP */
+
+void
+cleanup(int sig)
+{
+#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
+    rmut();
+#ifdef HAVE_VHANGUP
+#ifndef __sgi
+    vhangup(); /* XXX */
+#endif
+#endif
+#else
+    char *p;
+    
+    p = line + sizeof("/dev/") - 1;
+    if (logout(p))
+	logwtmp(p, "", "");
+    chmod(line, 0666);
+    chown(line, 0, 0);
+    *p = 'p';
+    chmod(line, 0666);
+    chown(line, 0, 0);
+#endif
+    shutdown(net, 2);
+    exit(1);
+}
+
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef PARENT_DOES_UTMP
+/*
+ * _utmp_sig_rcv
+ * utmp_sig_init
+ * utmp_sig_wait
+ *	These three functions are used to coordinate the handling of
+ *	the utmp file between the server and the soon-to-be-login shell.
+ *	The server actually creates the utmp structure, the child calls
+ *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
+ *	signals the future-login shell to proceed.
+ */
+static int caught=0;		/* NZ when signal intercepted */
+static void (*func)();		/* address of previous handler */
+
+void
+_utmp_sig_rcv(sig)
+     int sig;
+{
+    caught = 1;
+    signal(SIGUSR1, func);
+}
+
+void
+utmp_sig_init()
+{
+    /*
+     * register signal handler for UTMP creation
+     */
+    if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
+	fatalperror(net, "telnetd/signal");
+}
+
+void
+utmp_sig_reset()
+{
+    signal(SIGUSR1, func);	/* reset handler to default */
+}
+
+# ifdef __hpux
+# define sigoff() /* do nothing */
+# define sigon() /* do nothing */
+# endif
+
+void
+utmp_sig_wait()
+{
+    /*
+     * Wait for parent to write our utmp entry.
+	 */
+    sigoff();
+    while (caught == 0) {
+	pause();	/* wait until we get a signal (sigon) */
+	sigoff();	/* turn off signals while we check caught */
+    }
+    sigon();		/* turn on signals again */
+}
+
+void
+utmp_sig_notify(pid)
+{
+    kill(pid, SIGUSR1);
+}
+
+#ifdef _CRAY
+static int gotsigjob = 0;
+
+	/*ARGSUSED*/
+void
+sigjob(sig)
+     int sig;
+{
+    int jid;
+    struct jobtemp *jp;
+
+    while ((jid = waitjob(NULL)) != -1) {
+	if (jid == 0) {
+	    return;
+	}
+	gotsigjob++;
+	jobend(jid, NULL, NULL);
+    }
+}
+
+/*
+ *	jid_getutid:
+ *		called by jobend() before calling cleantmp()
+ *		to find the correct $TMPDIR to cleanup.
+ */
+
+struct utmp *
+jid_getutid(jid)
+     int jid;
+{
+    struct utmp *cur = NULL;
+
+    setutent();	/* just to make sure */
+    while (cur = getutent()) {
+	if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
+	    return(cur);
+	}
+    }
+
+    return(0);
+}
+
+/*
+ * Clean up the TMPDIR that login created.
+ * The first time this is called we pick up the info
+ * from the utmp.  If the job has already gone away,
+ * then we'll clean up and be done.  If not, then
+ * when this is called the second time it will wait
+ * for the signal that the job is done.
+ */
+int
+cleantmp(wtp)
+     struct utmp *wtp;
+{
+    struct utmp *utp;
+    static int first = 1;
+    int mask, omask, ret;
+    extern struct utmp *getutid (const struct utmp *_Id);
+
+
+    mask = sigmask(WJSIGNAL);
+
+    if (first == 0) {
+	omask = sigblock(mask);
+	while (gotsigjob == 0)
+	    sigpause(omask);
+	return(1);
+    }
+    first = 0;
+    setutent();	/* just to make sure */
+
+    utp = getutid(wtp);
+    if (utp == 0) {
+	syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+	return(-1);
+    }
+    /*
+     * Nothing to clean up if the user shell was never started.
+     */
+    if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
+	return(1);
+
+    /*
+     * Block the WJSIGNAL while we are in jobend().
+     */
+    omask = sigblock(mask);
+    ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
+    sigsetmask(omask);
+    return(ret);
+}
+
+int
+jobend(jid, path, user)
+     int jid;
+     char *path;
+     char *user;
+{
+    static int saved_jid = 0;
+    static int pty_saved_jid = 0;
+    static char saved_path[sizeof(wtmp.ut_tpath)+1];
+    static char saved_user[sizeof(wtmp.ut_user)+1];
+
+    /*
+     * this little piece of code comes into play
+     * only when ptyreconnect is used to reconnect
+     * to an previous session.
+     *
+     * this is the only time when the
+     * "saved_jid != jid" code is executed.
+     */
+
+    if ( saved_jid && saved_jid != jid ) {
+	if (!path) {	/* called from signal handler */
+	    pty_saved_jid = jid;
+	} else {
+	    pty_saved_jid = saved_jid;
+	}
+    }
+
+    if (path) {
+	strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
+	strncpy(saved_user, user, sizeof(wtmp.ut_user));
+	saved_path[sizeof(saved_path)] = '\0';
+	saved_user[sizeof(saved_user)] = '\0';
+    }
+    if (saved_jid == 0) {
+	saved_jid = jid;
+	return(0);
+    }
+
+    /* if the jid has changed, get the correct entry from the utmp file */
+
+    if ( saved_jid != jid ) {
+	struct utmp *utp = NULL;
+	struct utmp *jid_getutid();
+
+	utp = jid_getutid(pty_saved_jid);
+
+	if (utp == 0) {
+	    syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+	    return(-1);
+	}
+
+	cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
+	return(1);
+    }
+
+    cleantmpdir(jid, saved_path, saved_user);
+    return(1);
+}
+
+/*
+ * Fork a child process to clean up the TMPDIR
+ */
+cleantmpdir(jid, tpath, user)
+     int jid;
+     char *tpath;
+     char *user;
+{
+    switch(fork()) {
+    case -1:
+	syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
+	       tpath);
+	break;
+    case 0:
+	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
+	syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
+	       tpath, CLEANTMPCMD);
+	exit(1);
+    default:
+	/*
+	 * Forget about child.  We will exit, and
+	 * /etc/init will pick it up.
+	 */
+	break;
+    }
+}
+#endif /* CRAY */
+#endif	/* defined(PARENT_DOES_UTMP) */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
new file mode 100644
index 0000000..73008a3
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
@@ -0,0 +1,1357 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $");
+
+#ifdef _SC_CRAY_SECURE_SYS
+#include <sys/sysv.h>
+#include <sys/secdev.h>
+#include <sys/secparm.h>
+#include <sys/usrv.h>
+int	secflag;
+char	tty_dev[16];
+struct	secdev dv;
+struct	sysv sysv;
+struct	socksec ss;
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+#ifdef AUTHENTICATION
+int	auth_level = 0;
+#endif
+
+extern	int utmp_len;
+int	registerd_host_only = 0;
+
+#ifdef	STREAMSPTY
+# include <stropts.h>
+# include <termios.h>
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif /* HAVE_SYS_UIO_H */
+#ifdef HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+#ifdef _AIX
+#include <sys/termio.h>
+#endif
+# ifdef HAVE_SYS_STRTTY_H
+# include <sys/strtty.h>
+# endif
+# ifdef HAVE_SYS_STR_TTY_H
+# include <sys/str_tty.h>
+# endif
+/* make sure we don't get the bsd version */
+/* what is this here for? solaris? /joda */
+# ifdef HAVE_SYS_TTY_H
+# include "/usr/include/sys/tty.h"
+# endif
+# ifdef HAVE_SYS_PTYVAR_H
+# include <sys/ptyvar.h>
+# endif
+
+/*
+ * Because of the way ptyibuf is used with streams messages, we need
+ * ptyibuf+1 to be on a full-word boundary.  The following wierdness
+ * is simply to make that happen.
+ */
+long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
+char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
+char	*ptyip = ((char *)&ptyibufbuf[1])-1;
+char	ptyibuf2[BUFSIZ];
+unsigned char ctlbuf[BUFSIZ];
+struct	strbuf strbufc, strbufd;
+
+int readstream(int, char*, int);
+
+#else	/* ! STREAMPTY */
+
+/*
+ * I/O data buffers,
+ * pointers, and counters.
+ */
+char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
+char	ptyibuf2[BUFSIZ];
+
+#endif /* ! STREAMPTY */
+
+int	hostinfo = 1;			/* do we print login banner? */
+
+#ifdef	_CRAY
+extern int      newmap; /* nonzero if \n maps to ^M^J */
+int	lowpty = 0, highpty;	/* low, high pty numbers */
+#endif /* CRAY */
+
+int debug = 0;
+int keepalive = 1;
+char *progname;
+
+extern void usage (void);
+
+/*
+ * The string to pass to getopt().  We do it this way so
+ * that only the actual options that we support will be
+ * passed off to getopt().
+ */
+char valid_opts[] = "Bd:hklnS:u:UL:y"
+#ifdef AUTHENTICATION
+		    "a:X:z"
+#endif
+#ifdef DIAGNOSTICS
+		    "D:"
+#endif
+#ifdef _CRAY
+		    "r:"
+#endif
+		    ;
+
+void doit(struct sockaddr_in*);
+
+int main(int argc, char **argv)
+{
+    struct sockaddr_in from;
+    int on = 1, fromlen;
+    int ch;
+#if	defined(IPPROTO_IP) && defined(IP_TOS)
+    int tos = -1;
+#endif
+#ifdef ENCRYPTION
+    extern int des_check_key;
+    des_check_key = 1;	/* Kludge for Mac NCSA telnet 2.6 /bg */
+#endif
+    pfrontp = pbackp = ptyobuf;
+    netip = netibuf;
+    nfrontp = nbackp = netobuf;
+
+    progname = *argv;
+#ifdef ENCRYPTION
+    nclearto = 0;
+#endif
+
+#ifdef _CRAY
+    /*
+     * Get number of pty's before trying to process options,
+     * which may include changing pty range.
+     */
+    highpty = getnpty();
+#endif /* CRAY */
+
+    while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
+	switch(ch) {
+
+#ifdef	AUTHENTICATION
+	case 'a':
+	    /*
+	     * Check for required authentication level
+	     */
+	    if (strcmp(optarg, "debug") == 0) {
+		auth_debug_mode = 1;
+	    } else if (strcasecmp(optarg, "none") == 0) {
+		auth_level = 0;
+	    } else if (strcasecmp(optarg, "otp") == 0) {
+		auth_level = 0;
+		require_otp = 1;
+	    } else if (strcasecmp(optarg, "other") == 0) {
+		auth_level = AUTH_OTHER;
+	    } else if (strcasecmp(optarg, "user") == 0) {
+		auth_level = AUTH_USER;
+	    } else if (strcasecmp(optarg, "valid") == 0) {
+		auth_level = AUTH_VALID;
+	    } else if (strcasecmp(optarg, "off") == 0) {
+		/*
+		 * This hack turns off authentication
+		 */
+		auth_level = -1;
+	    } else {
+		fprintf(stderr,
+			"telnetd: unknown authorization level for -a\n");
+	    }
+	    break;
+#endif	/* AUTHENTICATION */
+
+	case 'B': /* BFTP mode is not supported any more */
+	    break;
+	case 'd':
+	    if (strcmp(optarg, "ebug") == 0) {
+		debug++;
+		break;
+	    }
+	    usage();
+	    /* NOTREACHED */
+	    break;
+
+#ifdef DIAGNOSTICS
+	case 'D':
+	    /*
+	     * Check for desired diagnostics capabilities.
+	     */
+	    if (!strcmp(optarg, "report")) {
+		diagnostic |= TD_REPORT|TD_OPTIONS;
+	    } else if (!strcmp(optarg, "exercise")) {
+		diagnostic |= TD_EXERCISE;
+	    } else if (!strcmp(optarg, "netdata")) {
+		diagnostic |= TD_NETDATA;
+	    } else if (!strcmp(optarg, "ptydata")) {
+		diagnostic |= TD_PTYDATA;
+	    } else if (!strcmp(optarg, "options")) {
+		diagnostic |= TD_OPTIONS;
+	    } else {
+		usage();
+		/* NOT REACHED */
+	    }
+	    break;
+#endif /* DIAGNOSTICS */
+
+
+	case 'h':
+	    hostinfo = 0;
+	    break;
+
+	case 'k': /* Linemode is not supported any more */
+	case 'l':
+	    break;
+
+	case 'n':
+	    keepalive = 0;
+	    break;
+
+#ifdef _CRAY
+	case 'r':
+	    {
+		char *strchr();
+		char *c;
+
+		/*
+		 * Allow the specification of alterations
+		 * to the pty search range.  It is legal to
+		 * specify only one, and not change the
+		 * other from its default.
+		 */
+		c = strchr(optarg, '-');
+		if (c) {
+		    *c++ = '\0';
+		    highpty = atoi(c);
+		}
+		if (*optarg != '\0')
+		    lowpty = atoi(optarg);
+		if ((lowpty > highpty) || (lowpty < 0) ||
+		    (highpty > 32767)) {
+		    usage();
+		    /* NOT REACHED */
+		}
+		break;
+	    }
+#endif	/* CRAY */
+
+	case 'S':
+#ifdef	HAVE_PARSETOS
+	    if ((tos = parsetos(optarg, "tcp")) < 0)
+		fprintf(stderr, "%s%s%s\n",
+			"telnetd: Bad TOS argument '", optarg,
+			"'; will try to use default TOS");
+#else
+	    fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
+		    "-S flag not supported\n");
+#endif
+	    break;
+
+	case 'u':
+	    utmp_len = atoi(optarg);
+	    break;
+
+	case 'U':
+	    registerd_host_only = 1;
+	    break;
+
+#ifdef	AUTHENTICATION
+	case 'X':
+	    /*
+	     * Check for invalid authentication types
+	     */
+	    auth_disable_name(optarg);
+	    break;
+#endif
+	case 'y':
+	    no_warn = 1;
+	    break;
+#ifdef AUTHENTICATION
+	case 'z':
+	    log_unauth = 1;
+	    break;
+
+#endif	/* AUTHENTICATION */
+
+	case 'L':
+	    new_login = optarg;
+	    break;
+			
+	default:
+	    fprintf(stderr, "telnetd: %c: unknown option\n", ch);
+	    /* FALLTHROUGH */
+	case '?':
+	    usage();
+	    /* NOTREACHED */
+	}
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (debug) {
+	int port = 0;
+	struct servent *sp;
+
+	if (argc > 1) {
+	    usage ();
+	} else if (argc == 1) {
+	    sp = roken_getservbyname (*argv, "tcp");
+	    if (sp)
+		port = sp->s_port;
+	    else
+		port = htons(atoi(*argv));
+	} else {
+#ifdef KRB5
+	    port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
+#else
+	    port = k_getportbyname("telnet", "tcp", htons(23));
+#endif
+	}
+	mini_inetd (port);
+    } else if (argc > 0) {
+	usage();
+	/* NOT REACHED */
+    }
+
+#ifdef _SC_CRAY_SECURE_SYS
+    secflag = sysconf(_SC_CRAY_SECURE_SYS);
+
+    /*
+     *	Get socket's security label
+     */
+    if (secflag)  {
+	int szss = sizeof(ss);
+	int sock_multi;
+	int szi = sizeof(int);
+
+	memset(&dv, 0, sizeof(dv));
+
+	if (getsysv(&sysv, sizeof(struct sysv)) != 0) 
+	    fatalperror(net, "getsysv");
+
+	/*
+	 *	Get socket security label and set device values
+	 *	   {security label to be set on ttyp device}
+	 */
+#ifdef SO_SEC_MULTI			/* 8.0 code */
+	if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
+			(void *)&ss, &szss) < 0) ||
+	    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
+			(void *)&sock_multi, &szi) < 0)) 
+	    fatalperror(net, "getsockopt");
+	else {
+	    dv.dv_actlvl = ss.ss_actlabel.lt_level;
+	    dv.dv_actcmp = ss.ss_actlabel.lt_compart;
+	    if (!sock_multi) {
+		dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
+		dv.dv_valcmp = dv.dv_actcmp;
+	    } else {
+		dv.dv_minlvl = ss.ss_minlabel.lt_level;
+		dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
+		dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
+	    }
+	    dv.dv_devflg = 0;
+	}
+#else /* SO_SEC_MULTI */		/* 7.0 code */
+	if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
+		       (void *)&ss, &szss) >= 0) {
+	    dv.dv_actlvl = ss.ss_slevel;
+	    dv.dv_actcmp = ss.ss_compart;
+	    dv.dv_minlvl = ss.ss_minlvl;
+	    dv.dv_maxlvl = ss.ss_maxlvl;
+	    dv.dv_valcmp = ss.ss_maxcmp;
+	}
+#endif /* SO_SEC_MULTI */
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+    fromlen = sizeof (from);
+    if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
+	fprintf(stderr, "%s: ", progname);
+	perror("getpeername");
+	_exit(1);
+    }
+    if (keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
+		   (void *)&on, sizeof (on)) < 0) {
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+    }
+
+#if	defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+    {
+# ifdef HAVE_GETTOSBYNAME
+	struct tosent *tp;
+	if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+	    tos = tp->t_tos;
+# endif
+	if (tos < 0)
+	    tos = 020;	/* Low Delay bit */
+	if (tos
+	    && (setsockopt(0, IPPROTO_IP, IP_TOS,
+			   (void *)&tos, sizeof(tos)) < 0)
+	    && (errno != ENOPROTOOPT) )
+	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+    }
+#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
+    net = 0;
+    doit(&from);
+    /* NOTREACHED */
+    return 0;
+}  /* end of main */
+
+void
+usage()
+{
+    fprintf(stderr, "Usage: telnetd");
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
+#endif
+    fprintf(stderr, " [-debug]");
+#ifdef DIAGNOSTICS
+    fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
+#endif
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-edebug]");
+#endif
+    fprintf(stderr, " [-h]");
+    fprintf(stderr, " [-L login]");
+    fprintf(stderr, " [-n]");
+#ifdef	_CRAY
+    fprintf(stderr, " [-r[lowpty]-[highpty]]");
+#endif
+    fprintf(stderr, "\n\t");
+#ifdef	HAVE_GETTOSBYNAME
+    fprintf(stderr, " [-S tos]");
+#endif
+#ifdef	AUTHENTICATION
+    fprintf(stderr, " [-X auth-type] [-y] [-z]");
+#endif
+    fprintf(stderr, " [-u utmp_hostname_length] [-U]");
+    fprintf(stderr, " [port]\n");
+    exit(1);
+}
+
+/*
+ * getterminaltype
+ *
+ *	Ask the other end to send along its terminal type and speed.
+ * Output is the variable terminaltype filled in.
+ */
+static unsigned char ttytype_sbbuf[] = {
+    IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
+};
+
+int
+getterminaltype(char *name, size_t name_sz)
+{
+    int retval = -1;
+    void _gettermname();
+
+    settimer(baseline);
+#ifdef AUTHENTICATION
+    /*
+     * Handle the Authentication option before we do anything else.
+     */
+    send_do(TELOPT_AUTHENTICATION, 1);
+    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+	ttloop();
+    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+	retval = auth_wait(name, name_sz);
+    }
+#endif
+
+#ifdef ENCRYPTION
+    send_will(TELOPT_ENCRYPT, 1);
+    send_do(TELOPT_ENCRYPT, 1);	/* esc@magic.fi */
+#endif
+    send_do(TELOPT_TTYPE, 1);
+    send_do(TELOPT_TSPEED, 1);
+    send_do(TELOPT_XDISPLOC, 1);
+    send_do(TELOPT_NEW_ENVIRON, 1);
+    send_do(TELOPT_OLD_ENVIRON, 1);
+    while (
+#ifdef ENCRYPTION
+	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+#endif
+	   his_will_wont_is_changing(TELOPT_TTYPE) ||
+	   his_will_wont_is_changing(TELOPT_TSPEED) ||
+	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
+	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
+	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
+	ttloop();
+    }
+#ifdef ENCRYPTION
+    /*
+     * Wait for the negotiation of what type of encryption we can
+     * send with.  If autoencrypt is not set, this will just return.
+     */
+    if (his_state_is_will(TELOPT_ENCRYPT)) {
+	encrypt_wait();
+    }
+#endif
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	static unsigned char sb[] =
+	{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+	telnet_net_write (sb, sizeof sb);
+	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+
+	telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+				  sizeof ttytype_sbbuf - 2););
+    }
+    if (his_state_is_will(TELOPT_TSPEED)) {
+	while (sequenceIs(tspeedsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_XDISPLOC)) {
+	while (sequenceIs(xdisplocsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+	while (sequenceIs(environsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+	while (sequenceIs(oenvironsubopt, baseline))
+	    ttloop();
+    }
+    if (his_state_is_will(TELOPT_TTYPE)) {
+	char first[256], last[256];
+
+	while (sequenceIs(ttypesubopt, baseline))
+	    ttloop();
+
+	/*
+	 * If the other side has already disabled the option, then
+	 * we have to just go with what we (might) have already gotten.
+	 */
+	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
+	    strcpy_truncate(first, terminaltype, sizeof(first));
+	    for(;;) {
+		/*
+		 * Save the unknown name, and request the next name.
+		 */
+		strcpy_truncate(last, terminaltype, sizeof(last));
+		_gettermname();
+		if (terminaltypeok(terminaltype))
+		    break;
+		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
+		    his_state_is_wont(TELOPT_TTYPE)) {
+		    /*
+		     * We've hit the end.  If this is the same as
+		     * the first name, just go with it.
+		     */
+		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
+			break;
+		    /*
+		     * Get the terminal name one more time, so that
+		     * RFC1091 compliant telnets will cycle back to
+		     * the start of the list.
+		     */
+		    _gettermname();
+		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
+			strcpy(terminaltype, first);
+		    break;
+		}
+	    }
+	}
+    }
+    return(retval);
+}  /* end of getterminaltype */
+
+void
+_gettermname()
+{
+    /*
+     * If the client turned off the option,
+     * we can't send another request, so we
+     * just return.
+     */
+    if (his_state_is_wont(TELOPT_TTYPE))
+	return;
+    settimer(baseline);
+    telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+			      sizeof ttytype_sbbuf - 2););
+    while (sequenceIs(ttypesubopt, baseline))
+	ttloop();
+}
+
+int
+terminaltypeok(char *s)
+{
+    return 1;
+}
+
+
+char *hostname;
+char host_name[MaxHostNameLen];
+char remote_host_name[MaxHostNameLen];
+
+/*
+ * Get a pty, scan input lines.
+ */
+void
+doit(struct sockaddr_in *who)
+{
+    char *host = NULL;
+    struct hostent *hp;
+    int level;
+    int ptynum;
+    char user_name[256];
+
+    /*
+     * Find an available pty to use.
+     */
+    ourpty = getpty(&ptynum);
+    if (ourpty < 0)
+	fatal(net, "All network ports in use");
+
+#ifdef _SC_CRAY_SECURE_SYS
+    /*
+     *	set ttyp line security label
+     */
+    if (secflag) {
+	char slave_dev[16];
+
+	snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
+	if (setdevs(tty_dev, &dv) < 0)
+	    fatal(net, "cannot set pty security");
+	snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
+	if (setdevs(slave_dev, &dv) < 0)
+	    fatal(net, "cannot set tty security");
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    /* get name of connected client */
+    hp = roken_gethostbyaddr((const char *)&who->sin_addr,
+		       sizeof (struct in_addr),
+		       who->sin_family);
+
+    if (hp == NULL && registerd_host_only) {
+	fatal(net, "Couldn't resolve your address into a host name.\r\n\
+Please contact your net administrator");
+    } else if (hp) {
+	host = hp->h_name;
+    } else {
+	host = inet_ntoa(who->sin_addr);
+    }
+    /*
+     * We must make a copy because Kerberos is probably going
+     * to also do a gethost* and overwrite the static data...
+     */
+    strcpy_truncate(remote_host_name, host, sizeof(remote_host_name));
+    host = remote_host_name;
+
+    /* XXX - should be k_gethostname? */
+    gethostname(host_name, sizeof (host_name));
+    hostname = host_name;
+
+    /* Only trim if too long (and possible) */
+    if (strlen(remote_host_name) > abs(utmp_len)) {
+	char *domain = strchr(host_name, '.');
+	char *p = strchr(remote_host_name, '.');
+	if (domain && p && (strcmp(p, domain) == 0))
+	    *p = 0; /* remove domain part */
+    }
+
+
+    /*
+     * If hostname still doesn't fit utmp, use ipaddr.
+     */
+    if (strlen(remote_host_name) > abs(utmp_len))
+	strcpy_truncate(remote_host_name,
+		inet_ntoa(who->sin_addr),
+		sizeof(remote_host_name));
+
+#ifdef AUTHENTICATION
+    auth_encrypt_init(hostname, host, "TELNETD", 1);
+#endif
+
+    init_env();
+    /*
+     * get terminal type.
+     */
+    *user_name = 0;
+    level = getterminaltype(user_name, sizeof(user_name));
+    setenv("TERM", terminaltype ? terminaltype : "network", 1);
+
+#ifdef _SC_CRAY_SECURE_SYS
+    if (secflag) {
+	if (setulvl(dv.dv_actlvl) < 0)
+	    fatal(net,"cannot setulvl()");
+	if (setucmp(dv.dv_actcmp) < 0)
+	    fatal(net, "cannot setucmp()");
+    }
+#endif	/* _SC_CRAY_SECURE_SYS */
+
+    /* begin server processing */
+    my_telnet(net, ourpty, host, level, user_name);
+    /*NOTREACHED*/
+}  /* end of doit */
+
+/* output contents of /etc/issue.net, or /etc/issue */
+static void
+show_issue(void)
+{
+    FILE *f;
+    char buf[128];
+    f = fopen("/etc/issue.net", "r");
+    if(f == NULL)
+	f = fopen("/etc/issue", "r");
+    if(f){
+	while(fgets(buf, sizeof(buf)-2, f)){
+	    strcpy(buf + strcspn(buf, "\r\n"), "\r\n");
+	    writenet((unsigned char*)buf, strlen(buf));
+	}
+	fclose(f);
+    }
+}
+
+/*
+ * Main loop.  Select from pty and network, and
+ * hand data to telnet receiver finite state machine.
+ */
+void
+my_telnet(int f, int p, char *host, int level, char *autoname)
+{
+    int on = 1;
+    char *he;
+    char *IM;
+    int nfd;
+    int startslave_called = 0;
+    time_t timeout;
+
+    /*
+     * Initialize the slc mapping table.
+     */
+    get_slc_defaults();
+
+    /*
+     * Do some tests where it is desireable to wait for a response.
+     * Rather than doing them slowly, one at a time, do them all
+     * at once.
+     */
+    if (my_state_is_wont(TELOPT_SGA))
+	send_will(TELOPT_SGA, 1);
+    /*
+     * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
+     * because 4.2 clients are unable to deal with TCP urgent data.
+     *
+     * To find out, we send out a "DO ECHO".  If the remote system
+     * answers "WILL ECHO" it is probably a 4.2 client, and we note
+     * that fact ("WILL ECHO" ==> that the client will echo what
+     * WE, the server, sends it; it does NOT mean that the client will
+     * echo the terminal input).
+     */
+    send_do(TELOPT_ECHO, 1);
+
+    /*
+     * Send along a couple of other options that we wish to negotiate.
+     */
+    send_do(TELOPT_NAWS, 1);
+    send_will(TELOPT_STATUS, 1);
+    flowmode = 1;		/* default flow control state */
+    restartany = -1;	/* uninitialized... */
+    send_do(TELOPT_LFLOW, 1);
+
+    /*
+     * Spin, waiting for a response from the DO ECHO.  However,
+     * some REALLY DUMB telnets out there might not respond
+     * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
+     * telnets so far seem to respond with WONT for a DO that
+     * they don't understand...) because by the time we get the
+     * response, it will already have processed the DO ECHO.
+     * Kludge upon kludge.
+     */
+    while (his_will_wont_is_changing(TELOPT_NAWS))
+	ttloop();
+
+    /*
+     * But...
+     * The client might have sent a WILL NAWS as part of its
+     * startup code; if so, we'll be here before we get the
+     * response to the DO ECHO.  We'll make the assumption
+     * that any implementation that understands about NAWS
+     * is a modern enough implementation that it will respond
+     * to our DO ECHO request; hence we'll do another spin
+     * waiting for the ECHO option to settle down, which is
+     * what we wanted to do in the first place...
+     */
+    if (his_want_state_is_will(TELOPT_ECHO) &&
+	his_state_is_will(TELOPT_NAWS)) {
+	while (his_will_wont_is_changing(TELOPT_ECHO))
+	    ttloop();
+    }
+    /*
+     * On the off chance that the telnet client is broken and does not
+     * respond to the DO ECHO we sent, (after all, we did send the
+     * DO NAWS negotiation after the DO ECHO, and we won't get here
+     * until a response to the DO NAWS comes back) simulate the
+     * receipt of a will echo.  This will also send a WONT ECHO
+     * to the client, since we assume that the client failed to
+     * respond because it believes that it is already in DO ECHO
+     * mode, which we do not want.
+     */
+    if (his_want_state_is_will(TELOPT_ECHO)) {
+	DIAG(TD_OPTIONS,
+	     {output_data("td: simulating recv\r\n");
+	     });
+	willoption(TELOPT_ECHO);
+    }
+
+    /*
+     * Finally, to clean things up, we turn on our echo.  This
+     * will break stupid 4.2 telnets out of local terminal echo.
+     */
+
+    if (my_state_is_wont(TELOPT_ECHO))
+	send_will(TELOPT_ECHO, 1);
+
+#ifdef TIOCPKT
+#ifdef	STREAMSPTY
+    if (!really_stream)
+#endif
+	/*
+	 * Turn on packet mode
+	 */
+	ioctl(p, TIOCPKT, (char *)&on);
+#endif
+
+
+    /*
+     * Call telrcv() once to pick up anything received during
+     * terminal type negotiation, 4.2/4.3 determination, and
+     * linemode negotiation.
+     */
+    telrcv();
+
+    ioctl(f, FIONBIO, (char *)&on);
+    ioctl(p, FIONBIO, (char *)&on);
+
+#if	defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+    setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
+	       (void *)&on, sizeof on);
+#endif	/* defined(SO_OOBINLINE) */
+
+#ifdef	SIGTSTP
+    signal(SIGTSTP, SIG_IGN);
+#endif
+#ifdef	SIGTTOU
+    /*
+     * Ignoring SIGTTOU keeps the kernel from blocking us
+     * in ttioct() in /sys/tty.c.
+     */
+    signal(SIGTTOU, SIG_IGN);
+#endif
+
+    signal(SIGCHLD, cleanup);
+
+#ifdef  TIOCNOTTY
+    {
+	int t;
+	t = open(_PATH_TTY, O_RDWR);
+	if (t >= 0) {
+	    ioctl(t, TIOCNOTTY, (char *)0);
+	    close(t);
+	}
+    }
+#endif
+
+    show_issue();
+    /*
+     * Show banner that getty never gave.
+     *
+     * We put the banner in the pty input buffer.  This way, it
+     * gets carriage return null processing, etc., just like all
+     * other pty --> client data.
+     */
+
+    if (getenv("USER"))
+	hostinfo = 0;
+
+    IM = DEFAULT_IM;
+    he = 0;
+    edithost(he, host_name);
+    if (hostinfo && *IM)
+	putf(IM, ptyibuf2);
+
+    if (pcc)
+	strncat(ptyibuf2, ptyip, pcc+1);
+    ptyip = ptyibuf2;
+    pcc = strlen(ptyip);
+
+    DIAG(TD_REPORT, {
+	output_data("td: Entering processing loop\r\n");
+    });
+
+
+    nfd = ((f > p) ? f : p) + 1;
+    timeout = time(NULL) + 5;
+    for (;;) {
+	fd_set ibits, obits, xbits;
+	int c;
+
+	/* wait for encryption to be turned on, but don't wait
+           indefinitely */
+	if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
+	    startslave_called = 1;
+	    startslave(host, level, autoname);
+	}
+
+	if (ncc < 0 && pcc < 0)
+	    break;
+
+	FD_ZERO(&ibits);
+	FD_ZERO(&obits);
+	FD_ZERO(&xbits);
+	/*
+	 * Never look for input if there's still
+	 * stuff in the corresponding output buffer
+	 */
+	if (nfrontp - nbackp || pcc > 0) {
+	    FD_SET(f, &obits);
+	} else {
+	    FD_SET(p, &ibits);
+	}
+	if (pfrontp - pbackp || ncc > 0) {
+	    FD_SET(p, &obits);
+	} else {
+	    FD_SET(f, &ibits);
+	}
+	if (!SYNCHing) {
+	    FD_SET(f, &xbits);
+	}
+	if ((c = select(nfd, &ibits, &obits, &xbits,
+			(struct timeval *)0)) < 1) {
+	    if (c == -1) {
+		if (errno == EINTR) {
+		    continue;
+		}
+	    }
+	    sleep(5);
+	    continue;
+	}
+
+	/*
+	 * Any urgent data?
+	 */
+	if (FD_ISSET(net, &xbits)) {
+	    SYNCHing = 1;
+	}
+
+	/*
+	 * Something to read from the network...
+	 */
+	if (FD_ISSET(net, &ibits)) {
+#ifndef SO_OOBINLINE
+	    /*
+	     * In 4.2 (and 4.3 beta) systems, the
+	     * OOB indication and data handling in the kernel
+	     * is such that if two separate TCP Urgent requests
+	     * come in, one byte of TCP data will be overlaid.
+	     * This is fatal for Telnet, but we try to live
+	     * with it.
+	     *
+	     * In addition, in 4.2 (and...), a special protocol
+	     * is needed to pick up the TCP Urgent data in
+	     * the correct sequence.
+	     *
+	     * What we do is:  if we think we are in urgent
+	     * mode, we look to see if we are "at the mark".
+	     * If we are, we do an OOB receive.  If we run
+	     * this twice, we will do the OOB receive twice,
+	     * but the second will fail, since the second
+	     * time we were "at the mark", but there wasn't
+	     * any data there (the kernel doesn't reset
+	     * "at the mark" until we do a normal read).
+	     * Once we've read the OOB data, we go ahead
+	     * and do normal reads.
+	     *
+	     * There is also another problem, which is that
+	     * since the OOB byte we read doesn't put us
+	     * out of OOB state, and since that byte is most
+	     * likely the TELNET DM (data mark), we would
+	     * stay in the TELNET SYNCH (SYNCHing) state.
+	     * So, clocks to the rescue.  If we've "just"
+	     * received a DM, then we test for the
+	     * presence of OOB data when the receive OOB
+	     * fails (and AFTER we did the normal mode read
+	     * to clear "at the mark").
+	     */
+	    if (SYNCHing) {
+		int atmark;
+
+		ioctl(net, SIOCATMARK, (char *)&atmark);
+		if (atmark) {
+		    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
+		    if ((ncc == -1) && (errno == EINVAL)) {
+			ncc = read(net, netibuf, sizeof (netibuf));
+			if (sequenceIs(didnetreceive, gotDM)) {
+			    SYNCHing = stilloob(net);
+			}
+		    }
+		} else {
+		    ncc = read(net, netibuf, sizeof (netibuf));
+		}
+	    } else {
+		ncc = read(net, netibuf, sizeof (netibuf));
+	    }
+	    settimer(didnetreceive);
+#else	/* !defined(SO_OOBINLINE)) */
+	    ncc = read(net, netibuf, sizeof (netibuf));
+#endif	/* !defined(SO_OOBINLINE)) */
+	    if (ncc < 0 && errno == EWOULDBLOCK)
+		ncc = 0;
+	    else {
+		if (ncc <= 0) {
+		    break;
+		}
+		netip = netibuf;
+	    }
+	    DIAG((TD_REPORT | TD_NETDATA), {
+		output_data("td: netread %d chars\r\n", ncc);
+		});
+	    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+	}
+
+	/*
+	 * Something to read from the pty...
+	 */
+	if (FD_ISSET(p, &ibits)) {
+#ifdef STREAMSPTY
+	    if (really_stream)
+		pcc = readstream(p, ptyibuf, BUFSIZ);
+	    else
+#endif
+		pcc = read(p, ptyibuf, BUFSIZ);
+
+	    /*
+	     * On some systems, if we try to read something
+	     * off the master side before the slave side is
+	     * opened, we get EIO.
+	     */
+	    if (pcc < 0 && (errno == EWOULDBLOCK ||
+#ifdef	EAGAIN
+			    errno == EAGAIN ||
+#endif
+			    errno == EIO)) {
+		pcc = 0;
+	    } else {
+		if (pcc <= 0)
+		    break;
+		if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
+		    netclear();	/* clear buffer back */
+#ifndef	NO_URGENT
+		    /*
+		     * There are client telnets on some
+		     * operating systems get screwed up
+		     * royally if we send them urgent
+		     * mode data.
+		     */
+		    output_data ("%c%c", IAC, DM);
+
+		    neturg = nfrontp-1; /* off by one XXX */
+		    DIAG(TD_OPTIONS,
+			 printoption("td: send IAC", DM));
+
+#endif
+		}
+		if (his_state_is_will(TELOPT_LFLOW) &&
+		    (ptyibuf[0] &
+		     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
+		    int newflow =
+			ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+		    if (newflow != flowmode) {
+			flowmode = newflow;
+			output_data("%c%c%c%c%c%c",
+				    IAC, SB, TELOPT_LFLOW,
+				    flowmode ? LFLOW_ON
+				    : LFLOW_OFF,
+				    IAC, SE);
+			DIAG(TD_OPTIONS, printsub('>',
+						  (unsigned char *)nfrontp-4,
+						  4););
+		    }
+		}
+		pcc--;
+		ptyip = ptyibuf+1;
+	    }
+	}
+
+	while (pcc > 0) {
+	    if ((&netobuf[BUFSIZ] - nfrontp) < 3)
+		break;
+	    c = *ptyip++ & 0377, pcc--;
+	    if (c == IAC)
+		*nfrontp++ = c;
+	    *nfrontp++ = c;
+	    if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+		if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+		    *nfrontp++ = *ptyip++ & 0377;
+		    pcc--;
+		} else
+		    *nfrontp++ = '\0';
+	    }
+	}
+
+	if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
+	    netflush();
+	if (ncc > 0)
+	    telrcv();
+	if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
+	    ptyflush();
+    }
+    cleanup(0);
+}
+
+#ifndef	TCSIG
+# ifdef	TIOCSIG
+#  define TCSIG TIOCSIG
+# endif
+#endif
+
+#ifdef	STREAMSPTY
+
+    int flowison = -1;  /* current state of flow: -1 is unknown */
+
+int
+readstream(int p, char *ibuf, int bufsize)
+{
+    int flags = 0;
+    int ret = 0;
+    struct termios *tsp;
+#if 0
+    struct termio *tp;
+#endif
+    struct iocblk *ip;
+    char vstop, vstart;
+    int ixon;
+    int newflow;
+
+    strbufc.maxlen = BUFSIZ;
+    strbufc.buf = (char *)ctlbuf;
+    strbufd.maxlen = bufsize-1;
+    strbufd.len = 0;
+    strbufd.buf = ibuf+1;
+    ibuf[0] = 0;
+
+    ret = getmsg(p, &strbufc, &strbufd, &flags);
+    if (ret < 0)  /* error of some sort -- probably EAGAIN */
+	return(-1);
+
+    if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+	/* data message */
+	if (strbufd.len > 0) {			/* real data */
+	    return(strbufd.len + 1);	/* count header char */
+	} else {
+	    /* nothing there */
+	    errno = EAGAIN;
+	    return(-1);
+	}
+    }
+
+    /*
+     * It's a control message.  Return 1, to look at the flag we set
+     */
+
+    switch (ctlbuf[0]) {
+    case M_FLUSH:
+	if (ibuf[1] & FLUSHW)
+	    ibuf[0] = TIOCPKT_FLUSHWRITE;
+	return(1);
+
+    case M_IOCTL:
+	ip = (struct iocblk *) (ibuf+1);
+
+	switch (ip->ioc_cmd) {
+#ifdef TCSETS
+	case TCSETS:
+	case TCSETSW:
+	case TCSETSF:
+	    tsp = (struct termios *)
+		(ibuf+1 + sizeof(struct iocblk));
+	    vstop = tsp->c_cc[VSTOP];
+	    vstart = tsp->c_cc[VSTART];
+	    ixon = tsp->c_iflag & IXON;
+	    break;
+#endif
+#if 0
+	case TCSETA:
+	case TCSETAW:
+	case TCSETAF:
+	    tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
+	    vstop = tp->c_cc[VSTOP];
+	    vstart = tp->c_cc[VSTART];
+	    ixon = tp->c_iflag & IXON;
+	    break;
+#endif
+	default:
+	    errno = EAGAIN;
+	    return(-1);
+	}
+
+	newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+	if (newflow != flowison) {  /* it's a change */
+	    flowison = newflow;
+	    ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+	    return(1);
+	}
+    }
+
+    /* nothing worth doing anything about */
+    errno = EAGAIN;
+    return(-1);
+}
+#endif /* STREAMSPTY */
+
+/*
+ * Send interrupt to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write intr char.
+ */
+void
+interrupt()
+{
+    ptyflush();	/* half-hearted */
+
+#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
+    /* Streams PTY style ioctl to post a signal */
+    if (really_stream)
+	{
+	    int sig = SIGINT;
+	    ioctl(ourpty, TIOCSIGNAL, &sig);
+	    ioctl(ourpty, I_FLUSH, FLUSHR);
+	}
+#else
+#ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGINT);
+#else	/* TCSIG */
+    init_termbuf();
+    *pfrontp++ = slctab[SLC_IP].sptr ?
+	(unsigned char)*slctab[SLC_IP].sptr : '\177';
+#endif	/* TCSIG */
+#endif
+}
+
+/*
+ * Send quit to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write quit char.
+ */
+void
+sendbrk()
+{
+    ptyflush();	/* half-hearted */
+#ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGQUIT);
+#else	/* TCSIG */
+    init_termbuf();
+    *pfrontp++ = slctab[SLC_ABORT].sptr ?
+	(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
+#endif	/* TCSIG */
+}
+
+void
+sendsusp()
+{
+#ifdef	SIGTSTP
+    ptyflush();	/* half-hearted */
+# ifdef	TCSIG
+    ioctl(ourpty, TCSIG, (char *)SIGTSTP);
+# else	/* TCSIG */
+    *pfrontp++ = slctab[SLC_SUSP].sptr ?
+	(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
+# endif	/* TCSIG */
+#endif	/* SIGTSTP */
+}
+
+/*
+ * When we get an AYT, if ^T is enabled, use that.  Otherwise,
+ * just send back "[Yes]".
+ */
+void
+recv_ayt()
+{
+#if	defined(SIGINFO) && defined(TCSIG)
+    if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
+	ioctl(ourpty, TCSIG, (char *)SIGINFO);
+	return;
+    }
+#endif
+    output_data("\r\n[Yes]\r\n");
+}
+
+void
+doeof()
+{
+    init_termbuf();
+
+    *pfrontp++ = slctab[SLC_EOF].sptr ?
+	(unsigned char)*slctab[SLC_EOF].sptr : '\004';
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
new file mode 100644
index 0000000..5ad5bd8
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
+ */
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+/* including both <sys/ioctl.h> and <termios.h> in SunOS 4 generates a
+   lot of warnings */
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include <signal.h>
+#include <errno.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <ctype.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <termios.h>
+
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+
+#include "defs.h"
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#ifndef _POSIX_VDISABLE
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE VDISABLE
+# else
+#  define _POSIX_VDISABLE ((unsigned char)'\377')
+# endif
+#endif
+
+
+#ifdef HAVE_SYS_PTY_H
+#include <sys/pty.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+#include "ext.h"
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+#endif
+
+#ifdef KRB4
+#include <des.h>
+#include <krb.h>
+#endif
+
+#ifdef AUTHENTICATION
+#include <libtelnet/auth.h>
+#include <libtelnet/misc.h>
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#endif
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+
+#include <roken.h>
+
+/* Don't use the system login, use our version instead */
+
+/* BINDIR should be defined somewhere else... */
+
+#ifndef BINDIR
+#define BINDIR "/usr/athena/bin"
+#endif
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN	BINDIR "/login"
+
+/* fallbacks */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifdef	DIAGNOSTICS
+#define	DIAG(a,b)	if (diagnostic & (a)) b
+#else
+#define	DIAG(a,b)
+#endif
+
+/* other external variables */
+extern	char **environ;
+
+/* prototypes */
+
+/* appends data to nfrontp and advances */
+int output_data (const char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/termstat.c b/crypto/kerberosIV/appl/telnet/telnetd/termstat.c
new file mode 100644
index 0000000..80ee145
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/termstat.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: termstat.c,v 1.11 1997/05/11 06:30:04 assar Exp $");
+
+/*
+ * local variables
+ */
+int def_tspeed = -1, def_rspeed = -1;
+#ifdef	TIOCSWINSZ
+int def_row = 0, def_col = 0;
+#endif
+
+/*
+ * flowstat
+ *
+ * Check for changes to flow control
+ */
+void
+flowstat()
+{
+    if (his_state_is_will(TELOPT_LFLOW)) {
+	if (tty_flowmode() != flowmode) {
+	    flowmode = tty_flowmode();
+	    output_data("%c%c%c%c%c%c",
+			IAC, SB, TELOPT_LFLOW,
+			flowmode ? LFLOW_ON : LFLOW_OFF,
+			IAC, SE);
+	}
+	if (tty_restartany() != restartany) {
+	    restartany = tty_restartany();
+	    output_data("%c%c%c%c%c%c",
+			IAC, SB, TELOPT_LFLOW,
+			restartany ? LFLOW_RESTART_ANY
+			: LFLOW_RESTART_XON,
+			IAC, SE);
+	}
+    }
+}
+
+/*
+ * clientstat
+ *
+ * Process linemode related requests from the client.
+ * Client can request a change to only one of linemode, editmode or slc's
+ * at a time, and if using kludge linemode, then only linemode may be
+ * affected.
+ */
+void
+clientstat(int code, int parm1, int parm2)
+{
+    void netflush();
+
+    /*
+     * Get a copy of terminal characteristics.
+     */
+    init_termbuf();
+
+    /*
+     * Process request from client. code tells what it is.
+     */
+    switch (code) {
+    case TELOPT_NAWS:
+#ifdef	TIOCSWINSZ
+	{
+	    struct winsize ws;
+
+	    def_col = parm1;
+	    def_row = parm2;
+
+	    /*
+	     * Change window size as requested by client.
+	     */
+
+	    ws.ws_col = parm1;
+	    ws.ws_row = parm2;
+	    ioctl(ourpty, TIOCSWINSZ, (char *)&ws);
+	}
+#endif	/* TIOCSWINSZ */
+
+    break;
+
+    case TELOPT_TSPEED:
+	{
+	    def_tspeed = parm1;
+	    def_rspeed = parm2;
+	    /*
+	     * Change terminal speed as requested by client.
+	     * We set the receive speed first, so that if we can't
+	     * store seperate receive and transmit speeds, the transmit
+	     * speed will take precedence.
+	     */
+	    tty_rspeed(parm2);
+	    tty_tspeed(parm1);
+	    set_termbuf();
+
+	    break;
+
+	}  /* end of case TELOPT_TSPEED */
+
+    default:
+	/* What? */
+	break;
+    }  /* end of switch */
+
+    netflush();
+
+}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
new file mode 100644
index 0000000..cfca89a
--- /dev/null
+++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
@@ -0,0 +1,1157 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define PRINTOPTIONS
+#include "telnetd.h"
+
+RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
+
+/*
+ * utility functions performing io related tasks
+ */
+
+/*
+ * ttloop
+ *
+ * A small subroutine to flush the network output buffer, get some
+ * data from the network, and pass it through the telnet state
+ * machine.  We also flush the pty input buffer (by dropping its data)
+ * if it becomes too full.
+ */
+
+void
+ttloop(void)
+{
+    void netflush(void);
+    
+    DIAG(TD_REPORT, {
+	output_data("td: ttloop\r\n");
+    });
+    if (nfrontp-nbackp)
+	netflush();
+    ncc = read(net, netibuf, sizeof netibuf);
+    if (ncc < 0) {
+	syslog(LOG_INFO, "ttloop:  read: %m\n");
+	exit(1);
+    } else if (ncc == 0) {
+	syslog(LOG_INFO, "ttloop:  peer died: %m\n");
+	exit(1);
+    }
+    DIAG(TD_REPORT, {
+	output_data("td: ttloop read %d chars\r\n", ncc);
+    });
+    netip = netibuf;
+    telrcv();			/* state machine */
+    if (ncc > 0) {
+	pfrontp = pbackp = ptyobuf;
+	telrcv();
+    }
+}  /* end of ttloop */
+
+/*
+ * Check a descriptor to see if out of band data exists on it.
+ */
+int
+stilloob(int s)
+{
+    static struct timeval timeout = { 0 };
+    fd_set	excepts;
+    int value;
+
+    do {
+	FD_ZERO(&excepts);
+	FD_SET(s, &excepts);
+	value = select(s+1, 0, 0, &excepts, &timeout);
+    } while ((value == -1) && (errno == EINTR));
+
+    if (value < 0) {
+	fatalperror(ourpty, "select");
+    }
+    if (FD_ISSET(s, &excepts)) {
+	return 1;
+    } else {
+	return 0;
+    }
+}
+
+void
+ptyflush(void)
+{
+    int n;
+
+    if ((n = pfrontp - pbackp) > 0) {
+	DIAG((TD_REPORT | TD_PTYDATA), { 
+	    output_data("td: ptyflush %d chars\r\n", n);
+	});
+	DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+	n = write(ourpty, pbackp, n);
+    }
+    if (n < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+	    return;
+	cleanup(0);
+    }
+    pbackp += n;
+    if (pbackp == pfrontp)
+	pbackp = pfrontp = ptyobuf;
+}
+
+/*
+ * nextitem()
+ *
+ *	Return the address of the next "item" in the TELNET data
+ * stream.  This will be the address of the next character if
+ * the current address is a user data character, or it will
+ * be the address of the character following the TELNET command
+ * if the current address is a TELNET IAC ("I Am a Command")
+ * character.
+ */
+char *
+nextitem(char *current)
+{
+    if ((*current&0xff) != IAC) {
+	return current+1;
+    }
+    switch (*(current+1)&0xff) {
+    case DO:
+    case DONT:
+    case WILL:
+    case WONT:
+	return current+3;
+    case SB:{
+	/* loop forever looking for the SE */
+	char *look = current+2;
+
+	for (;;) {
+	    if ((*look++&0xff) == IAC) {
+		if ((*look++&0xff) == SE) {
+		    return look;
+		}
+	    }
+	}
+    }
+    default:
+	return current+2;
+    }
+}
+
+
+/*
+ * netclear()
+ *
+ *	We are about to do a TELNET SYNCH operation.  Clear
+ * the path to the network.
+ *
+ *	Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ *	A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer.  The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+void
+netclear(void)
+{
+    char *thisitem, *next;
+    char *good;
+#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+			 ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+#ifdef ENCRYPTION
+	thisitem = nclearto > netobuf ? nclearto : netobuf;
+#else
+	thisitem = netobuf;
+#endif
+
+	while ((next = nextitem(thisitem)) <= nbackp) {
+	    thisitem = next;
+	}
+
+	/* Now, thisitem is first before/at boundary. */
+
+#ifdef ENCRYPTION
+	good = nclearto > netobuf ? nclearto : netobuf;
+#else
+	good = netobuf;	/* where the good bytes go */
+#endif
+
+	while (nfrontp > thisitem) {
+	    if (wewant(thisitem)) {
+		int length;
+
+		next = thisitem;
+		do {
+		    next = nextitem(next);
+		} while (wewant(next) && (nfrontp > next));
+		length = next-thisitem;
+		memmove(good, thisitem, length);
+		good += length;
+		thisitem = next;
+	    } else {
+		thisitem = nextitem(thisitem);
+	    }
+	}
+
+	nbackp = netobuf;
+	nfrontp = good;		/* next byte to be sent */
+	neturg = 0;
+}  /* end of netclear */
+
+/*
+ *  netflush
+ *		Send as much data as possible to the network,
+ *	handling requests for urgent data.
+ */
+void
+netflush(void)
+{
+    int n;
+    extern int not42;
+
+    if ((n = nfrontp - nbackp) > 0) {
+	DIAG(TD_REPORT,
+	     { n += output_data("td: netflush %d chars\r\n", n);
+	     });
+#ifdef ENCRYPTION
+	if (encrypt_output) {
+	    char *s = nclearto ? nclearto : nbackp;
+	    if (nfrontp - s > 0) {
+		(*encrypt_output)((unsigned char *)s, nfrontp-s);
+		nclearto = nfrontp;
+	    }
+	}
+#endif
+	/*
+	 * if no urgent data, or if the other side appears to be an
+	 * old 4.2 client (and thus unable to survive TCP urgent data),
+	 * write the entire buffer in non-OOB mode.
+	 */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+	if ((neturg == 0) || (not42 == 0)) {
+#endif
+	    n = write(net, nbackp, n);	/* normal write */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+	} else {
+	    n = neturg - nbackp;
+	    /*
+	     * In 4.2 (and 4.3) systems, there is some question about
+	     * what byte in a sendOOB operation is the "OOB" data.
+	     * To make ourselves compatible, we only send ONE byte
+	     * out of band, the one WE THINK should be OOB (though
+	     * we really have more the TCP philosophy of urgent data
+	     * rather than the Unix philosophy of OOB data).
+	     */
+	    if (n > 1) {
+		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
+	    } else {
+		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+	    }
+	}
+#endif
+    }
+    if (n < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+	    return;
+	cleanup(0);
+    }
+    nbackp += n;
+#ifdef ENCRYPTION
+    if (nbackp > nclearto)
+	nclearto = 0;
+#endif
+    if (nbackp >= neturg) {
+	neturg = 0;
+    }
+    if (nbackp == nfrontp) {
+	nbackp = nfrontp = netobuf;
+#ifdef ENCRYPTION
+	nclearto = 0;
+#endif
+    }
+    return;
+}
+
+
+/*
+ * writenet
+ *
+ * Just a handy little function to write a bit of raw data to the net.
+ * It will force a transmit of the buffer if necessary
+ *
+ * arguments
+ *    ptr - A pointer to a character string to write
+ *    len - How many bytes to write
+ */
+void
+writenet(unsigned char *ptr, int len)
+{
+    /* flush buffer if no room for new data) */
+    while ((&netobuf[BUFSIZ] - nfrontp) < len) {
+	/* if this fails, don't worry, buffer is a little big */
+	netflush();
+    }
+
+    memmove(nfrontp, ptr, len);
+    nfrontp += len;
+}
+
+
+/*
+ * miscellaneous functions doing a variety of little jobs follow ...
+ */
+
+
+void fatal(int f, char *msg)
+{
+    char buf[BUFSIZ];
+
+    snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+#ifdef ENCRYPTION
+    if (encrypt_output) {
+	/*
+	 * Better turn off encryption first....
+	 * Hope it flushes...
+	 */
+	encrypt_send_end();
+	netflush();
+    }
+#endif
+    write(f, buf, (int)strlen(buf));
+    sleep(1);	/*XXX*/
+    exit(1);
+}
+
+void
+fatalperror(int f, const char *msg)
+{
+    char buf[BUFSIZ];
+    
+    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
+    fatal(f, buf);
+}
+
+char editedhost[32];
+
+void edithost(char *pat, char *host)
+{
+    char *res = editedhost;
+
+    if (!pat)
+	pat = "";
+    while (*pat) {
+	switch (*pat) {
+
+	case '#':
+	    if (*host)
+		host++;
+	    break;
+
+	case '@':
+	    if (*host)
+		*res++ = *host++;
+	    break;
+
+	default:
+	    *res++ = *pat;
+	    break;
+	}
+	if (res == &editedhost[sizeof editedhost - 1]) {
+	    *res = '\0';
+	    return;
+	}
+	pat++;
+    }
+    if (*host)
+	strcpy_truncate (res, host,
+			 sizeof editedhost - (res - editedhost));
+    else
+	*res = '\0';
+    editedhost[sizeof editedhost - 1] = '\0';
+}
+
+static char *putlocation;
+
+void
+putstr(char *s)
+{
+
+    while (*s)
+	putchr(*s++);
+}
+
+void
+putchr(int cc)
+{
+    *putlocation++ = cc;
+}
+
+/*
+ * This is split on two lines so that SCCS will not see the M
+ * between two % signs and expand it...
+ */
+static char fmtstr[] = { "%l:%M" "%P on %A, %d %B %Y" };
+
+void putf(char *cp, char *where)
+{
+#ifdef HAVE_UNAME
+    struct utsname name;
+#endif
+    char *slash;
+    time_t t;
+    char db[100];
+
+    /* if we don't have uname, set these to sensible values */
+    char *sysname = "Unix", 
+	*machine = "", 
+	*release = "",
+	*version = ""; 
+
+#ifdef HAVE_UNAME
+    uname(&name);
+    sysname=name.sysname;
+    machine=name.machine;
+    release=name.release;
+    version=name.version;
+#endif
+
+    putlocation = where;
+
+    while (*cp) {
+	if (*cp != '%') {
+	    putchr(*cp++);
+	    continue;
+	}
+	switch (*++cp) {
+
+	case 't':
+#ifdef	STREAMSPTY
+	    /* names are like /dev/pts/2 -- we want pts/2 */
+	    slash = strchr(line+1, '/');
+#else
+	    slash = strrchr(line, '/');
+#endif
+	    if (slash == (char *) 0)
+		putstr(line);
+	    else
+		putstr(&slash[1]);
+	    break;
+
+	case 'h':
+	    putstr(editedhost);
+	    break;
+
+	case 's':
+	    putstr(sysname);
+	    break;
+
+	case 'm':
+	    putstr(machine);
+	    break;
+
+	case 'r':
+	    putstr(release);
+	    break;
+
+	case 'v':
+	    putstr(version);
+	    break;
+
+	case 'd':
+	    time(&t);
+	    strftime(db, sizeof(db), fmtstr, localtime(&t));
+	    putstr(db);
+	    break;
+
+	case '%':
+	    putchr('%');
+	    break;
+	}
+	cp++;
+    }
+}
+
+#ifdef DIAGNOSTICS
+/*
+ * Print telnet options and commands in plain text, if possible.
+ */
+void
+printoption(char *fmt, int option)
+{
+    if (TELOPT_OK(option))
+	output_data("%s %s\r\n",
+		    fmt,
+		    TELOPT(option));
+    else if (TELCMD_OK(option))
+	output_data("%s %s\r\n",
+		    fmt,
+		    TELCMD(option));
+    else
+	output_data("%s %d\r\n",
+		    fmt,
+		    option);
+    return;
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+        		          	/* '<' or '>' */
+                 	         	/* where suboption data sits */
+       			       		/* length of suboption data */
+{
+    int i = 0;
+    unsigned char buf[512];
+
+    if (!(diagnostic & TD_OPTIONS))
+	return;
+
+    if (direction) {
+	output_data("td: %s suboption ",
+		    direction == '<' ? "recv" : "send");
+	if (length >= 3) {
+	    int j;
+
+	    i = pointer[length-2];
+	    j = pointer[length-1];
+
+	    if (i != IAC || j != SE) {
+		output_data("(terminated by ");
+		if (TELOPT_OK(i))
+		    output_data("%s ",
+				TELOPT(i));
+		else if (TELCMD_OK(i))
+		    output_data("%s ",
+				TELCMD(i));
+		else
+		    output_data("%d ",
+				i);
+		if (TELOPT_OK(j))
+		    output_data("%s",
+				TELOPT(j));
+		else if (TELCMD_OK(j))
+		    output_data("%s",
+				TELCMD(j));
+		else
+		    output_data("%d",
+				j);
+		output_data(", not IAC SE!) ");
+	    }
+	}
+	length -= 2;
+    }
+    if (length < 1) {
+	output_data("(Empty suboption??\?)");
+	return;
+    }
+    switch (pointer[0]) {
+    case TELOPT_TTYPE:
+	output_data("TERMINAL-TYPE ");
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS \"%.*s\"",
+			length-2,
+			(char *)pointer+2);
+	    break;
+	case TELQUAL_SEND:
+	    output_data("SEND");
+	    break;
+	default:
+	    output_data("- unknown qualifier %d (0x%x).",
+			pointer[1], pointer[1]);
+	}
+	break;
+    case TELOPT_TSPEED:
+	output_data("TERMINAL-SPEED");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data(" IS %.*s", length-2, (char *)pointer+2);
+	    break;
+	default:
+	    if (pointer[1] == 1)
+		output_data(" SEND");
+	    else
+		output_data(" %d (unknown)", pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?", pointer[i]);
+	    }
+	    break;
+	}
+	break;
+
+    case TELOPT_LFLOW:
+	output_data("TOGGLE-FLOW-CONTROL");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case LFLOW_OFF:
+	    output_data(" OFF");
+	    break;
+	case LFLOW_ON:
+	    output_data(" ON");
+	    break;
+	case LFLOW_RESTART_ANY:
+	    output_data(" RESTART-ANY");
+	    break;
+	case LFLOW_RESTART_XON:
+	    output_data(" RESTART-XON");
+	    break;
+	default:
+	    output_data(" %d (unknown)",
+			pointer[1]);
+	}
+	for (i = 2; i < length; i++) {
+	    output_data(" ?%d?",
+			pointer[i]);
+	}
+	break;
+
+    case TELOPT_NAWS:
+	output_data("NAWS");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	if (length == 2) {
+	    output_data(" ?%d?",
+			pointer[1]);
+	    break;
+	}
+	output_data(" %u %u(%u)",
+		    pointer[1],
+		    pointer[2],
+		    (((unsigned int)pointer[1])<<8) + pointer[2]);
+	if (length == 4) {
+	    output_data(" ?%d?",
+			pointer[3]);
+	    break;
+	}
+	output_data(" %u %u(%u)",
+		    pointer[3],
+		    pointer[4],
+		    (((unsigned int)pointer[3])<<8) + pointer[4]);
+	for (i = 5; i < length; i++) {
+	    output_data(" ?%d?",
+			pointer[i]);
+	}
+	break;
+
+    case TELOPT_LINEMODE:
+	output_data("LINEMODE ");
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case WILL:
+	    output_data("WILL ");
+	    goto common;
+	case WONT:
+	    output_data("WONT ");
+	    goto common;
+	case DO:
+	    output_data("DO ");
+	    goto common;
+	case DONT:
+	    output_data("DONT ");
+	common:
+	    if (length < 3) {
+		output_data("(no option??\?)");
+		break;
+	    }
+	    switch (pointer[2]) {
+	    case LM_FORWARDMASK:
+		output_data("Forward Mask");
+		for (i = 3; i < length; i++) {
+		    output_data(" %x", pointer[i]);
+		}
+		break;
+	    default:
+		output_data("%d (unknown)",
+			    pointer[2]);
+		for (i = 3; i < length; i++) {
+		    output_data(" %d",
+				pointer[i]);
+		}
+		break;
+	    }
+	    break;
+
+	case LM_SLC:
+	    output_data("SLC");
+	    for (i = 2; i < length - 2; i += 3) {
+		if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+		    output_data(" %s",
+				SLC_NAME(pointer[i+SLC_FUNC]));
+		else
+		    output_data(" %d",
+				pointer[i+SLC_FUNC]);
+		switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+		case SLC_NOSUPPORT:
+		    output_data(" NOSUPPORT");
+		    break;
+		case SLC_CANTCHANGE:
+		    output_data(" CANTCHANGE");
+		    break;
+		case SLC_VARIABLE:
+		    output_data(" VARIABLE");
+		    break;
+		case SLC_DEFAULT:
+		    output_data(" DEFAULT");
+		    break;
+		}
+		output_data("%s%s%s",
+			    pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+			    pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+			    pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+		if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+					    SLC_FLUSHOUT| SLC_LEVELBITS)) {
+		    output_data("(0x%x)",
+				pointer[i+SLC_FLAGS]);
+		}
+		output_data(" %d;",
+			    pointer[i+SLC_VALUE]);
+		if ((pointer[i+SLC_VALUE] == IAC) &&
+		    (pointer[i+SLC_VALUE+1] == IAC))
+		    i++;
+	    }
+	    for (; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+
+	case LM_MODE:
+	    output_data("MODE ");
+	    if (length < 3) {
+		output_data("(no mode??\?)");
+		break;
+	    }
+	    {
+		char tbuf[32];
+		snprintf(tbuf,
+			 sizeof(tbuf),
+			 "%s%s%s%s%s",
+			 pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			 pointer[2]&MODE_ACK ? "|ACK" : "");
+		output_data("%s",
+			    tbuf[1] ? &tbuf[1] : "0");
+	    }
+	    if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+		output_data(" (0x%x)",
+			    pointer[2]);
+	    }
+	    for (i = 3; i < length; i++) {
+		output_data(" ?0x%x?",
+			 pointer[i]);
+	    }
+	    break;
+	default:
+	    output_data("%d (unknown)",
+			pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" %d", pointer[i]);
+	    }
+	}
+	break;
+
+    case TELOPT_STATUS: {
+	char *cp;
+	int j, k;
+
+	output_data("STATUS");
+
+	switch (pointer[1]) {
+	default:
+	    if (pointer[1] == TELQUAL_SEND)
+		output_data(" SEND");
+	    else
+		output_data(" %d (unknown)",
+			    pointer[1]);
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+	case TELQUAL_IS:
+	    output_data(" IS\r\n");
+
+	    for (i = 2; i < length; i++) {
+		switch(pointer[i]) {
+		case DO:	cp = "DO"; goto common2;
+		case DONT:	cp = "DONT"; goto common2;
+		case WILL:	cp = "WILL"; goto common2;
+		case WONT:	cp = "WONT"; goto common2;
+		common2:
+		i++;
+		if (TELOPT_OK(pointer[i]))
+		    output_data(" %s %s",
+				cp,
+				TELOPT(pointer[i]));
+		else
+		    output_data(" %s %d",
+				cp,
+				pointer[i]);
+
+		output_data("\r\n");
+		break;
+
+		case SB:
+		    output_data(" SB ");
+		    i++;
+		    j = k = i;
+		    while (j < length) {
+			if (pointer[j] == SE) {
+			    if (j+1 == length)
+				break;
+			    if (pointer[j+1] == SE)
+				j++;
+			    else
+				break;
+			}
+			pointer[k++] = pointer[j++];
+		    }
+		    printsub(0, &pointer[i], k - i);
+		    if (i < length) {
+			output_data(" SE");
+			i = j;
+		    } else
+			i = j - 1;
+
+		    output_data("\r\n");
+
+		    break;
+
+		default:
+		    output_data(" %d",
+				pointer[i]);
+		    break;
+		}
+	    }
+	    break;
+	}
+	break;
+    }
+
+    case TELOPT_XDISPLOC:
+	output_data("X-DISPLAY-LOCATION ");
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS \"%.*s\"",
+			length-2,
+			(char *)pointer+2);
+	    break;
+	case TELQUAL_SEND:
+	    output_data("SEND");
+	    break;
+	default:
+	    output_data("- unknown qualifier %d (0x%x).",
+			pointer[1], pointer[1]);
+	}
+	break;
+
+    case TELOPT_NEW_ENVIRON:
+	output_data("NEW-ENVIRON ");
+	goto env_common1;
+    case TELOPT_OLD_ENVIRON:
+	output_data("OLD-ENVIRON");
+    env_common1:
+	switch (pointer[1]) {
+	case TELQUAL_IS:
+	    output_data("IS ");
+	    goto env_common;
+	case TELQUAL_SEND:
+	    output_data("SEND ");
+	    goto env_common;
+	case TELQUAL_INFO:
+	    output_data("INFO ");
+	env_common:
+	    {
+		int noquote = 2;
+		for (i = 2; i < length; i++ ) {
+		    switch (pointer[i]) {
+		    case NEW_ENV_VAR:
+			output_data("\" VAR " + noquote);
+			noquote = 2;
+			break;
+
+		    case NEW_ENV_VALUE:
+			output_data("\" VALUE " + noquote);
+			noquote = 2;
+			break;
+
+		    case ENV_ESC:
+			output_data("\" ESC " + noquote);
+			noquote = 2;
+			break;
+
+		    case ENV_USERVAR:
+			output_data("\" USERVAR " + noquote);
+			noquote = 2;
+			break;
+
+		    default:
+			if (isprint(pointer[i]) && pointer[i] != '"') {
+			    if (noquote) {
+				output_data ("\"");
+				noquote = 0;
+			    }
+			    output_data ("%c", pointer[i]);
+			} else {
+			    output_data("\" %03o " + noquote,
+					pointer[i]);
+			    noquote = 2;
+			}
+			break;
+		    }
+		}
+		if (!noquote)
+		    output_data ("\"");
+		break;
+	    }
+	}
+	break;
+
+#ifdef AUTHENTICATION
+    case TELOPT_AUTHENTICATION:
+	output_data("AUTHENTICATION");
+
+	if (length < 2) {
+	    output_data(" (empty suboption??\?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case TELQUAL_REPLY:
+	case TELQUAL_IS:
+	    output_data(" %s ",
+			(pointer[1] == TELQUAL_IS) ?
+			"IS" : "REPLY");
+	    if (AUTHTYPE_NAME_OK(pointer[2]))
+		output_data("%s ",
+			    AUTHTYPE_NAME(pointer[2]));
+	    else
+		output_data("%d ",
+			    pointer[2]);
+	    if (length < 3) {
+		output_data("(partial suboption??\?)");
+		break;
+	    }
+	    output_data("%s|%s",
+			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			"CLIENT" : "SERVER",
+			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			"MUTUAL" : "ONE-WAY");
+
+	    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+	    output_data("%s",
+			buf);
+	    break;
+
+	case TELQUAL_SEND:
+	    i = 2;
+	    output_data(" SEND ");
+	    while (i < length) {
+		if (AUTHTYPE_NAME_OK(pointer[i]))
+		    output_data("%s ",
+				AUTHTYPE_NAME(pointer[i]));
+		else
+		    output_data("%d ",
+				pointer[i]);
+		if (++i >= length) {
+		    output_data("(partial suboption??\?)");
+		    break;
+		}
+		output_data("%s|%s ",
+			    ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+			    "CLIENT" : "SERVER",
+			    ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+			    "MUTUAL" : "ONE-WAY");
+		++i;
+	    }
+	    break;
+
+	case TELQUAL_NAME:
+	    i = 2;
+	    output_data(" NAME \"%.*s\"",
+			length - 2,
+			pointer);
+	    break;
+
+	default:
+	    for (i = 2; i < length; i++) {
+		output_data(" ?%d?",
+			    pointer[i]);
+	    }
+	    break;
+	}
+	break;
+#endif
+
+#ifdef ENCRYPTION
+    case TELOPT_ENCRYPT:
+	output_data("ENCRYPT");
+	if (length < 2) {
+	    output_data(" (empty suboption?)");
+	    break;
+	}
+	switch (pointer[1]) {
+	case ENCRYPT_START:
+	    output_data(" START");
+	    break;
+
+	case ENCRYPT_END:
+	    output_data(" END");
+	    break;
+
+	case ENCRYPT_REQSTART:
+	    output_data(" REQUEST-START");
+	    break;
+
+	case ENCRYPT_REQEND:
+	    output_data(" REQUEST-END");
+	    break;
+
+	case ENCRYPT_IS:
+	case ENCRYPT_REPLY:
+	    output_data(" %s ",
+			(pointer[1] == ENCRYPT_IS) ?
+			"IS" : "REPLY");
+	    if (length < 3) {
+		output_data(" (partial suboption?)");
+		break;
+	    }
+	    if (ENCTYPE_NAME_OK(pointer[2]))
+		output_data("%s ",
+			    ENCTYPE_NAME(pointer[2]));
+	    else
+		output_data(" %d (unknown)",
+			    pointer[2]);
+
+	    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+	    output_data("%s",
+			buf);
+	    break;
+
+	case ENCRYPT_SUPPORT:
+	    i = 2;
+	    output_data(" SUPPORT ");
+	    while (i < length) {
+		if (ENCTYPE_NAME_OK(pointer[i]))
+		    output_data("%s ",
+				ENCTYPE_NAME(pointer[i]));
+		else
+		    output_data("%d ",
+				pointer[i]);
+		i++;
+	    }
+	    break;
+
+	case ENCRYPT_ENC_KEYID:
+	    output_data(" ENC_KEYID %d", pointer[1]);
+	    goto encommon;
+
+	case ENCRYPT_DEC_KEYID:
+	    output_data(" DEC_KEYID %d", pointer[1]);
+	    goto encommon;
+
+	default:
+	    output_data(" %d (unknown)", pointer[1]);
+	encommon:
+	    for (i = 2; i < length; i++) {
+		output_data(" %d", pointer[i]);
+	    }
+	    break;
+	}
+	break;
+#endif
+
+    default:
+	if (TELOPT_OK(pointer[0]))
+	    output_data("%s (unknown)",
+			TELOPT(pointer[0]));
+	else
+	    output_data("%d (unknown)",
+			pointer[i]);
+	for (i = 1; i < length; i++) {
+	    output_data(" %d", pointer[i]);
+	}
+	break;
+    }
+    output_data("\r\n");
+}
+
+/*
+ * Dump a data buffer in hex and ascii to the output data stream.
+ */
+void
+printdata(char *tag, char *ptr, int cnt)
+{
+    int i;
+    char xbuf[30];
+
+    while (cnt) {
+	/* flush net output buffer if no room for new data) */
+	if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
+	    netflush();
+	}
+
+	/* add a line of output */
+	output_data("%s: ", tag);
+	for (i = 0; i < 20 && cnt; i++) {
+	    output_data("%02x", *ptr);
+	    if (isprint(*ptr)) {
+		xbuf[i] = *ptr;
+	    } else {
+		xbuf[i] = '.';
+	    }
+	    if (i % 2) {
+		output_data(" ");
+	    }
+	    cnt--;
+	    ptr++;
+	}
+	xbuf[i] = '\0';
+	output_data(" %s\r\n", xbuf);
+    }
+}
+#endif /* DIAGNOSTICS */
diff --git a/crypto/kerberosIV/cf/ChangeLog b/crypto/kerberosIV/cf/ChangeLog
new file mode 100644
index 0000000..8bc4d04
--- /dev/null
+++ b/crypto/kerberosIV/cf/ChangeLog
@@ -0,0 +1,158 @@
+1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
+
+	* check-x.m4: extended test for X
+	
+1999-05-14  Assar Westerlund  <assar@sics.se>
+
+	* check-netinet-ip-and-tcp.m4: proper autoheader tricks
+
+	* check-netinet-ip-and-tcp.m4: new file for checking for
+ 	netinet/{ip,tcp}.h.  These are special as they on Irix 6.5.3
+	require <standards.h> to be included in advance.
+ 
+	* check-xau.m4: we also need to check for XauFilename since it's
+ 	used by appl/kx.  And on Irix 6.5 that function requires linking
+ 	with -lX11.
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* krb-find-db.m4: try with more header files than ndbm.h
+
+1999-04-19  Assar Westerlund  <assar@sics.se>
+
+	* test-package.m4: try to handle the case of --without-package
+ 	correctly
+
+1999-04-17  Assar Westerlund  <assar@sics.se>
+
+	* make-aclocal: removed.  Not used anymore, being replaced by
+	aclocal from automake.
+
+Thu Apr 15 14:17:26 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* make-proto.pl: handle __attribute__
+
+Fri Apr  9 20:37:18 1999  Assar Westerlund  <assar@sics.se>
+
+	* shared-libs.m4: quote $@
+	(freebsd3): add install_symlink_command2
+
+Wed Apr  7 20:40:22 1999  Assar Westerlund  <assar@sics.se>
+
+	* shared-libs.m4 (hpux): no library dependencies
+
+Mon Apr  5 16:13:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* test-package.m4: compile and link, rather than looking for
+ 	files; also export more information, so it's possible to add rpath
+ 	information
+
+Tue Mar 30 13:49:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am.common: CFLAGS -> AM_CFLAGS
+
+Mon Mar 29 16:51:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* check-xau.m4: check for XauWriteAuth before checking for
+ 	XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX
+ 	6.5 that doesn't work with -lXau
+
+Sat Mar 27 18:03:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* osfc2.m4: --enable-osfc2
+
+Fri Mar 19 15:34:52 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* shared-libs.m4: move shared lib stuff here
+
+Wed Mar 24 23:24:51 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install-build-headers): simplify loop
+
+Tue Mar 23 17:31:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's
+ 	posix or not
+
+Tue Mar 23 00:00:13 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am.common (install_build_headers): try to make it work
+ 	better when list of headers is empty.  handle make rewriting the
+ 	filenames.
+
+	* Makefile.am.common: hesoid -> hesiod
+
+Sun Mar 21 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* grok-type.m4: <bind/bitypes.h>
+
+	* Makefile.am.common: fix for automake bug/feature; add more LIB_*
+
+	* test-package.m4: fix typo
+
+	* check-man.m4: fix some typos
+
+	* auth-modules.m4: tests for authentication modules
+
+Thu Mar 18 11:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am.common: make install-build-headers a multi
+ 	dependency target
+
+	* Makefile.am.common: remove include_dir hack
+
+	* Makefile.am.common: define LIB_kafs and LIB_gssapi
+
+	* krb-find-db.m4: subst DBLIB also
+
+	* check-xau.m4: test for Xau{Read,Write}Auth
+
+Wed Mar 10 19:29:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* wflags.m4: AC_WFLAGS
+
+Mon Mar  1 11:23:41 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* have-struct-field.m4: remove extra AC_MSG_RESULT
+
+	* proto-compat.m4: typo
+
+	* krb-func-getcwd-broken.m4: update to autoconf 2.13
+
+	* krb-find-db.m4: update to autoconf 2.13
+
+	* check-declaration.m4: typo
+
+	* have-pragma-weak.m4: update to autoconf 2.13
+
+	* have-struct-field.m4: better handling of types with spaces
+
+Mon Feb 22 20:05:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* broken-glob.m4: check for broken glob
+
+Sun Jan 31 06:50:33 1999  Assar Westerlund  <assar@sics.se>
+
+	* krb-ipv6.m4: more magic for different v6 implementations.  From
+ 	Jun-ichiro itojun Hagino <itojun@kame.net>
+
+Sun Nov 22 12:16:06 1998  Assar Westerlund  <assar@sics.se>
+
+	* krb-struct-spwd.m4: new file
+
+Thu Jun  4 04:07:41 1998  Assar Westerlund  <assar@sics.se>
+
+	* find-func-no-libs2.m4: new file
+
+Fri May  1 23:31:28 1998  Assar Westerlund  <assar@sics.se>
+
+	* c-attribute.m4, c-function.m4: new files (from arla)
+
+Wed Mar 18 23:11:29 1998  Assar Westerlund  <assar@sics.se>
+
+	* krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
+
+Thu Feb 26 02:37:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* make-proto.pl: should work with perl4
+
diff --git a/crypto/kerberosIV/cf/Makefile.am.common b/crypto/kerberosIV/cf/Makefile.am.common
new file mode 100644
index 0000000..af92746
--- /dev/null
+++ b/crypto/kerberosIV/cf/Makefile.am.common
@@ -0,0 +1,255 @@
+# $Id: Makefile.am.common,v 1.11 1999/05/26 08:42:55 assar Exp $
+
+AUTOMAKE_OPTIONS = foreign no-dependencies
+
+SUFFIXES = .et .h
+
+INCLUDES = -I$(top_builddir)/include
+
+AM_CFLAGS += $(WFLAGS)
+
+COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
+
+## set build_HEADERZ to headers that should just be installed in build tree
+
+buildinclude = $(top_builddir)/include
+
+## these aren't detected by automake
+LIB_XauReadAuth		= @LIB_XauReadAuth@
+LIB_crypt		= @LIB_crypt@
+LIB_dbm_firstkey	= @LIB_dbm_firstkey@
+LIB_dbopen		= @LIB_dbopen@
+LIB_dlopen		= @LIB_dlopen@
+LIB_dn_expand		= @LIB_dn_expand@
+LIB_el_init		= @LIB_el_init@
+LIB_getattr		= @LIB_getattr@
+LIB_gethostbyname	= @LIB_gethostbyname@
+LIB_getpwent_r		= @LIB_getpwent_r@
+LIB_getpwnam_r		= @LIB_getpwnam_r@
+LIB_getsockopt		= @LIB_getsockopt@
+LIB_logout		= @LIB_logout@
+LIB_logwtmp		= @LIB_logwtmp@
+LIB_odm_initialize	= @LIB_odm_initialize@
+LIB_readline		= @LIB_readline@
+LIB_res_search		= @LIB_res_search@
+LIB_setpcred		= @LIB_setpcred@
+LIB_setsockopt		= @LIB_setsockopt@
+LIB_socket		= @LIB_socket@
+LIB_syslog		= @LIB_syslog@
+LIB_tgetent		= @LIB_tgetent@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_readline = @INCLUDE_readline@
+LIB_readline = @LIB_readline@
+
+LEXLIB = @LEXLIB@
+
+install-suid-programs:
+	@foo='$(bin_SUIDS)'; \
+	for file in $$foo; do \
+	x=$(DESTDIR)$(bindir)/$$file; \
+	if chown 0:0 $$x && chmod u+s $$x; then :; else \
+	chmod 0 $$x; fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers::
+	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
+	for f in $$foo; do \
+		f=`basename $$f`; \
+		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+		else file="$$f"; fi; \
+		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
+		: ; else \
+			echo " $(INSTALL_DATA) $$file $(buildinclude)/$$f"; \
+			$(INSTALL_DATA) $$file $(buildinclude)/$$f; \
+		fi ; \
+	done
+
+all-local: install-build-headers
+
+cat1dir = $(mandir)/cat1
+cat3dir = $(mandir)/cat3
+cat5dir = $(mandir)/cat5
+cat8dir = $(mandir)/cat8
+
+MANRX = \(.*\)\.\([0-9]\)
+CATSUFFIX = @CATSUFFIX@
+
+SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.1.cat1:
+	$(NROFF_MAN) $< > $@
+.3.cat3:
+	$(NROFF_MAN) $< > $@
+.5.cat5:
+	$(NROFF_MAN) $< > $@
+.8.cat8:
+	$(NROFF_MAN) $< > $@
+
+## MAINTAINERCLEANFILES += 
+
+dist-cat1-mans:
+	@foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat3-mans:
+	@foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat5-mans:
+	@foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-cat8-mans:
+	@foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done ;\
+	for i in $$foo; do \
+		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+	done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat1-mans:
+	@ext=1;\
+	foo='$(man1_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.1) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat1dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+
+install-cat3-mans:
+	@ext=3;\
+	foo='$(man3_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.3) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat3dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+install-cat5-mans:
+	@ext=5;\
+	foo='$(man5_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.5) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat5dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+install-cat8-mans:
+	@ext=8;\
+	foo='$(man8_MANS)'; \
+	bar='$(man_MANS)'; \
+	for i in $$bar; do \
+	case $$i in \
+	*.8) foo="$$foo $$i";; \
+	esac; done; \
+	if test "$$foo"; then \
+		$(mkinstalldirs) $(DESTDIR)$(cat8dir); \
+		for x in $$foo; do \
+			f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
+			if test -f "$(srcdir)/$$f"; then \
+				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
+				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
+				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
+			 fi; \
+		done ;\
+	fi
+	
+
+install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
+
+install-data-local: install-cat-mans
+
+
+.et.h:
+	$(COMPILE_ET) $<
+.et.c:
+	$(COMPILE_ET) $<
+
+if KRB4
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+endif
+
+if KRB5
+LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+	$(top_builddir)/lib/asn1/libasn1.la
+LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+endif
+
diff --git a/crypto/kerberosIV/cf/auth-modules.m4 b/crypto/kerberosIV/cf/auth-modules.m4
new file mode 100644
index 0000000..2f11c73
--- /dev/null
+++ b/crypto/kerberosIV/cf/auth-modules.m4
@@ -0,0 +1,27 @@
+dnl $Id: auth-modules.m4,v 1.1 1999/03/21 13:48:00 joda Exp $
+dnl
+dnl Figure what authentication modules should be built
+
+AC_DEFUN(AC_AUTH_MODULES,[
+AC_MSG_CHECKING(which authentication modules should be built)
+
+LIB_AUTH_SUBDIRS=
+
+if test "$ac_cv_header_siad_h" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
+	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+
+case "${host}" in
+changequote(,)dnl
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+changequote([,])dnl
+esac
+
+AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+])
diff --git a/crypto/kerberosIV/cf/broken-glob.m4 b/crypto/kerberosIV/cf/broken-glob.m4
new file mode 100644
index 0000000..8d52792
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken-glob.m4
@@ -0,0 +1,22 @@
+dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
+dnl
+dnl check for glob(3)
+dnl
+AC_DEFUN(AC_BROKEN_GLOB,[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_TRY_LINK([
+#include <stdio.h>
+#include <glob.h>],[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+],:,ac_cv_func_glob_working=no,:))
+
+if test "$ac_cv_func_glob_working" = yes; then
+	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])
diff --git a/crypto/kerberosIV/cf/broken-snprintf.m4 b/crypto/kerberosIV/cf/broken-snprintf.m4
new file mode 100644
index 0000000..efd69f0
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken-snprintf.m4
@@ -0,0 +1,58 @@
+dnl $Id: broken-snprintf.m4,v 1.3 1999/03/01 09:52:22 joda Exp $
+dnl
+AC_DEFUN(AC_BROKEN_SNPRINTF, [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+int main()
+{
+changequote(`,')dnl
+	char foo[3];
+changequote([,])dnl
+	snprintf(foo, 2, "12");
+	return strcmp(foo, "1");
+}],:,ac_cv_func_snprintf_working=no,:))
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
+])
+
+AC_DEFUN(AC_BROKEN_VSNPRINTF,[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+changequote(`,')dnl
+	char bar[3];
+changequote([,])dnl
+	va_list arg;
+	va_start(arg, num);
+	vsnprintf(bar, 2, "%s", arg);
+	va_end(arg);
+	return strcmp(bar, "1");
+}
+
+
+int main()
+{
+	return foo(0, "12");
+}],:,ac_cv_func_vsnprintf_working=no,:))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
+fi
+])
diff --git a/crypto/kerberosIV/cf/broken.m4 b/crypto/kerberosIV/cf/broken.m4
new file mode 100644
index 0000000..4044064
--- /dev/null
+++ b/crypto/kerberosIV/cf/broken.m4
@@ -0,0 +1,19 @@
+dnl $Id: broken.m4,v 1.3 1998/03/16 22:16:19 joda Exp $
+dnl
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries 
+
+AC_DEFUN(AC_BROKEN,
+[for ac_func in $1
+do
+AC_CHECK_FUNC($ac_func, [
+ac_tr_func=HAVE_[]upcase($ac_func)
+AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS[]="$LIBOBJS ${ac_func}.o"])
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+END
+done
+AC_SUBST(LIBOBJS)dnl
+])
diff --git a/crypto/kerberosIV/cf/c-attribute.m4 b/crypto/kerberosIV/cf/c-attribute.m4
new file mode 100644
index 0000000..87cea03
--- /dev/null
+++ b/crypto/kerberosIV/cf/c-attribute.m4
@@ -0,0 +1,31 @@
+dnl
+dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
+dnl
+dnl Test for __attribute__
+dnl
+
+AC_DEFUN(AC_C___ATTRIBUTE__, [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_TRY_COMPILE([
+#include <stdlib.h>
+],
+[
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+],
+ac_cv___attribute__=yes,
+ac_cv___attribute__=no)])
+if test "$ac_cv___attribute__" = "yes"; then
+  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+
diff --git a/crypto/kerberosIV/cf/c-function.m4 b/crypto/kerberosIV/cf/c-function.m4
new file mode 100644
index 0000000..b16d556
--- /dev/null
+++ b/crypto/kerberosIV/cf/c-function.m4
@@ -0,0 +1,33 @@
+dnl
+dnl $Id: c-function.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+
+dnl
+dnl Test for __FUNCTION__
+dnl
+
+AC_DEFUN(AC_C___FUNCTION__, [
+AC_MSG_CHECKING(for __FUNCTION__)
+AC_CACHE_VAL(ac_cv___function__, [
+AC_TRY_RUN([
+#include <string.h>
+
+static char *foo()
+{
+  return __FUNCTION__;
+}
+
+int main()
+{
+  return strcmp(foo(), "foo") != 0;
+}
+],
+ac_cv___function__=yes,
+ac_cv___function__=no,
+ac_cv___function__=no)])
+if test "$ac_cv___function__" = "yes"; then
+  AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
+fi
+AC_MSG_RESULT($ac_cv___function__)
+])
+
diff --git a/crypto/kerberosIV/cf/check-declaration.m4 b/crypto/kerberosIV/cf/check-declaration.m4
new file mode 100644
index 0000000..5f584e5
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-declaration.m4
@@ -0,0 +1,25 @@
+dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
+dnl
+dnl
+dnl Check if we need the declaration of a variable
+dnl
+
+dnl AC_HAVE_DECLARATION(includes, variable)
+AC_DEFUN(AC_CHECK_DECLARATION, [
+AC_MSG_CHECKING([if $2 is properly declared])
+AC_CACHE_VAL(ac_cv_var_$2_declaration, [
+AC_TRY_COMPILE([$1
+extern struct { int foo; } $2;],
+[$2.foo = 1;],
+eval "ac_cv_var_$2_declaration=no",
+eval "ac_cv_var_$2_declaration=yes")
+])
+
+define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
+
+AC_MSG_RESULT($ac_cv_var_$2_declaration)
+if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
+	AC_DEFINE(foo, 1, [define if your system declares $2])
+fi
+undefine([foo])
+])
diff --git a/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4 b/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4
new file mode 100644
index 0000000..cc75666
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-getpwnam_r-posix.m4
@@ -0,0 +1,24 @@
+dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
+dnl
+dnl check for getpwnam_r, and if it's posix or not
+
+AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+	ac_libs="$LIBS"
+	LIBS="$LIBS $LIB_getpwnam_r"
+	AC_TRY_RUN([
+#include <pwd.h>
+int main()
+{
+	struct passwd pw, *pwd;
+	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
+])
\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/check-man.m4 b/crypto/kerberosIV/cf/check-man.m4
new file mode 100644
index 0000000..2133069
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-man.m4
@@ -0,0 +1,59 @@
+dnl $Id: check-man.m4,v 1.2 1999/03/21 14:30:50 joda Exp $
+dnl check how to format manual pages
+dnl
+
+AC_DEFUN(AC_CHECK_MAN,
+[AC_PATH_PROG(NROFF, nroff)
+AC_PATH_PROG(GROFF, groff)
+AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
+[cat > conftest.1 << END
+.Dd January 1, 1970
+.Dt CONFTEST 1
+.Sh NAME
+.Nm conftest
+.Nd
+foobar
+END
+
+if test "$NROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$NROFF" $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$NROFF $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
+	for i in "-mdoc" "-mandoc"; do
+		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
+			grep Jan > /dev/null 2>&1 ; then
+			ac_cv_sys_man_format="$GROFF -Tascii $i"
+			break
+		fi
+	done
+fi
+if test "$ac_cv_sys_man_format"; then
+	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
+fi
+])
+if test "$ac_cv_sys_man_format"; then
+	CATMAN="$ac_cv_sys_man_format"
+	AC_SUBST(CATMAN)
+fi
+AM_CONDITIONAL(CATMAN, test "$CATMAN")
+AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
+[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
+	ac_cv_sys_catman_ext=0
+else
+	ac_cv_sys_catman_ext=number
+fi
+])
+if test "$ac_cv_sys_catman_ext" = number; then
+	CATMANEXT='$$ext'
+else
+	CATMANEXT=0
+fi
+AC_SUBST(CATMANEXT)
+
+])
\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4 b/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4
new file mode 100644
index 0000000..8cb529d
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-netinet-ip-and-tcp.m4
@@ -0,0 +1,38 @@
+dnl
+dnl $Id: check-netinet-ip-and-tcp.m4,v 1.2 1999/05/14 13:15:40 assar Exp $
+dnl
+
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_MSG_CHECKING([for $i])
+AC_CACHE_VAL([ac_cv_header_$cv],
+[AC_TRY_CPP([\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+],
+eval "ac_cv_header_$cv=yes",
+eval "ac_cv_header_$cv=no")])
+AC_MSG_RESULT(`eval echo \\$ac_cv_header_$cv`)
+changequote(, )dnl
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+changequote([, ])dnl
+  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+dnl autoheader tricks *sigh*
+: << END
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
+END
+
+])
diff --git a/crypto/kerberosIV/cf/check-type-extra.m4 b/crypto/kerberosIV/cf/check-type-extra.m4
new file mode 100644
index 0000000..e6af4bd
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-type-extra.m4
@@ -0,0 +1,23 @@
+dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN(AC_CHECK_TYPE_EXTRA,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
+])
diff --git a/crypto/kerberosIV/cf/check-var.m4 b/crypto/kerberosIV/cf/check-var.m4
new file mode 100644
index 0000000..9f37366
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-var.m4
@@ -0,0 +1,20 @@
+dnl $Id: check-var.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl AC_CHECK_VAR(includes, variable)
+AC_DEFUN(AC_CHECK_VAR, [
+AC_MSG_CHECKING(for $2)
+AC_CACHE_VAL(ac_cv_var_$2, [
+AC_TRY_LINK([extern int $2;
+int foo() { return $2; }],
+	    [foo()],
+	    ac_cv_var_$2=yes, ac_cv_var_$2=no)
+])
+define([foo], [HAVE_]translit($2, [a-z], [A-Z]))
+
+AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`)
+if test `eval echo \\$ac_cv_var_$2` = yes; then
+	AC_DEFINE_UNQUOTED(foo, 1, [define if you have $2])
+	AC_CHECK_DECLARATION([$1],[$2])
+fi
+undefine([foo])
+])
diff --git a/crypto/kerberosIV/cf/check-x.m4 b/crypto/kerberosIV/cf/check-x.m4
new file mode 100644
index 0000000..2635e7d
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-x.m4
@@ -0,0 +1,52 @@
+dnl 
+dnl See if there is any X11 present
+dnl
+dnl $Id: check-x.m4,v 1.1 1999/06/03 00:22:10 joda Exp $
+
+AC_DEFUN(KRB_CHECK_X,[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo -lX11"
+		AC_TRY_RUN([
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	])
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+])
diff --git a/crypto/kerberosIV/cf/check-xau.m4 b/crypto/kerberosIV/cf/check-xau.m4
new file mode 100644
index 0000000..bad2a60
--- /dev/null
+++ b/crypto/kerberosIV/cf/check-xau.m4
@@ -0,0 +1,64 @@
+dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
+dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
+dnl
+AC_DEFUN(AC_CHECK_XAU,[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+## check for XauWriteAuth first, so we detect the case where
+## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
+## could be done by checking for XauReadAuth in -lXau first, but this
+## breaks in IRIX 6.5
+
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
+LIBS="$ac_xxx"
+
+## set LIB_XauReadAuth to union of these tests, since this is what the
+## Makefiles are using
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
+else
+	AC_SUBST(NEED_WRITEAUTH_TRUE)
+	AC_SUBST(NEED_WRITEAUTH_FALSE)
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+])
diff --git a/crypto/kerberosIV/cf/find-func-no-libs.m4 b/crypto/kerberosIV/cf/find-func-no-libs.m4
new file mode 100644
index 0000000..a239742
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func-no-libs.m4
@@ -0,0 +1,9 @@
+dnl $Id: find-func-no-libs.m4,v 1.3 1998/06/04 02:06:50 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
+AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4])])
diff --git a/crypto/kerberosIV/cf/find-func-no-libs2.m4 b/crypto/kerberosIV/cf/find-func-no-libs2.m4
new file mode 100644
index 0000000..d5896cf
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func-no-libs2.m4
@@ -0,0 +1,63 @@
+dnl $Id: find-func-no-libs2.m4,v 1.1 1998/06/04 02:07:12 assar Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in $2; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS="$ac_lib $ac_save_LIBS"
+		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
+	done
+	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+	LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+dnl autoheader tricks *sigh*
+: << END
+@@@funcs="$funcs $1"@@@
+@@@libs="$libs $2"@@@
+END
+
+# $1
+eval "ac_tr_func=HAVE_[]upcase($1)"
+eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
+eval "LIB_$1=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_$1=yes"
+	eval "LIB_$1="
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_MSG_RESULT([yes])
+	;;
+	no)
+	eval "ac_cv_func_$1=no"
+	eval "LIB_$1="
+	AC_MSG_RESULT([no])
+	;;
+	*)
+	eval "ac_cv_func_$1=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	AC_DEFINE_UNQUOTED($ac_tr_func)
+	AC_DEFINE_UNQUOTED($ac_tr_lib)
+	AC_MSG_RESULT([yes, in $ac_res])
+	;;
+esac
+AC_SUBST(LIB_$1)
+])
diff --git a/crypto/kerberosIV/cf/find-func.m4 b/crypto/kerberosIV/cf/find-func.m4
new file mode 100644
index 0000000..bb2b3ac
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-func.m4
@@ -0,0 +1,9 @@
+dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
+dnl
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN(AC_FIND_FUNC, [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+	LIBS="$LIB_$1 $LIBS"
+fi
+])
diff --git a/crypto/kerberosIV/cf/find-if-not-broken.m4 b/crypto/kerberosIV/cf/find-if-not-broken.m4
new file mode 100644
index 0000000..e855ec7
--- /dev/null
+++ b/crypto/kerberosIV/cf/find-if-not-broken.m4
@@ -0,0 +1,13 @@
+dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $
+dnl
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+LIBOBJS[]="$LIBOBJS $1.o"
+fi
+AC_SUBST(LIBOBJS)dnl
+])
diff --git a/crypto/kerberosIV/cf/grok-type.m4 b/crypto/kerberosIV/cf/grok-type.m4
new file mode 100644
index 0000000..e74c6cf
--- /dev/null
+++ b/crypto/kerberosIV/cf/grok-type.m4
@@ -0,0 +1,35 @@
+dnl $Id: grok-type.m4,v 1.3 1999/03/21 18:59:56 joda Exp $
+dnl
+AC_DEFUN(AC_GROK_TYPE, [
+AC_CACHE_VAL(ac_cv_type_$1, 
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+$i x;
+,
+eval ac_cv_type_$1=yes,
+eval ac_cv_type_$1=no))])
+
+AC_DEFUN(AC_GROK_TYPES, [
+for i in $1; do
+	AC_MSG_CHECKING(for $i)
+	AC_GROK_TYPE($i)
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_[]upcase($i)
+		AC_DEFINE_UNQUOTED($type)
+	fi
+	AC_MSG_RESULT($ac_res)
+done
+])
diff --git a/crypto/kerberosIV/cf/have-pragma-weak.m4 b/crypto/kerberosIV/cf/have-pragma-weak.m4
new file mode 100644
index 0000000..330e601
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-pragma-weak.m4
@@ -0,0 +1,37 @@
+dnl $Id: have-pragma-weak.m4,v 1.3 1999/03/01 11:55:25 joda Exp $
+dnl
+AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
+if test "${enable_shared}" = "yes"; then
+AC_MSG_CHECKING(for pragma weak)
+AC_CACHE_VAL(ac_have_pragma_weak, [
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t() {
+  return foo;
+}
+
+int main() {
+  return t();
+}
+EOF
+if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+])
+if test "$ac_have_pragma_weak" = "yes"; then
+	AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl
+fi
+AC_MSG_RESULT($ac_have_pragma_weak)
+fi
+])
diff --git a/crypto/kerberosIV/cf/have-struct-field.m4 b/crypto/kerberosIV/cf/have-struct-field.m4
new file mode 100644
index 0000000..f44b036
--- /dev/null
+++ b/crypto/kerberosIV/cf/have-struct-field.m4
@@ -0,0 +1,19 @@
+dnl $Id: have-struct-field.m4,v 1.5 1999/03/01 13:10:35 joda Exp $
+dnl
+dnl check for fields in a structure
+dnl
+dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
+
+AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
+define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
+AC_CACHE_CHECK([for $2 in $1], cache_val,[
+AC_TRY_COMPILE([$3],[$1 x; x.$2;],
+cache_val=yes,
+cache_val=no)])
+if test "$cache_val" = yes; then
+	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
+	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
+	undefine(foo)
+fi
+undefine(cache_val)
+])
diff --git a/crypto/kerberosIV/cf/krb-find-db.m4 b/crypto/kerberosIV/cf/krb-find-db.m4
new file mode 100644
index 0000000..5080049
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-find-db.m4
@@ -0,0 +1,98 @@
+dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
+dnl
+dnl find a suitable database library
+dnl
+dnl AC_FIND_DB(libraries)
+AC_DEFUN(KRB_FIND_DB, [
+
+lib_dbm=no
+lib_db=no
+
+for i in $1; do
+
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
+
+	AC_MSG_CHECKING(for dbm_open in $m)
+	AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	AC_TRY_RUN([
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}], [
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi], ac_res=no, ac_res=no)
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res])
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	AC_MSG_RESULT($ac_res)
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+AC_MSG_CHECKING(for NDBM library)
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).])
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
+fi
+test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl
+AC_SUBST(LIB_DBM)
+DBLIB="$LIB_DBM"
+AC_SUBST(DBLIB)
+AC_MSG_RESULT($ac_res)
+
+])
diff --git a/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4 b/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4
new file mode 100644
index 0000000..d248922
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-func-getcwd-broken.m4
@@ -0,0 +1,42 @@
+dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
+dnl
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_TRY_RUN([
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+	errno = ENOTTY;
+	return 0;
+}
+
+int main()
+{
+	char *ret;
+	ret = getcwd(0, 1024);
+	if(ret == 0 && errno == ENOTTY)
+		return 0;
+	return 1;
+}
+], ac_cv_func_getcwd_broken=yes,:,:)
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
+	LIBOBJS="$LIBOBJS getcwd.o"
+	AC_SUBST(LIBOBJS)dnl
+	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+	AC_MSG_RESULT([seems ok])
+fi
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-ipv6.m4 b/crypto/kerberosIV/cf/krb-ipv6.m4
new file mode 100644
index 0000000..490058d
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-ipv6.m4
@@ -0,0 +1,130 @@
+dnl $Id: krb-ipv6.m4,v 1.5 1999/03/21 14:06:16 joda Exp $
+dnl
+dnl test for IPv6
+dnl
+AC_DEFUN(AC_KRB_IPV6, [
+AC_CACHE_CHECK(for IPv6,ac_cv_lib_ipv6,
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+],
+[
+#if defined(IN6ADDR_ANY_INIT)
+struct in6_addr any = IN6ADDR_ANY_INIT;
+#elif defined(IPV6ADDR_ANY_INIT)
+struct in6_addr any = IPV6ADDR_ANY_INIT;
+#else
+#error no any?
+#endif
+ struct sockaddr_in6 sin6;
+ int s;
+
+ s = socket(AF_INET6, SOCK_DGRAM, 0);
+
+ sin6.sin6_family = AF_INET6;
+ sin6.sin6_port = htons(17);
+ sin6.sin6_addr = any;
+ bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
+],
+ac_cv_lib_ipv6=yes,
+ac_cv_lib_ipv6=no))
+if test "$ac_cv_lib_ipv6" = yes; then
+  AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
+
+	dnl check for different v6 implementations (by itojun)
+	v6type=unknown
+	v6lib=none
+
+	AC_MSG_CHECKING([ipv6 stack type])
+	for i in v6d toshiba kame inria zeta linux; do
+		case $i in
+		v6d)
+			AC_EGREP_CPP(yes, [dnl
+#include </usr/local/v6/include/sys/types.h>
+#ifdef __V6D__
+yes
+#endif],
+				[v6type=$i; v6lib=v6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-I/usr/local/v6/include $CFLAGS"])
+			;;
+		toshiba)
+			AC_EGREP_CPP(yes, [dnl
+#include <sys/param.h>
+#ifdef _TOSHIBA_INET6
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		kame)
+			AC_EGREP_CPP(yes, [dnl
+#include <netinet/in.h>
+#ifdef __KAME__
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		inria)
+			AC_EGREP_CPP(yes, [dnl
+#include <netinet/in.h>
+#ifdef IPV6_INRIA_VERSION
+yes
+#endif],
+				[v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		zeta)
+			AC_EGREP_CPP(yes, [dnl
+#include <sys/param.h>
+#ifdef _ZETA_MINAMI_INET6
+yes
+#endif],
+				[v6type=$i; v6lib=inet6;
+				v6libdir=/usr/local/v6/lib;
+				CFLAGS="-DINET6 $CFLAGS"])
+			;;
+		linux)
+			if test -d /usr/inet6; then
+				v6type=$i
+				v6lib=inet6
+				v6libdir=/usr/inet6
+				CFLAGS="-DINET6 $CFLAGS"
+			fi
+			;;
+		esac
+		if test "$v6type" != "unknown"; then
+			break
+		fi
+	done
+	AC_MSG_RESULT($v6type)
+
+	if test "$v6lib" != "none"; then
+		for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
+			if test -d $dir -a -f $dir/lib$v6lib.a; then
+				LIBS="-L$dir -l$v6lib $LIBS"
+				break
+			fi
+		done
+dnl		AC_CHECK_LIB($v6lib, getaddrinfo,
+dnl			[SERVER_LIBS="-l$v6lib $SERVER_LIBS"],
+dnl			[dnl
+dnl			echo "Fatal: no $v6lib library found.  cannot continue."
+dnl			echo "You need to fetch lib$v6lib.a from appropriate v6 kit and"
+dnl			echo 'compile beforehand.'
+dnl			exit 1])
+	fi
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-prog-ln-s.m4 b/crypto/kerberosIV/cf/krb-prog-ln-s.m4
new file mode 100644
index 0000000..efb706e
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-ln-s.m4
@@ -0,0 +1,28 @@
+dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN(AC_KRB_PROG_LN_S,
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+  rm -f conftestdata
+  ac_cv_prog_LN_S="ln -s"
+else
+  touch conftestdata1
+  if ln conftestdata1 conftestdata2; then
+    rm -f conftestdata*
+    ac_cv_prog_LN_S=ln
+  else
+    ac_cv_prog_LN_S=cp
+  fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
diff --git a/crypto/kerberosIV/cf/krb-prog-ranlib.m4 b/crypto/kerberosIV/cf/krb-prog-ranlib.m4
new file mode 100644
index 0000000..fd1d3db
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-ranlib.m4
@@ -0,0 +1,8 @@
+dnl $Id: krb-prog-ranlib.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
+dnl
+dnl
+dnl Also look for EMXOMF for OS/2
+dnl
+
+AC_DEFUN(AC_KRB_PROG_RANLIB,
+[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
diff --git a/crypto/kerberosIV/cf/krb-prog-yacc.m4 b/crypto/kerberosIV/cf/krb-prog-yacc.m4
new file mode 100644
index 0000000..28ae59c
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-prog-yacc.m4
@@ -0,0 +1,8 @@
+dnl $Id: krb-prog-yacc.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN(AC_KRB_PROG_YACC,
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
diff --git a/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4 b/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4
new file mode 100644
index 0000000..ac80690
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-sockaddr-sa-len.m4
@@ -0,0 +1,22 @@
+dnl $Id: krb-struct-sockaddr-sa-len.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl Check for sa_len in sys/socket.h
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_SOCKADDR_SA_LEN, [
+AC_MSG_CHECKING(for sa_len in struct sockaddr)
+AC_CACHE_VAL(ac_cv_struct_sockaddr_sa_len, [
+AC_TRY_COMPILE(
+[#include <sys/types.h>
+#include <sys/socket.h>],
+[struct sockaddr sa;
+int foo = sa.sa_len;],
+ac_cv_struct_sockaddr_sa_len=yes,
+ac_cv_struct_sockaddr_sa_len=no)
+])
+if test "$ac_cv_struct_sockaddr_sa_len" = yes; then
+	AC_DEFINE(SOCKADDR_HAS_SA_LEN)dnl
+fi
+AC_MSG_RESULT($ac_cv_struct_sockaddr_sa_len)
+])
diff --git a/crypto/kerberosIV/cf/krb-struct-spwd.m4 b/crypto/kerberosIV/cf/krb-struct-spwd.m4
new file mode 100644
index 0000000..c088129
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-spwd.m4
@@ -0,0 +1,22 @@
+dnl $Id
+dnl
+dnl Test for `struct spwd'
+
+AC_DEFUN(AC_KRB_STRUCT_SPWD, [
+AC_MSG_CHECKING(for struct spwd)
+AC_CACHE_VAL(ac_cv_type_struct_spwd, [
+AC_TRY_COMPILE(
+[#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif],
+[struct spwd foo;],
+ac_cv_struct_spwd=yes,
+ac_cv_struct_spwd=no)
+])
+AC_MSG_RESULT($ac_cv_struct_spwd)
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
+fi
+])
diff --git a/crypto/kerberosIV/cf/krb-struct-winsize.m4 b/crypto/kerberosIV/cf/krb-struct-winsize.m4
new file mode 100644
index 0000000..f89f683
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-struct-winsize.m4
@@ -0,0 +1,27 @@
+dnl $Id: krb-struct-winsize.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
+dnl
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+changequote(, )dnl
+struct[ 	]*winsize,dnl
+changequote([,])dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h, 
+	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
+AC_EGREP_HEADER(ws_ypixel, termios.h, 
+	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
+])
diff --git a/crypto/kerberosIV/cf/krb-sys-aix.m4 b/crypto/kerberosIV/cf/krb-sys-aix.m4
new file mode 100644
index 0000000..a538005
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-sys-aix.m4
@@ -0,0 +1,15 @@
+dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
+dnl
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN(AC_KRB_SYS_AIX, [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes, 
+[#ifdef _AIX
+	yes
+#endif 
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
diff --git a/crypto/kerberosIV/cf/krb-sys-nextstep.m4 b/crypto/kerberosIV/cf/krb-sys-nextstep.m4
new file mode 100644
index 0000000..31dc907
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-sys-nextstep.m4
@@ -0,0 +1,21 @@
+dnl $Id: krb-sys-nextstep.m4,v 1.2 1998/06/03 23:48:40 joda Exp $
+dnl
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [
+AC_MSG_CHECKING(for NEXTSTEP)
+AC_CACHE_VAL(krb_cv_sys_nextstep,
+AC_EGREP_CPP(yes, 
+[#if defined(NeXT) && !defined(__APPLE__)
+	yes
+#endif 
+], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) )
+if test "$krb_cv_sys_nextstep" = "yes"; then
+  CFLAGS="$CFLAGS -posix"
+  LIBS="$LIBS -posix"
+fi
+AC_MSG_RESULT($krb_cv_sys_nextstep)
+])
diff --git a/crypto/kerberosIV/cf/krb-version.m4 b/crypto/kerberosIV/cf/krb-version.m4
new file mode 100644
index 0000000..a4a1221
--- /dev/null
+++ b/crypto/kerberosIV/cf/krb-version.m4
@@ -0,0 +1,25 @@
+dnl $Id: krb-version.m4,v 1.1 1997/12/14 15:59:03 joda Exp $
+dnl
+dnl
+dnl output a C header-file with some version strings
+dnl
+AC_DEFUN(AC_KRB_VERSION,[
+dnl AC_OUTPUT_COMMANDS([
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+	echo "include/version.h is unchanged"
+	rm -f include/newversion.h.in
+else
+ 	echo "creating include/version.h"
+ 	User=${USER-${LOGNAME}}
+ 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ 	Date=`date`
+	mv -f include/newversion.h.in include/version.h.in
+	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+dnl ],host=$host PACKAGE=$PACKAGE VERSION=$VERSION)
+])
diff --git a/crypto/kerberosIV/cf/make-proto.pl b/crypto/kerberosIV/cf/make-proto.pl
new file mode 100644
index 0000000..9a47aed
--- /dev/null
+++ b/crypto/kerberosIV/cf/make-proto.pl
@@ -0,0 +1,199 @@
+# Make prototypes from .c files
+# $Id: make-proto.pl,v 1.11 1999/04/15 12:37:54 joda Exp $
+
+##use Getopt::Std;
+require 'getopts.pl';
+
+$brace = 0;
+$line = "";
+$debug = 0;
+
+do Getopts('o:p:d') || die "foo";
+
+if($opt_d) {
+    $debug = 1;
+}
+
+while(<>) {
+    print $brace, " ", $_ if($debug);
+    if(/^\#if 0/) {
+	$if_0 = 1;
+    }
+    if($if_0 && /^\#endif/) {
+	$if_0 = 0;
+    }
+    if($if_0) { next }
+    if(/^\s*\#/) {
+	next;
+    }
+    if(/^\s*$/) {
+	$line = "";
+	next;
+    }
+    if(/\{/){
+	$_ = $line;
+	while(s/\*\//\ca/){
+	    s/\/\*(.|\n)*\ca//;
+	}
+	s/^\s*//;
+	s/\s$//;
+	s/\s+/ /g;
+	if($line =~ /\)\s$/){
+	    if(!/^static/ && !/^PRIVATE/){
+		if(/(.*)(__attribute__\s?\(.*\))/) {
+		    $attr = $2;
+		    $_ = $1;
+		} else {
+		    $attr = "";
+		}
+		# remove outer ()
+		s/\s*\(/@/;
+		s/\)\s?$/@/;
+		# remove , within ()
+		while(s/\(([^()]*),(.*)\)/($1\$$2)/g){}
+		s/,\s*/,\n\t/g;
+		# fix removed ,
+		s/\$/,/g;
+		# match function name
+		/([a-zA-Z0-9_]+)\s*@/;
+		$f = $1;
+		# only add newline if more than one parameter
+		$LP = "((";  # XXX workaround for indentation bug in emacs
+		$RP = "))";
+		$P = "__P((";
+                if(/,/){ 
+		    s/@/ __P$LP\n\t/;
+		}else{
+		    s/@/ __P$LP/;
+		}
+		s/@/$RP/;
+		# insert newline before function name
+		s/(.*)\s([a-zA-Z0-9_]+ __P)/$1\n$2/;
+		if($attr ne "") {
+		    $_ .= "\n    $attr";
+		}
+		$_ = $_ . ";";
+		$funcs{$f} = $_;
+	    }
+	}
+	$line = "";
+	$brace++;
+    }
+    if(/\}/){
+	$brace--;
+    }
+    if(/^\}/){
+	$brace = 0;
+    }
+    if($brace == 0) {
+	$line = $line . " " . $_;
+    }
+}
+
+sub foo {
+    local ($arg) = @_;
+    $_ = $arg;
+    s/.*\/([^\/]*)/$1/;
+    s/[^a-zA-Z0-9]/_/g;
+    "__" . $_ . "__";
+}
+
+if($opt_o) {
+    open(OUT, ">$opt_o");
+    $block = &foo($opt_o);
+} else {
+    $block = "__public_h__";
+}
+
+if($opt_p) {
+    open(PRIV, ">$opt_p");
+    $private = &foo($opt_p);
+} else {
+    $private = "__private_h__";
+}
+
+$public_h = "";
+$private_h = "";
+
+$public_h_header = "/* This is a generated file */
+#ifndef $block
+#define $block
+
+#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+
+$private_h_header = "/* This is a generated file */
+#ifndef $private
+#define $private
+
+#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+
+foreach(sort keys %funcs){
+    if(/^(main)$/) { next }
+    if(/^_/) {
+	$private_h .= $funcs{$_} . "\n\n";
+	if($funcs{$_} =~ /__attribute__/) {
+	    $private_attribute_seen = 1;
+	}
+    } else {
+	$public_h .= $funcs{$_} . "\n\n";
+	if($funcs{$_} =~ /__attribute__/) {
+	    $public_attribute_seen = 1;
+	}
+    }
+}
+
+if ($public_attribute_seen) {
+    $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+}
+
+if ($private_attribute_seen) {
+    $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+}
+
+
+if ($public_h ne "") {
+    $public_h = $public_h_header . $public_h . "#endif /* $block */\n";
+}
+if ($private_h ne "") {
+    $private_h = $private_h_header . $private_h . "#endif /* $private */\n";
+}
+
+if($opt_o) {
+    print OUT $public_h;
+} 
+if($opt_p) {
+    print PRIV $private_h;
+} 
+
+close OUT;
+close PRIV;
diff --git a/crypto/kerberosIV/cf/mips-abi.m4 b/crypto/kerberosIV/cf/mips-abi.m4
new file mode 100644
index 0000000..c7b8815
--- /dev/null
+++ b/crypto/kerberosIV/cf/mips-abi.m4
@@ -0,0 +1,87 @@
+dnl $Id: mips-abi.m4,v 1.4 1998/05/16 20:44:15 joda Exp $
+dnl
+dnl
+dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
+dnl value.
+
+AC_DEFUN(AC_MIPS_ABI, [
+AC_ARG_WITH(mips_abi,
+[  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)])
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+dnl
+dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
+dnl AC_MSG_RESULT
+dnl
+AC_MSG_CHECKING([if $CC supports the $abi option])
+AC_CACHE_VAL($ac_foo, [
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
+CFLAGS="$save_CFLAGS"
+])
+ac_res=`eval echo \\\$$ac_foo`
+AC_MSG_RESULT($ac_res)
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		AC_ERROR([$CC does not support the $with_mips_abi ABI])
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			AC_ERROR([$CC does not support the $with_mips_abi ABI])
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) AC_ERROR("Invalid ABI specified") ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+])
diff --git a/crypto/kerberosIV/cf/misc.m4 b/crypto/kerberosIV/cf/misc.m4
new file mode 100644
index 0000000..0be97a4
--- /dev/null
+++ b/crypto/kerberosIV/cf/misc.m4
@@ -0,0 +1,3 @@
+dnl $Id: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/kerberosIV/cf/need-proto.m4 b/crypto/kerberosIV/cf/need-proto.m4
new file mode 100644
index 0000000..8c8d1d3
--- /dev/null
+++ b/crypto/kerberosIV/cf/need-proto.m4
@@ -0,0 +1,25 @@
+dnl $Id: need-proto.m4,v 1.2 1999/03/01 09:52:24 joda Exp $
+dnl
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN(AC_NEED_PROTO, [
+if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_TRY_COMPILE([$1],
+[struct foo { int foo; } xx;
+extern int $2 (struct foo*);
+$2(&xx);
+],
+eval "ac_cv_func_$2_noproto=yes",
+eval "ac_cv_func_$2_noproto=no"))
+define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO])
+if test "$ac_cv_func_$2_noproto" = yes; then
+	AC_DEFINE(foo, 1, [define if the system is missing a prototype for $2()])
+fi
+undefine([foo])
+fi
+])
diff --git a/crypto/kerberosIV/cf/osfc2.m4 b/crypto/kerberosIV/cf/osfc2.m4
new file mode 100644
index 0000000..d8cb2e1
--- /dev/null
+++ b/crypto/kerberosIV/cf/osfc2.m4
@@ -0,0 +1,14 @@
+dnl $Id: osfc2.m4,v 1.2 1999/03/27 17:28:16 joda Exp $
+dnl
+dnl enable OSF C2 stuff
+
+AC_DEFUN(AC_CHECK_OSFC2,[
+AC_ARG_ENABLE(osfc2,
+[  --enable-osfc2          enable some OSF C2 support])
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
+	LIB_security=-lsecurity
+fi
+AC_SUBST(LIB_security)
+])
diff --git a/crypto/kerberosIV/cf/proto-compat.m4 b/crypto/kerberosIV/cf/proto-compat.m4
new file mode 100644
index 0000000..942f658
--- /dev/null
+++ b/crypto/kerberosIV/cf/proto-compat.m4
@@ -0,0 +1,22 @@
+dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
+dnl
+dnl
+dnl Check if the prototype of a function is compatible with another one
+dnl
+
+dnl AC_PROTO_COMPAT(includes, function, prototype)
+
+AC_DEFUN(AC_PROTO_COMPAT, [
+AC_CACHE_CHECK([if $2 is compatible with system prototype],
+ac_cv_func_$2_proto_compat,
+AC_TRY_COMPILE([$1],
+[$3;],
+eval "ac_cv_func_$2_proto_compat=yes",
+eval "ac_cv_func_$2_proto_compat=no"))
+define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
+if test "$ac_cv_func_$2_proto_compat" = yes; then
+	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
+	$3])
+fi
+undefine([foo])
+])
\ No newline at end of file
diff --git a/crypto/kerberosIV/cf/shared-libs.m4 b/crypto/kerberosIV/cf/shared-libs.m4
new file mode 100644
index 0000000..ffc3603
--- /dev/null
+++ b/crypto/kerberosIV/cf/shared-libs.m4
@@ -0,0 +1,186 @@
+dnl
+dnl $Id: shared-libs.m4,v 1.3 1999/04/09 15:34:25 assar Exp $
+dnl
+dnl Shared library stuff has to be different everywhere
+dnl
+
+AC_DEFUN(AC_SHARED_LIBS, [
+
+dnl Check if we want to use shared libraries
+AC_ARG_ENABLE(shared,
+[  --enable-shared         create shared libraries for Kerberos])
+
+AC_SUBST(CFLAGS)dnl
+AC_SUBST(LDFLAGS)dnl
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
+esac
+
+# NOTE: Building shared libraries may not work if you do not use gcc!
+#
+# OS		$SHLIBEXT
+# HP-UX		sl
+# Linux		so
+# NetBSD	so
+# FreeBSD	so
+# OSF		so
+# SunOS5	so
+# SunOS4	so.0.5
+# Irix		so
+#
+# LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+AC_SUBST(LINK)
+lib_deps=yes
+REAL_PICFLAGS="-fpic"
+LDSHARED='$(CC) $(PICFLAGS) -shared'
+LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
+REAL_SHLIBEXT=so
+changequote({,})dnl
+SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
+changequote([,])dnl
+case "${host}" in
+*-*-hpux*)
+	REAL_SHLIBEXT=sl
+	REAL_LD_FLAGS='-Wl,+b$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED="ld -b"
+		REAL_PICFLAGS="+z"
+	fi
+	lib_deps=no
+	;;
+*-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-freebsd3*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-*bsd*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	;;
+*-*-osf*)
+	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_PICFLAGS=
+	LDSHARED='ld -shared -expect_unresolved \*'
+	;;
+*-*-solaris2*)
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	if test -z "$GCC"; then
+		LDSHARED='$(CC) -G'
+		REAL_PICFLAGS="-Kpic"
+	fi
+	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
+*-*-sunos*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
+	;;
+*-*-irix*)
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
+	;;
+*-*-os2*)
+	LIBPREFIX=
+	EXECSUFFIX='.exe'
+	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
+	REAL_SHLIBEXT=nobuild
+	;;
+*-*-cygwin32*)
+	EXECSUFFIX='.exe'
+	REAL_SHLIBEXT=nobuild
+	;;
+*)	REAL_SHLIBEXT=nobuild
+	REAL_PICFLAGS= 
+	;;
+esac
+
+if test "${enable_shared}" != "yes" ; then 
+ PICFLAGS=""
+ SHLIBEXT="nobuild"
+ LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
+else
+ PICFLAGS="$REAL_PICFLAGS"
+ SHLIBEXT="$REAL_SHLIBEXT"
+ LIBEXT="$SHLIBEXT"
+ AC_MSG_CHECKING(whether to use -rpath)
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     AC_MSG_RESULT(no)
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     AC_MSG_RESULT($LD_FLAGS)
+     ;;
+   esac
+fi
+
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
+else
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
+AC_SUBST(lib_deps_yes)
+AC_SUBST(lib_deps_no)
+
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
+fi
+
+AC_SUBST(REAL_PICFLAGS) dnl
+AC_SUBST(REAL_SHLIBEXT) dnl
+AC_SUBST(REAL_LD_FLAGS) dnl
+
+AC_SUBST(PICFLAGS) dnl
+AC_SUBST(SHLIBEXT) dnl
+AC_SUBST(LDSHARED) dnl
+AC_SUBST(LD_FLAGS) dnl
+AC_SUBST(LIBEXT) dnl
+AC_SUBST(LIBPREFIX) dnl
+AC_SUBST(EXECSUFFIX) dnl
+
+AC_SUBST(build_symlink_command)dnl
+AC_SUBST(install_symlink_command)dnl
+AC_SUBST(install_symlink_command2)dnl
+])
diff --git a/crypto/kerberosIV/cf/test-package.m4 b/crypto/kerberosIV/cf/test-package.m4
new file mode 100644
index 0000000..6bae158
--- /dev/null
+++ b/crypto/kerberosIV/cf/test-package.m4
@@ -0,0 +1,88 @@
+dnl $Id: test-package.m4,v 1.7 1999/04/19 13:33:05 assar Exp $
+dnl
+dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations)
+
+AC_DEFUN(AC_TEST_PACKAGE,[AC_TEST_PACKAGE_NEW($1,[#include <$2>],$4,,$5)])
+
+AC_DEFUN(AC_TEST_PACKAGE_NEW,[
+AC_ARG_WITH($1,
+[  --with-$1=dir                use $1 in dir])
+AC_ARG_WITH($1-lib,
+[  --with-$1-lib=dir            use $1 libraries in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+AC_ARG_WITH($1-include,
+[  --with-$1-include=dir        use $1 headers in dir],
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+  AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+  with_$1=yes
+fi])
+
+AC_MSG_CHECKING(for $1)
+
+case "$with_$1" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_$1_include" = ""; then
+		with_$1_include="$with_$1/include"
+	fi
+	if test "$with_$1_lib" = ""; then
+		with_$1_lib="$with_$1/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d='$5'
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_$1_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_$1_include $header_dirs";;
+esac
+case "$with_$1_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_$1_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	AC_TRY_COMPILE([$2],,ires=$i;break)
+done
+for i in $lib_dirs; do
+	LIBS="-L$i $3 $4 $save_LIBS"
+	AC_TRY_LINK([$2],,lres=$i;break)
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
+	$1_includedir="$ires"
+	$1_libdir="$lres"
+	INCLUDE_$1="-I$$1_includedir"
+	LIB_$1="-L$$1_libdir $3"
+	AC_DEFINE_UNQUOTED(upcase($1),1,[Define if you have the $1 package.])
+	with_$1=yes
+	AC_MSG_RESULT([headers $ires, libraries $lres])
+else
+	INCLUDE_$1=
+	LIB_$1=
+	with_$1=no
+	AC_MSG_RESULT($with_$1)
+fi
+AC_SUBST(INCLUDE_$1)
+AC_SUBST(LIB_$1)
+])
diff --git a/crypto/kerberosIV/cf/wflags.m4 b/crypto/kerberosIV/cf/wflags.m4
new file mode 100644
index 0000000..6d9e073
--- /dev/null
+++ b/crypto/kerberosIV/cf/wflags.m4
@@ -0,0 +1,21 @@
+dnl $Id: wflags.m4,v 1.3 1999/03/11 12:11:41 joda Exp $
+dnl
+dnl set WFLAGS
+
+AC_DEFUN(AC_WFLAGS,[
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+if test -z "$WFLAGS" -a "$GCC" = "yes"; then
+  # -Wno-implicit-int for broken X11 headers
+  # leave these out for now:
+  #   -Wcast-align doesn't work well on alpha osf/1
+  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
+  #   -Wmissing-declarations -Wnested-externs
+  WFLAGS="ifelse($#, 0,-Wall, $1)"
+  WFLAGS_NOUNUSED="-Wno-unused"
+  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
+fi
+AC_SUBST(WFLAGS)dnl
+AC_SUBST(WFLAGS_NOUNUSED)dnl
+AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
+])
diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess
index 74253c3..153490d 100644
--- a/crypto/kerberosIV/config.guess
+++ b/crypto/kerberosIV/config.guess
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc.
+#   Copyright (C) 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
 #
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -52,11 +52,53 @@ trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     alpha:OSF1:*:*)
+	if test $UNAME_RELEASE = "V4.0"; then
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+	fi
 	# A Vn.n version is a released version.
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'`
+	cat <<EOF >dummy.s
+	.globl main
+	.ent main
+main:
+	.frame \$30,0,\$26,0
+	.prologue 0
+	.long 0x47e03d80 # implver $0
+	lda \$2,259
+	.long 0x47e20c21 # amask $2,$1
+	srl \$1,8,\$2
+	sll \$2,2,\$2
+	sll \$0,3,\$0
+	addl \$1,\$0,\$0
+	addl \$2,\$0,\$0
+	ret \$31,(\$26),1
+	.end main
+EOF
+	${CC-cc} dummy.s -o dummy 2>/dev/null
+	if test "$?" = 0 ; then
+		./dummy
+		case "$?" in
+			7)
+				UNAME_MACHINE="alpha"
+				;;
+			15)
+				UNAME_MACHINE="alphaev5"
+				;;
+			14)
+				UNAME_MACHINE="alphaev56"
+				;;
+			10)
+				UNAME_MACHINE="alphapca56"
+				;;
+			16)
+				UNAME_MACHINE="alphaev6"
+				;;
+		esac
+	fi
+	rm -f dummy.s dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr [[A-Z]] [[a-z]]`
 	exit 0 ;;
     21064:Windows_NT:50:3)
 	echo alpha-dec-winnt3.5
@@ -68,11 +110,35 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
       echo m68k-cbm-netbsd${UNAME_RELEASE}
       exit 0 ;;
     amiga:OpenBSD:*:*)
-      echo m68k-cbm-openbsd${UNAME_RELEASE}
-      exit 0 ;;
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc64:OpenBSD:*:*)
+	echo mips64el-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hkmips:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    pmax:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sgi:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
 	echo arm-acorn-riscix${UNAME_RELEASE}
 	exit 0;;
+    arm32:NetBSD:*:*)
+	echo arm-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	exit 0 ;;
+    SR2?01:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit 0;;
     Pyramid*:OSx*:*:*|MIS*:OSx*:*:*)
 	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
 	if test "`(/bin/universe) 2>/dev/null`" = att ; then
@@ -108,6 +174,18 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     sun3*:SunOS:*:*)
 	echo m68k-sun-sunos${UNAME_RELEASE}
 	exit 0 ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit 0 ;;
     aushp:SunOS:*:*)
 	echo sparc-auspex-sunos${UNAME_RELEASE}
 	exit 0 ;;
@@ -115,23 +193,32 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	echo m68k-atari-netbsd${UNAME_RELEASE}
 	exit 0 ;;
     atari*:OpenBSD:*:*)
-	echo m68k-atari-openbsd${UNAME_RELEASE}
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
     sun3*:NetBSD:*:*)
 	echo m68k-sun-netbsd${UNAME_RELEASE}
 	exit 0 ;;
     sun3*:OpenBSD:*:*)
-	echo m68k-sun-openbsd${UNAME_RELEASE}
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
     mac68k:NetBSD:*:*)
 	echo m68k-apple-netbsd${UNAME_RELEASE}
 	exit 0 ;;
     mac68k:OpenBSD:*:*)
-	echo m68k-apple-openbsd${UNAME_RELEASE}
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme88k:OpenBSD:*:*)
+	echo m88k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
     powerpc:machten:*:*)
 	echo powerpc-apple-machten${UNAME_RELEASE}
 	exit 0 ;;
+    Power\ Macintosh:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+        exit 0 ;;
     RISC*:Mach:*:*)
 	echo mips-dec-mach_bsd4.3
 	exit 0 ;;
@@ -141,6 +228,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     VAX*:ULTRIX*:*:*)
 	echo vax-dec-ultrix${UNAME_RELEASE}
 	exit 0 ;;
+    2020:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit 0 ;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
 	sed 's/^	//' << EOF >dummy.c
 	int main (argc, argv) int argc; char **argv; {
@@ -375,10 +465,10 @@ EOF
     hp3[0-9][05]:NetBSD:*:*)
 	echo m68k-hp-netbsd${UNAME_RELEASE}
 	exit 0 ;;
-    hp3[0-9][05]:OpenBSD:*:*)
-	echo m68k-hp-openbsd${UNAME_RELEASE}
+    hp300:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-    i?86:BSD/386:*:* | *:BSD/OS:*:*)
+    i?86:BSD/386:*:* | *:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
 	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
 	exit 0 ;;
     *:FreeBSD:*:*)
@@ -391,7 +481,10 @@ EOF
 	echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
 	exit 0 ;;
     i*:CYGWIN*:*)
-	echo i386-pc-cygwin32
+	echo ${UNAME_MACHINE}-pc-cygwin32
+	exit 0 ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
 	exit 0 ;;
     p*:CYGWIN*:*)
 	echo powerpcle-unknown-cygwin32
@@ -400,43 +493,134 @@ EOF
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit 0 ;;
     *:GNU:*:*)
-	echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
 	exit 0 ;;
     *:Linux:*:*)
+	# uname on the ARM produces all sorts of strangeness, and we need to
+	# filter it out.
+	case "$UNAME_MACHINE" in
+	  arm* | sa110*)	      UNAME_MACHINE="arm" ;;
+	esac
+
 	# The BFD linker knows what the default object file format is, so
 	# first see if it will tell us.
 	ld_help_string=`ld --help 2>&1`
-	if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then
-	  echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then
-	  echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then
-	  echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then
-	  echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then
-	  echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then
-	  echo "powerpc-unknown-linux-gnu" ; exit 0
-	elif test "${UNAME_MACHINE}" = "alpha" ; then
-	  echo alpha-unknown-linux-gnu ; exit 0
-	elif test "${UNAME_MACHINE}" = "sparc" ; then
-	  echo sparc-unknown-linux-gnu ; exit 0
+	ld_supported_emulations=`echo $ld_help_string \
+			 | sed -ne '/supported emulations:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported emulations: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_emulations" in
+	  i?86linux)  echo "${UNAME_MACHINE}-pc-linux-gnuaout"      ; exit 0 ;;
+	  i?86coff)   echo "${UNAME_MACHINE}-pc-linux-gnucoff"      ; exit 0 ;;
+	  sparclinux) echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  armlinux)   echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  m68klinux)  echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 ;;
+	  elf32ppc)   echo "powerpc-unknown-linux-gnu"              ; exit 0 ;;
+	esac
+
+	if test "${UNAME_MACHINE}" = "alpha" ; then
+		sed 's/^	//'  <<EOF >dummy.s
+		.globl main
+		.ent main
+	main:
+		.frame \$30,0,\$26,0
+		.prologue 0
+		.long 0x47e03d80 # implver $0
+		lda \$2,259
+		.long 0x47e20c21 # amask $2,$1
+		srl \$1,8,\$2
+		sll \$2,2,\$2
+		sll \$0,3,\$0
+		addl \$1,\$0,\$0
+		addl \$2,\$0,\$0
+		ret \$31,(\$26),1
+		.end main
+EOF
+		LIBC=""
+		${CC-cc} dummy.s -o dummy 2>/dev/null
+		if test "$?" = 0 ; then
+			./dummy
+			case "$?" in
+			7)
+				UNAME_MACHINE="alpha"
+				;;
+			15)
+				UNAME_MACHINE="alphaev5"
+				;;
+			14)
+				UNAME_MACHINE="alphaev56"
+				;;
+			10)
+				UNAME_MACHINE="alphapca56"
+				;;
+			16)
+				UNAME_MACHINE="alphaev6"
+				;;
+			esac	
+
+			objdump --private-headers dummy | \
+			  grep ld.so.1 > /dev/null
+			if test "$?" = 0 ; then
+				LIBC="libc1"
+			fi
+		fi	
+		rm -f dummy.s dummy
+		echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
+	elif test "${UNAME_MACHINE}" = "mips" ; then
+	  cat >dummy.c <<EOF
+main(argc, argv)
+     int argc;
+     char *argv[];
+{
+#ifdef __MIPSEB__
+  printf ("%s-unknown-linux-gnu\n", argv[1]);
+#endif
+#ifdef __MIPSEL__
+  printf ("%sel-unknown-linux-gnu\n", argv[1]);
+#endif
+  return 0;
+}
+EOF
+	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
+	  rm -f dummy.c dummy
 	else
-	  # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us
-	  # useful --help.  Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout.
-	  test ! -d /usr/lib/ldscripts/. \
-	    && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
+	  # Either a pre-BFD a.out linker (linux-gnuoldld)
+	  # or one that does not give us useful --help.
+	  # GCC wants to distinguish between linux-gnuoldld and linux-gnuaout.
+	  # If ld does not provide *any* "supported emulations:"
+	  # that means it is gnuoldld.
+	  echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations:"
+	  test $? != 0 && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
+
+	  case "${UNAME_MACHINE}" in
+	  i?86)
+	    VENDOR=pc;
+	    ;;
+	  *)
+	    VENDOR=unknown;
+	    ;;
+	  esac
 	  # Determine whether the default compiler is a.out or elf
 	  cat >dummy.c <<EOF
+#include <features.h>
 main(argc, argv)
-int argc;
-char *argv[];
+     int argc;
+     char *argv[];
 {
 #ifdef __ELF__
-  printf ("%s-pc-linux-gnu\n", argv[1]);
+# ifdef __GLIBC__
+#  if __GLIBC__ >= 2
+    printf ("%s-${VENDOR}-linux-gnu\n", argv[1]);
+#  else
+    printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
+#  endif
+# else
+   printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
+# endif
 #else
-  printf ("%s-pc-linux-gnuaout\n", argv[1]);
+  printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]);
 #endif
   return 0;
 }
@@ -449,6 +633,14 @@ EOF
     i?86:DYNIX/ptx:4*:*)
 	echo i386-sequent-sysv4
 	exit 0 ;;
+    i?86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit 0 ;;
     i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
 		echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
@@ -470,6 +662,11 @@ EOF
 		echo ${UNAME_MACHINE}-pc-sysv32
 	fi
 	exit 0 ;;
+    pc:*:*:*)
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit 0 ;;
     Intel:Mach:3*:*)
 	echo i386-pc-mach3
 	exit 0 ;;
@@ -529,6 +726,10 @@ EOF
 		echo ns32k-sni-sysv
 	fi
 	exit 0 ;;
+    PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                           # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
     *:UNIX_System_V:4*:FTX*)
 	# From Gerald Hewes <hewes@openmarket.com>.
 	# How about differentiating between stratus architectures? -djm
@@ -541,6 +742,9 @@ EOF
     mc68*:A/UX:*:*)
 	echo m68k-apple-aux${UNAME_RELEASE}
 	exit 0 ;;
+    news*:NEWS-OS:*:6*)
+	echo mips-sony-newsos6
+	exit 0 ;;
     R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*)
 	if [ -d /usr/nec ]; then
 	        echo mips-nec-sysv${UNAME_RELEASE}
@@ -548,10 +752,6 @@ EOF
 	        echo mips-unknown-sysv${UNAME_RELEASE}
 	fi
         exit 0 ;;
-    PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-                           # says <Richard.M.Bartel@ccMail.Census.GOV>
-        echo i586-unisys-sysv4
-        exit 0 ;;
     *:OS/2:*:*)
 	echo ${UNAME_MACHINE}-pc-os2_emx
 	exit 0 ;;
diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub
index 75822a2..e3c3480 100644
--- a/crypto/kerberosIV/config.sub
+++ b/crypto/kerberosIV/config.sub
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Configuration validation subroutine script, version 1.1.
-#   Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc.
+#   Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc.
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
 # can handle that machine.  It does not imply ALL GNU software can.
@@ -149,19 +149,20 @@ esac
 case $basic_machine in
 	# Recognize the basic CPU types without company name.
 	# Some are omitted here because they have special meanings below.
-	tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \
-		| arme[lb] | pyramid \
+	tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
+		| arme[lb] | pyramid | mn10200 | mn10300 \
 		| tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
-		| alpha | we32k | ns16k | clipper | i370 | sh \
-		| powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \
-		| pdp11 | mips64el | mips64orion | mips64orionel \
-		| sparc | sparclet | sparclite | sparc64)
+		| alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
+		| i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
+		| mips64 | mipsel | mips64el | mips64orion | mips64orionel \
+		| mipstx39 | mipstx39el \
+		| sparc | sparclet | sparclite | sparc64 | v850)
 		basic_machine=$basic_machine-unknown
 		;;
 	# We use `pc' rather than `unknown'
 	# because (1) that's what they normally are, and
 	# (2) the word "unknown" tends to confuse beginning users.
-	i[3456]86)
+	i[34567]86)
 	  basic_machine=$basic_machine-pc
 	  ;;
 	# Object if more than one company name word.
@@ -170,14 +171,18 @@ case $basic_machine in
 		exit 1
 		;;
 	# Recognize the basic CPU types with company name.
-	vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \
-	      | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \
-	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \
-	      | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \
-	      | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \
-	      | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \
-	      | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \
-	      | mips64el-* | mips64orion-* | mips64orionel-* | f301-*)
+	vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \
+	      | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
+	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
+	      | power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \
+	      | xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* \
+	      | alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \
+	      | ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \
+	      | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
+	      | sparc64-* | mips64-* | mipsel-* \
+	      | mips64el-* | mips64orion-* | mips64orionel-*  \
+	      | mipstx39-* | mipstx39el-* \
+	      | f301-*)
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
@@ -204,9 +209,9 @@ case $basic_machine in
 	amiga | amiga-*)
 		basic_machine=m68k-cbm
 		;;
-	amigados)
+	amigaos | amigados)
 		basic_machine=m68k-cbm
-		os=-amigados
+		os=-amigaos
 		;;
 	amigaunix | amix)
 		basic_machine=m68k-cbm
@@ -345,19 +350,19 @@ case $basic_machine in
 		os=-mvs
 		;;
 # I'm not sure what "Sysv32" means.  Should this be sysv3.2?
-	i[3456]86v32)
+	i[34567]86v32)
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv32
 		;;
-	i[3456]86v4*)
+	i[34567]86v4*)
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv4
 		;;
-	i[3456]86v)
+	i[34567]86v)
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv
 		;;
-	i[3456]86sol2)
+	i[34567]86sol2)
 		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-solaris2
 		;;
@@ -389,6 +394,14 @@ case $basic_machine in
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
+	mipsel*-linux*)
+		basic_machine=mipsel-unknown
+		os=-linux-gnu
+		;;
+	mips*-linux*)
+		basic_machine=mips-unknown
+		os=-linux-gnu
+		;;
 	mips3*-*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
 		;;
@@ -456,25 +469,23 @@ case $basic_machine in
         pc532 | pc532-*)
 		basic_machine=ns32k-pc532
 		;;
-	pentium | p5)
-		basic_machine=i586-intel
+	pentium | p5 | k5 | nexen)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | k6 | 6x86)
+		basic_machine=i686-pc
 		;;
-	pentiumpro | p6)
-		basic_machine=i686-intel
+	pentiumii | pentium2)
+		basic_machine=i786-pc
 		;;
-	pentium-* | p5-*)
+	pentium-* | p5-* | k5-* | nexen-*)
 		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	pentiumpro-* | p6-*)
+	pentiumpro-* | p6-* | k6-* | 6x86-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	k5)
-		# We don't have specific support for AMD's K5 yet, so just call it a Pentium
-		basic_machine=i586-amd
-		;;
-	nexen)
-		# We don't have specific support for Nexgen yet, so just call it a Pentium
-		basic_machine=i586-nexgen
+	pentiumii-* | pentium2-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pn)
 		basic_machine=pn-gould
@@ -558,6 +569,12 @@ case $basic_machine in
 		basic_machine=i386-sequent
 		os=-dynix
 		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
 	tower | tower-32)
 		basic_machine=m68k-ncr
 		;;
@@ -580,7 +597,7 @@ case $basic_machine in
 		basic_machine=vax-dec
 		os=-vms
 		;;
-       vpp*|vx|vx-*)
+	vpp*|vx|vx-*)
                basic_machine=f301-fujitsu
                ;;
 	vxworks960)
@@ -610,7 +627,11 @@ case $basic_machine in
 # Here we handle the default manufacturer of certain CPU types.  It is in
 # some cases the only manufacturer, in others, it is the most popular.
 	mips)
-		basic_machine=mips-mips
+		if [ x$os = x-linux-gnu ]; then
+			basic_machine=mips-unknown
+		else
+			basic_machine=mips-mips
+		fi
 		;;
 	romp)
 		basic_machine=romp-ibm
@@ -671,9 +692,12 @@ case $os in
 	-solaris)
 		os=-solaris2
 		;;
-	-unixware* | svr4*)
+	-svr4*)
 		os=-sysv4
 		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
 	-gnu/linux*)
 		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
 		;;
@@ -684,7 +708,8 @@ case $os in
 	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
 	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
 	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
-	      | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
 	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
@@ -692,7 +717,7 @@ case $os in
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
 	      | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -linux-gnu* | -uxpv*)
+	      | -mingw32* | -linux-gnu* | -uxpv*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-linux*)
@@ -755,6 +780,8 @@ case $os in
 		;;
 	-os2*)
 		;;
+	-rhapsody*)
+		;;
 	-none)
 		;;
 	*)
@@ -820,7 +847,7 @@ case $basic_machine in
 		os=-sysv
 		;;
 	*-cbm)
-		os=-amigados
+		os=-amigaos
 		;;
 	*-dg)
 		os=-dgux
diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure
index e6fefbf..87137d7 100644
--- a/crypto/kerberosIV/configure
+++ b/crypto/kerberosIV/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# From configure.in Revision: 1.285 
+# From configure.in Revision: 1.415.2.9 
 
 
 
@@ -56,8 +56,59 @@
 
 
 
+
+
+# Define a conditional.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf version 2.12 
+# Generated automatically using autoconf version 2.13 
 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
 #
 # This configure script is free software; the Free Software Foundation
@@ -71,11 +122,15 @@ ac_default_prefix=/usr/athena
 ac_help="$ac_help
   --with-socks=dir                use socks in dir"
 ac_help="$ac_help
-  --with-socks-lib=dir            use socks-lib in dir"
+  --with-socks-lib=dir            use socks libraries in dir"
 ac_help="$ac_help
-  --with-socks-include=dir        use socks-include in dir"
+  --with-socks-include=dir        use socks headers in dir"
 ac_help="$ac_help
-  --with-shared           create shared libraries for Kerberos"
+  --enable-legacy-kdestroy    kdestroy doesn't destroy tokens by default"
+ac_help="$ac_help
+  --enable-match-subdomains	match realm in subdomains"
+ac_help="$ac_help
+  --with-ld-flags=flags   what flags use when linking"
 ac_help="$ac_help
   --with-cracklib=dir     use the cracklib.a in dir"
 ac_help="$ac_help
@@ -85,10 +140,20 @@ ac_help="$ac_help
   --with-mailspool=dir    this is the mail spool directory
 "
 ac_help="$ac_help
+  --with-db-dir=dir	   this is the database directory (default /var/kerberos)"
+ac_help="$ac_help
   --enable-random-mkey    use new code for master keys"
 ac_help="$ac_help
   --with-mkey=file        where to put the master key"
 ac_help="$ac_help
+  --disable-otp           if you don't want OTP support"
+ac_help="$ac_help
+  --enable-osfc2          enable some OSF C2 support"
+ac_help="$ac_help
+  --disable-mmap          disable use of mmap"
+ac_help="$ac_help
+  --disable-dynamic-afs   don't use loaded AFS library with AIX"
+ac_help="$ac_help
   --without-berkeley-db   if you don't want berkeley db"
 ac_help="$ac_help
   --without-afs-support   if you don't want support for afs"
@@ -96,11 +161,27 @@ ac_help="$ac_help
   --with-des-quad-checksum=kind
                            default checksum to use (new, old, or guess)"
 ac_help="$ac_help
+  --with-afsws=dir        use AFS includes and libraries from dir=/usr/afsws"
+ac_help="$ac_help
+  --enable-rxkad           build rxkad library"
+ac_help="$ac_help
+  --disable-cat-manpages   don't install any preformatted manpages"
+ac_help="$ac_help
   --with-readline=dir                use readline in dir"
 ac_help="$ac_help
-  --with-readline-lib=dir            use readline-lib in dir"
+  --with-readline-lib=dir            use readline libraries in dir"
+ac_help="$ac_help
+  --with-readline-include=dir        use readline headers in dir"
+ac_help="$ac_help
+  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)"
+ac_help="$ac_help
+  --with-hesiod=dir                use hesiod in dir"
+ac_help="$ac_help
+  --with-hesiod-lib=dir            use hesiod libraries in dir"
+ac_help="$ac_help
+  --with-hesiod-include=dir        use hesiod headers in dir"
 ac_help="$ac_help
-  --with-readline-include=dir        use readline-include in dir"
+  --enable-shared         create shared libraries for Kerberos"
 ac_help="$ac_help
   --with-x                use the X Window System"
 
@@ -141,6 +222,7 @@ mandir='${prefix}/man'
 # Initialize some other variables.
 subdirs=
 MFLAGS= MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
 # Maximum number of lines to put in a shell here document.
 ac_max_here_lines=12
 
@@ -424,7 +506,7 @@ EOF
     verbose=yes ;;
 
   -version | --version | --versio | --versi | --vers)
-    echo "configure generated by autoconf version 2.12"
+    echo "configure generated by autoconf version 2.13"
     exit 0 ;;
 
   -with-* | --with-*)
@@ -594,9 +676,11 @@ ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
 cross_compiling=$ac_cv_prog_cc_cross
 
+ac_exeext=
+ac_objext=o
 if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
   # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
   if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
@@ -614,7 +698,14 @@ fi
 
 
 PACKAGE=krb4
-VERSION=0.9.6
+VERSION=0.10.1
+cat >> confdefs.h <<EOF
+#define PACKAGE "$PACKAGE"
+EOF
+cat >> confdefs.h <<EOF
+#define VERSION "$VERSION"
+EOF
+
 # This may be overridden using --prefix=/usr to configure
 
 
@@ -639,33 +730,56 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
 
 
 # Make sure we can run config.sub.
-if $ac_config_sub sun4 >/dev/null 2>&1; then :
+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then :
 else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
 fi
 
 echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:648: checking host system type" >&5
+echo "configure:739: checking host system type" >&5
 
 host_alias=$host
 case "$host_alias" in
 NONE)
   case $nonopt in
   NONE)
-    if host_alias=`$ac_config_guess`; then :
+    if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then :
     else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
     fi ;;
   *) host_alias=$nonopt ;;
   esac ;;
 esac
 
-host=`$ac_config_sub $host_alias`
+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias`
 host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
 host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
 host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 echo "$ac_t""$host" 1>&6
 
+CANONICAL_HOST=$host
+
+
+
+sunos=no
+case "$host" in 
+*-*-sunos4*)
+	sunos=40
+	;;
+*-*-solaris2.7)
+	sunos=57
+	;;
+*-*-solaris2*)
+	sunos=50
+	;;
+esac
+if test "$sunos" != no; then
+	cat >> confdefs.h <<EOF
+#define SunOS $sunos
+EOF
+
+fi
+
 echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6
-echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5
+echo "configure:783: checking whether ${MAKE-make} sets \${MAKE}" >&5
 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -716,7 +830,7 @@ test -z "$LDFLAGS" && LDFLAGS=-g
 
 
 echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6
-echo "configure:720: checking for ln -s or something else" >&5
+echo "configure:834: checking for ln -s or something else" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -741,15 +855,16 @@ echo "$ac_t""$ac_cv_prog_LN_S" 1>&6
 # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:745: checking for $ac_word" >&5
+echo "configure:859: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-  for ac_dir in $PATH; do
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       ac_cv_prog_CC="gcc"
@@ -770,16 +885,17 @@ if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:774: checking for $ac_word" >&5
+echo "configure:889: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
   ac_prog_rejected=no
-  for ac_dir in $PATH; do
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
@@ -814,25 +930,61 @@ else
   echo "$ac_t""no" 1>&6
 fi
 
+  if test -z "$CC"; then
+    case "`uname -s`" in
+    *win32* | *WIN32*)
+      # Extract the first word of "cl", so it can be a program name with args.
+set dummy cl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:940: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_CC="cl"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+  fi
   test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
 fi
 
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:972: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
 
 ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
 cross_compiling=$ac_cv_prog_cc_cross
 
-cat > conftest.$ac_ext <<EOF
-#line 832 "configure"
+cat > conftest.$ac_ext << EOF
+
+#line 983 "configure"
 #include "confdefs.h"
+
 main(){return(0);}
 EOF
-if { (eval echo configure:836: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:988: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   ac_cv_prog_cc_works=yes
   # If we can't run a trivial program, we are probably using a cross compiler.
   if (./conftest; exit) 2>/dev/null; then
@@ -846,18 +998,24 @@ else
   ac_cv_prog_cc_works=no
 fi
 rm -fr conftest*
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
 
 echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
 if test $ac_cv_prog_cc_works = no; then
   { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
 fi
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:856: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:1014: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
 cross_compiling=$ac_cv_prog_cc_cross
 
 echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:861: checking whether we are using GNU C" >&5
+echo "configure:1019: checking whether we are using GNU C" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -866,7 +1024,7 @@ else
   yes;
 #endif
 EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:870: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:1028: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
   ac_cv_prog_gcc=yes
 else
   ac_cv_prog_gcc=no
@@ -877,11 +1035,15 @@ echo "$ac_t""$ac_cv_prog_gcc" 1>&6
 
 if test $ac_cv_prog_gcc = yes; then
   GCC=yes
-  ac_test_CFLAGS="${CFLAGS+set}"
-  ac_save_CFLAGS="$CFLAGS"
-  CFLAGS=
-  echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:885: checking whether ${CC-cc} accepts -g" >&5
+else
+  GCC=
+fi
+
+ac_test_CFLAGS="${CFLAGS+set}"
+ac_save_CFLAGS="$CFLAGS"
+CFLAGS=
+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
+echo "configure:1047: checking whether ${CC-cc} accepts -g" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -896,20 +1058,24 @@ rm -f conftest*
 fi
 
 echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
-  if test "$ac_test_CFLAGS" = set; then
-    CFLAGS="$ac_save_CFLAGS"
-  elif test $ac_cv_prog_cc_g = yes; then
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS="$ac_save_CFLAGS"
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
     CFLAGS="-g -O2"
   else
-    CFLAGS="-O2"
+    CFLAGS="-g"
   fi
 else
-  GCC=
-  test "${CFLAGS+set}" = set || CFLAGS="-g"
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
 fi
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:913: checking how to run the C preprocessor" >&5
+echo "configure:1079: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -924,14 +1090,14 @@ else
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 928 "configure"
+#line 1094 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:1100: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
 else
@@ -941,14 +1107,31 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 945 "configure"
+#line 1111 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP="${CC-cc} -nologo -E"
+  cat > conftest.$ac_ext <<EOF
+#line 1128 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:1134: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
 else
@@ -961,6 +1144,8 @@ fi
 rm -f conftest*
 fi
 rm -f conftest*
+fi
+rm -f conftest*
   ac_cv_prog_CPP="$CPP"
 fi
   CPP="$ac_cv_prog_CPP"
@@ -970,7 +1155,7 @@ fi
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
-echo "configure:974: checking for POSIXized ISC" >&5
+echo "configure:1159: checking for POSIXized ISC" >&5
 if test -d /etc/conf/kconfig.d &&
   grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
 then
@@ -995,15 +1180,16 @@ do
 # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:999: checking for $ac_word" >&5
+echo "configure:1184: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$YACC"; then
   ac_cv_prog_YACC="$YACC" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-  for ac_dir in $PATH; do
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       ac_cv_prog_YACC="$ac_prog"
@@ -1026,15 +1212,16 @@ done
 # Extract the first word of "flex", so it can be a program name with args.
 set dummy flex; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1030: checking for $ac_word" >&5
+echo "configure:1216: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$LEX"; then
   ac_cv_prog_LEX="$LEX" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-  for ac_dir in $PATH; do
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       ac_cv_prog_LEX="flex"
@@ -1059,7 +1246,7 @@ then
   *) ac_lib=l ;;
   esac
   echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6
-echo "configure:1063: checking for yywrap in -l$ac_lib" >&5
+echo "configure:1250: checking for yywrap in -l$ac_lib" >&5
 ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1067,7 +1254,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-l$ac_lib  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1071 "configure"
+#line 1258 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -1078,7 +1265,7 @@ int main() {
 yywrap()
 ; return 0; }
 EOF
-if { (eval echo configure:1082: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:1269: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1103,15 +1290,16 @@ fi
 # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1107: checking for $ac_word" >&5
+echo "configure:1294: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$RANLIB"; then
   ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-  for ac_dir in $PATH; do
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       ac_cv_prog_RANLIB="ranlib"
@@ -1136,28 +1324,30 @@ fi
 # SunOS /usr/etc/install
 # IRIX /sbin/install
 # AIX /bin/install
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
 # AFS /usr/afsws/bin/install, which mishandles nonexistent args
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
 echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:1144: checking for a BSD compatible install" >&5
+echo "configure:1333: checking for a BSD compatible install" >&5
 if test -z "$INSTALL"; then
 if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-    IFS="${IFS= 	}"; ac_save_IFS="$IFS"; IFS="${IFS}:"
+    IFS="${IFS= 	}"; ac_save_IFS="$IFS"; IFS=":"
   for ac_dir in $PATH; do
     # Account for people who put trailing slashes in PATH elements.
     case "$ac_dir/" in
     /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
     *)
       # OSF1 and SCO ODT 3.0 have their own names for install.
-      for ac_prog in ginstall installbsd scoinst install; do
+      # Don't use installbsd from OSF since it installs stuff as root
+      # by default.
+      for ac_prog in ginstall scoinst install; do
         if test -f $ac_dir/$ac_prog; then
 	  if test $ac_prog = install &&
             grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
 	    # AIX install.  It has an incompatible calling convention.
-	    # OSF/1 installbsd also uses dspmsg, but is usable.
 	    :
 	  else
 	    ac_cv_path_install="$ac_dir/$ac_prog -c"
@@ -1187,20 +1377,57 @@ echo "$ac_t""$INSTALL" 1>&6
 # It thinks the first close brace ends the variable substitution.
 test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
 
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
+
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
+for ac_prog in gawk nawk awk
+do
+# Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:1390: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_AWK="$ac_prog"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+AWK="$ac_cv_prog_AWK"
+if test -n "$AWK"; then
+  echo "$ac_t""$AWK" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+test -n "$AWK" && break
+done
+
 # Extract the first word of "makeinfo", so it can be a program name with args.
 set dummy makeinfo; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1196: checking for $ac_word" >&5
+echo "configure:1422: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test -n "$MAKEINFO"; then
   ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test.
 else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-  for ac_dir in $PATH; do
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
       ac_cv_prog_MAKEINFO="makeinfo"
@@ -1219,17 +1446,16 @@ else
 fi
 
 
+WFLAGS=""
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+   
 
 
-echo $ac_n "checking for socks""... $ac_c" 1>&6
-echo "configure:1226: checking for socks" >&5
 # Check whether --with-socks or --without-socks was given.
 if test "${with_socks+set}" = set; then
   withval="$with_socks"
-  if test "$with_socks" = "no"; then
-  with_socks=
-fi
-
+  :
 fi
 
 # Check whether --with-socks-lib or --without-socks-lib was given.
@@ -1240,7 +1466,6 @@ if test "${with_socks_lib+set}" = set; then
 elif test "X$with_socks" = "X"; then
   with_socks=yes
 fi
-
 fi
 
 # Check whether --with-socks-include or --without-socks-include was given.
@@ -1251,126 +1476,140 @@ if test "${with_socks_include+set}" = set; then
 elif test "X$with_socks" = "X"; then
   with_socks=yes
 fi
-
 fi
 
 
+echo $ac_n "checking for socks""... $ac_c" 1>&6
+echo "configure:1484: checking for socks" >&5
+
+case "$with_socks" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_socks_include" = ""; then
+		with_socks_include="$with_socks/include"
+	fi
+	if test "$with_socks_lib" = ""; then
+		with_socks_lib="$with_socks/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
 
-: << END
-@@@syms="$syms SOCKS"@@@
-END
-
-if test -n "$with_socks"; then
-  cat >> confdefs.h <<\EOF
-#define SOCKS 1
-EOF
+case "$with_socks_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_socks_include $header_dirs";;
+esac
+case "$with_socks_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_socks_lib $lib_dirs";;
+esac
 
-  if test "$with_socks" != "yes"; then
-    socks_dir=$with_socks
-  fi
-  if test -n "$with_socks_include"; then
-    trydir=$with_socks_include
-  elif test "$with_socks" != "yes"; then
-    trydir="$with_socks $with_socks/include"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/socks.h; then
-        found=yes; res=$i; break
-      fi
-    else
-      cat > conftest.$ac_ext <<EOF
-#line 1287 "configure"
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 1523 "configure"
 #include "confdefs.h"
 #include <socks.h>
+int main() {
+
+; return 0; }
 EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1292: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
+if { (eval echo configure:1530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  found=yes; res=$i; break
+  ires=$i;break
 else
-  echo "$ac_err" >&5
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
-    fi
-  done
-  if test -n "$found"; then
-    socks_include=$res
-  else
-    { echo "configure: error: Cannot find socks.h" 1>&2; exit 1; }
-  fi
-  if test -n "$with_socks_lib"; then
-    trydir=$with_socks_lib
-  elif test "$with_socks" != "yes"; then
-    trydir="$with_socks $with_socks/lib"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/libsocks5.a; then
-        found=yes; res=$i; break
-      fi
-    else
-      old_LIBS=$LIBS
-      LIBS="-lsocks5 $LIBS"
-      cat > conftest.$ac_ext <<EOF
-#line 1327 "configure"
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lsocks5  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 1542 "configure"
 #include "confdefs.h"
-
+#include <socks.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:1549: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  found=yes; res=$i; LIBS=$old_LIBS; break
+  lres=$i;break
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
-      LIBS=$old_LIBS
-    fi
-  done
-  if test -n "$found"; then
-    socks_lib=$res
-  else
-    { echo "configure: error: Cannot find libsocks5.a" 1>&2; exit 1; }
-  fi
-  echo "$ac_t""headers $socks_include, libraries $socks_lib" 1>&6
-  cat >> confdefs.h <<EOF
-#define SOCKS 1
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_socks" != "no"; then
+	socks_includedir="$ires"
+	socks_libdir="$lres"
+	INCLUDE_socks="-I$socks_includedir"
+	LIB_socks="-L$socks_libdir -lsocks5"
+	cat >> confdefs.h <<EOF
+#define `echo socks | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
 EOF
 
-  if test -n "$socks_include"; then
-    SOCKSINCLUDE="-I$socks_include"
-  fi
-  
-  if test -n "$socks_lib"; then
-    SOCKSLIB="-L$socks_lib"
-  fi
-  SOCKSLIB="$SOCKSLIB -lsocks5"
-  
+	with_socks=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
 else
-  echo "$ac_t""no" 1>&6
+	INCLUDE_socks=
+	LIB_socks=
+	with_socks=no
+	echo "$ac_t""$with_socks" 1>&6
 fi
 
 
-CFLAGS="$SOCKSINCLUDE $CFLAGS"
-LIBS="$SOCKSLIB $LIBS"
 
-# Check whether --with-shared or --without-shared was given.
-if test "${with_shared+set}" = set; then
-  withval="$with_shared"
+CFLAGS="$INCLUDE_socks $CFLAGS"
+LIBS="$LIB_socks $LIBS"
+
+# Check whether --enable-legacy-kdestroy or --disable-legacy-kdestroy was given.
+if test "${enable_legacy_kdestroy+set}" = set; then
+  enableval="$enable_legacy_kdestroy"
+  
+if test "$enableval" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define LEGACY_KDESTROY 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --enable-match-subdomains or --disable-match-subdomains was given.
+if test "${enable_match_subdomains+set}" = set; then
+  enableval="$enable_match_subdomains"
+  if test "$enableval" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define MATCH_SUBDOMAINS 1
+EOF
+
+fi
+
+fi
+
+
+# Check whether --with-ld-flags or --without-ld-flags was given.
+if test "${with_ld_flags+set}" = set; then
+  withval="$with_ld_flags"
   :
 fi
 
@@ -1415,6 +1654,19 @@ cat >> confdefs.h <<EOF
 EOF
 
 
+# Check whether --with-db-dir or --without-db-dir was given.
+if test "${with_db_dir+set}" = set; then
+  withval="$with_db_dir"
+  :
+fi
+
+
+test -n "$with_db_dir" &&
+cat >> confdefs.h <<EOF
+#define DB_DIR "$with_db_dir"
+EOF
+
+
 # Check whether --enable-random-mkey or --disable-random-mkey was given.
 if test "${enable_random_mkey+set}" = set; then
   enableval="$enable_random_mkey"
@@ -1443,6 +1695,78 @@ fi
 fi
 
 
+otp=yes
+# Check whether --enable-otp or --disable-otp was given.
+if test "${enable_otp+set}" = set; then
+  enableval="$enable_otp"
+  
+if test "$enableval" = "no"; then
+	otp=no
+fi
+
+fi
+
+
+if test "$otp" = "yes"; then
+	cat >> confdefs.h <<\EOF
+#define OTP 1
+EOF
+
+	LIB_otp='-L$(top_builddir)/lib/otp -lotp'
+	OTP_dir=otp
+	LIB_SUBDIRS="$LIB_SUBDIRS otp"
+fi
+
+
+
+
+# Check whether --enable-osfc2 or --disable-osfc2 was given.
+if test "${enable_osfc2+set}" = set; then
+  enableval="$enable_osfc2"
+  :
+fi
+
+LIB_security=
+if test "$enable_osfc2" = yes; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_OSFC2 1
+EOF
+
+	LIB_security=-lsecurity
+fi
+
+
+
+mmap=yes
+# Check whether --enable-mmap or --disable-mmap was given.
+if test "${enable_mmap+set}" = set; then
+  enableval="$enable_mmap"
+  
+if test "$enableval" = "no"; then
+	mmap=no
+fi
+
+fi
+
+if test "$mmap" = "no"; then
+	cat >> confdefs.h <<\EOF
+#define NO_MMAP 1
+EOF
+
+fi
+
+aix_dynamic_afs=yes
+# Check whether --enable-dynamic-afs or --disable-dynamic-afs was given.
+if test "${enable_dynamic_afs+set}" = set; then
+  enableval="$enable_dynamic_afs"
+  
+if test "$enableval" = "no"; then
+	aix_dynamic_afs=no
+fi
+
+fi
+
+
 berkeley_db=db
 # Check whether --with-berkeley-db or --without-berkeley-db was given.
 if test "${with_berkeley_db+set}" = set; then
@@ -1481,32 +1805,62 @@ des_quad="$withval"
 fi
 
 if test "$des_quad" = "new"; then
-	cat >> confdefs.h <<\EOF
-#define DES_QUAD_DEFAULT DES_QUAD_NEW
-EOF
-
+	ac_x=DES_QUAD_NEW
 elif test "$des_quad" = "old"; then
-	cat >> confdefs.h <<\EOF
-#define DES_QUAD_DEFAULT DES_QUAD_OLD
+	ac_x=DES_QUAD_OLD
+else
+	ac_x=DES_QUAD_GUESS
+fi	
+cat >> confdefs.h <<EOF
+#define DES_QUAD_DEFAULT $ac_x
 EOF
 
+
+# Check whether --with-afsws or --without-afsws was given.
+if test "${with_afsws+set}" = set; then
+  withval="$with_afsws"
+  AFSWS=$withval
 else
-	cat >> confdefs.h <<\EOF
-#define DES_QUAD_DEFAULT DES_QUAD_GUESS
-EOF
+  AFSWS=/usr/afsws
+
+fi
+
+test "$AFSWS" = "yes" && AFSWS=/usr/afsws
+
+
+# Check whether --enable-rxkad or --disable-rxkad was given.
+if test "${enable_rxkad+set}" = set; then
+  enableval="$enable_rxkad"
+  :
+else
+  
+test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
+
+fi
+
+
+if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
+	LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
+fi
+
+
+# Check whether --enable-cat-manpages or --disable-cat-manpages was given.
+if test "${enable_cat_manpages+set}" = set; then
+  enableval="$enable_cat_manpages"
+  
+if test "$enableval" = "no"; then
+	disable_cat_manpages=yes
+fi
+
+fi
+
 
-fi	
 
 
-echo $ac_n "checking for readline""... $ac_c" 1>&6
-echo "configure:1503: checking for readline" >&5
 # Check whether --with-readline or --without-readline was given.
 if test "${with_readline+set}" = set; then
   withval="$with_readline"
-  if test "$with_readline" = "no"; then
-  with_readline=
-fi
-
+  :
 fi
 
 # Check whether --with-readline-lib or --without-readline-lib was given.
@@ -1517,7 +1871,6 @@ if test "${with_readline_lib+set}" = set; then
 elif test "X$with_readline" = "X"; then
   with_readline=yes
 fi
-
 fi
 
 # Check whether --with-readline-include or --without-readline-include was given.
@@ -1528,127 +1881,377 @@ if test "${with_readline_include+set}" = set; then
 elif test "X$with_readline" = "X"; then
   with_readline=yes
 fi
+fi
+
+
+echo $ac_n "checking for readline""... $ac_c" 1>&6
+echo "configure:1889: checking for readline" >&5
+
+case "$with_readline" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_readline_include" = ""; then
+		with_readline_include="$with_readline/include"
+	fi
+	if test "$with_readline_lib" = ""; then
+		with_readline_lib="$with_readline/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_readline_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_readline_include $header_dirs";;
+esac
+case "$with_readline_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_readline_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 1928 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <readline.h>
+
+int main() {
 
+; return 0; }
+EOF
+if { (eval echo configure:1938: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ires=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
 fi
+rm -f conftest*
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lreadline  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 1950 "configure"
+#include "confdefs.h"
 
+#include <stdio.h>
+#include <readline.h>
 
+int main() {
 
-: << END
-@@@syms="$syms READLINE"@@@
-END
+; return 0; }
+EOF
+if { (eval echo configure:1960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  lres=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
 
-if test -n "$with_readline"; then
-  cat >> confdefs.h <<\EOF
-#define READLINE 1
+if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
+	readline_includedir="$ires"
+	readline_libdir="$lres"
+	INCLUDE_readline="-I$readline_includedir"
+	LIB_readline="-L$readline_libdir -lreadline"
+	cat >> confdefs.h <<EOF
+#define `echo readline | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
 EOF
 
-  if test "$with_readline" != "yes"; then
-    readline_dir=$with_readline
-  fi
-  if test -n "$with_readline_include"; then
-    trydir=$with_readline_include
-  elif test "$with_readline" != "yes"; then
-    trydir="$with_readline $with_readline/include"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/readline.h; then
-        found=yes; res=$i; break
-      fi
-    else
-      cat > conftest.$ac_ext <<EOF
-#line 1564 "configure"
+	with_readline=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
+else
+	INCLUDE_readline=
+	LIB_readline=
+	with_readline=no
+	echo "$ac_t""$with_readline" 1>&6
+fi
+
+
+
+
+
+# Check whether --with-mips_abi or --without-mips_abi was given.
+if test "${with_mips_abi+set}" = set; then
+  withval="$with_mips_abi"
+  :
+fi
+
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in 
+        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
+       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
+        64) abi='-mabi=64';  abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+echo $ac_n "checking if $CC supports the $abi option""... $ac_c" 1>&6
+echo "configure:2025: checking if $CC supports the $abi option" >&5
+if eval "test \"`echo '$''{'$ac_foo'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+cat > conftest.$ac_ext <<EOF
+#line 2033 "configure"
 #include "confdefs.h"
-#include <readline.h>
+
+int main() {
+int x;
+; return 0; }
 EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:1569: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
+if { (eval echo configure:2040: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  found=yes; res=$i; break
+  eval $ac_foo=yes
 else
-  echo "$ac_err" >&5
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval $ac_foo=no
 fi
 rm -f conftest*
-    fi
-  done
-  if test -n "$found"; then
-    readline_include=$res
-  else
-    { echo "configure: error: Cannot find readline.h" 1>&2; exit 1; }
-  fi
-  if test -n "$with_readline_lib"; then
-    trydir=$with_readline_lib
-  elif test "$with_readline" != "yes"; then
-    trydir="$with_readline $with_readline/lib"
-  else
-    trydir=
-  fi
-  found=
-  for i in $trydir ""; do
-    if test -n "$i"; then
-      if test -f $i/libreadline.a; then
-        found=yes; res=$i; break
-      fi
-    else
-      old_LIBS=$LIBS
-      LIBS="-lreadline $LIBS"
-      cat > conftest.$ac_ext <<EOF
-#line 1604 "configure"
+CFLAGS="$save_CFLAGS"
+
+fi
+
+ac_res=`eval echo \\\$$ac_foo`
+echo "$ac_t""$ac_res" 1>&6
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+	-mabi=32) 
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS -mabi=n32"
+	cat > conftest.$ac_ext <<EOF
+#line 2063 "configure"
+#include "confdefs.h"
+
+int main() {
+int x;
+; return 0; }
+EOF
+if { (eval echo configure:2070: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_res=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_res=no
+fi
+rm -f conftest*
+	CLAGS="$save_CFLAGS"
+	if test $ac_res = yes; then
+		# New GCC
+		{ echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; }
+	fi
+	# Old GCC
+	abi=''
+	abilibdirext=''
+	;;
+	-mabi=n32|-mabi=64)
+		if test $with_mips_abi = yes; then
+			# Old GCC, default to O32
+			abi=''
+			abilibdirext=''
+		else
+			# Some broken GCC
+			{ echo "configure: error: $CC does not support the $with_mips_abi ABI" 1>&2; exit 1; }
+		fi
+	;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+        32|o32) abi='-32'; abilibdirext=''     ;;
+       n32|yes) abi='-n32'; abilibdirext='32'  ;;
+        64) abi='-64'; abilibdirext='64'   ;;
+	no) abi=''; abilibdirext='';;
+         *) { echo "configure: error: "Invalid ABI specified"" 1>&2; exit 1; } ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+
+
+
+# Check whether --with-hesiod or --without-hesiod was given.
+if test "${with_hesiod+set}" = set; then
+  withval="$with_hesiod"
+  :
+fi
+
+# Check whether --with-hesiod-lib or --without-hesiod-lib was given.
+if test "${with_hesiod_lib+set}" = set; then
+  withval="$with_hesiod_lib"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-hesiod-lib" 1>&2; exit 1; }
+elif test "X$with_hesiod" = "X"; then
+  with_hesiod=yes
+fi
+fi
+
+# Check whether --with-hesiod-include or --without-hesiod-include was given.
+if test "${with_hesiod_include+set}" = set; then
+  withval="$with_hesiod_include"
+  if test "$withval" = "yes" -o "$withval" = "no"; then
+  { echo "configure: error: No argument for --with-hesiod-include" 1>&2; exit 1; }
+elif test "X$with_hesiod" = "X"; then
+  with_hesiod=yes
+fi
+fi
+
+
+echo $ac_n "checking for hesiod""... $ac_c" 1>&6
+echo "configure:2144: checking for hesiod" >&5
+
+case "$with_hesiod" in
+yes)	;;
+no)	;;
+"")	;;
+*)	if test "$with_hesiod_include" = ""; then
+		with_hesiod_include="$with_hesiod/include"
+	fi
+	if test "$with_hesiod_lib" = ""; then
+		with_hesiod_lib="$with_hesiod/lib$abilibdirext"
+	fi
+	;;
+esac
+header_dirs=
+lib_dirs=
+d=''
+for i in $d; do
+	header_dirs="$header_dirs $i/include"
+	lib_dirs="$lib_dirs $i/lib$abilibdirext"
+done
+
+case "$with_hesiod_include" in
+yes) ;;
+no)  ;;
+*)   header_dirs="$with_hesiod_include $header_dirs";;
+esac
+case "$with_hesiod_lib" in
+yes) ;;
+no)  ;;
+*)   lib_dirs="$with_hesiod_lib $lib_dirs";;
+esac
+
+save_CFLAGS="$CFLAGS"
+save_LIBS="$LIBS"
+ires= lres=
+for i in $header_dirs; do
+	CFLAGS="-I$i $save_CFLAGS"
+	cat > conftest.$ac_ext <<EOF
+#line 2183 "configure"
 #include "confdefs.h"
+#include <hesiod.h>
+int main() {
 
+; return 0; }
+EOF
+if { (eval echo configure:2190: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ires=$i;break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+for i in $lib_dirs; do
+	LIBS="-L$i -lhesiod  $save_LIBS"
+	cat > conftest.$ac_ext <<EOF
+#line 2202 "configure"
+#include "confdefs.h"
+#include <hesiod.h>
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1611: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:2209: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  found=yes; res=$i; LIBS=$old_LIBS; break
+  lres=$i;break
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
-      LIBS=$old_LIBS
-    fi
-  done
-  if test -n "$found"; then
-    readline_lib=$res
-  else
-    { echo "configure: error: Cannot find libreadline.a" 1>&2; exit 1; }
-  fi
-  echo "$ac_t""headers $readline_include, libraries $readline_lib" 1>&6
-  cat >> confdefs.h <<EOF
-#define READLINE 1
+done
+CFLAGS="$save_CFLAGS"
+LIBS="$save_LIBS"
+
+if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
+	hesiod_includedir="$ires"
+	hesiod_libdir="$lres"
+	INCLUDE_hesiod="-I$hesiod_includedir"
+	LIB_hesiod="-L$hesiod_libdir -lhesiod"
+	cat >> confdefs.h <<EOF
+#define `echo hesiod | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ` 1
 EOF
 
-  if test -n "$readline_include"; then
-    READLINEINCLUDE="-I$readline_include"
-  fi
-  
-  if test -n "$readline_lib"; then
-    READLINELIB="-L$readline_lib"
-  fi
-  READLINELIB="$READLINELIB -lreadline"
-  
+	with_hesiod=yes
+	echo "$ac_t""headers $ires, libraries $lres" 1>&6
 else
-  echo "$ac_t""no" 1>&6
+	INCLUDE_hesiod=
+	LIB_hesiod=
+	with_hesiod=no
+	echo "$ac_t""$with_hesiod" 1>&6
 fi
 
 
 
 
 
-case ${with_shared} in
-  yes ) with_shared=yes;;
-  no  ) with_shared=no;;
-  *   ) with_shared=no;;
+
+# Check whether --enable-shared or --disable-shared was given.
+if test "${enable_shared+set}" = set; then
+  enableval="$enable_shared"
+  :
+fi
+
+
+
+case ${enable_shared} in
+  yes ) enable_shared=yes;;
+  no  ) enable_shared=no;;
+  *   ) enable_shared=no;;
 esac
 
 # NOTE: Building shared libraries may not work if you do not use gcc!
@@ -1664,11 +2267,18 @@ esac
 # Irix		so
 #
 # LIBEXT is the extension we should build (.a or $SHLIBEXT)
+LINK='$(CC)'
+
+lib_deps=yes
 REAL_PICFLAGS="-fpic"
 LDSHARED='$(CC) $(PICFLAGS) -shared'
 LIBPREFIX=lib
+build_symlink_command=@true
+install_symlink_command=@true
+install_symlink_command2=@true
 REAL_SHLIBEXT=so
 SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
+SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
 case "${host}" in
 *-*-hpux*)
 	REAL_SHLIBEXT=sl
@@ -1677,9 +2287,23 @@ case "${host}" in
 		LDSHARED="ld -b"
 		REAL_PICFLAGS="+z"
 	fi
+	lib_deps=no
 	;;
 *-*-linux*)
+	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
 	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
+	;;
+*-*-freebsd3*)
+	REAL_SHLIBEXT=so.$SHLIB_VERSION
+	LDSHARED='ld -Bshareable'
+	REAL_LD_FLAGS='-Wl,-R$(libdir)'
+	build_symlink_command='$(LN_S) -f $@ $(LIBNAME).so'
+	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
+	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
 	;;
 *-*-*bsd*)
 	REAL_SHLIBEXT=so.$SHLIB_VERSION
@@ -1698,19 +2322,31 @@ case "${host}" in
 		REAL_PICFLAGS="-Kpic"
 	fi
 	;;
+*-fujitsu-uxpv*)
+	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
+	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
+	LDSHARED='$(CC) -G'
+	REAL_PICFLAGS="-Kpic"
+	lib_deps=no # fails in mysterious ways
+	;;
 *-*-sunos*)
 	REAL_SHLIBEXT=so.$SHLIB_VERSION
 	REAL_LD_FLAGS='-Wl,-L$(libdir)'
+	lib_deps=no
 	;;
 *-*-irix*)
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	REAL_PICFLAGS=
+        libdir="${libdir}${abilibdirext}"
+        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
+	LDSHARED="\$(CC) -shared ${abi}"
+        REAL_PICFLAGS=
+        CFLAGS="${abi} ${CFLAGS}"
 	;;
-*-*-os2_emx*)
-	LD_FLAGS='-Zexe'
+*-*-os2*)
 	LIBPREFIX=
 	EXECSUFFIX='.exe'
 	RANLIB=EMXOMF
+	LD_FLAGS=-Zcrtdll
 	REAL_SHLIBEXT=nobuild
 	;;
 *-*-cygwin32*)
@@ -1722,73 +2358,63 @@ case "${host}" in
 	;;
 esac
 
-if test "${with_shared}" != "yes" ; then 
+if test "${enable_shared}" != "yes" ; then 
  PICFLAGS=""
  SHLIBEXT="nobuild"
  LIBEXT="a"
+ build_symlink_command=@true
+ install_symlink_command=@true
+ install_symlink_command2=@true
 else
  PICFLAGS="$REAL_PICFLAGS"
  SHLIBEXT="$REAL_SHLIBEXT"
  LIBEXT="$SHLIBEXT"
- LD_FLAGS="$REAL_LD_FLAGS"
+ echo $ac_n "checking whether to use -rpath""... $ac_c" 1>&6
+echo "configure:2374: checking whether to use -rpath" >&5
+ case "$libdir" in
+   /lib | /usr/lib | /usr/local/lib)
+     echo "$ac_t""no" 1>&6
+     REAL_LD_FLAGS=
+     LD_FLAGS=
+     ;;
+   *)
+     LD_FLAGS="$REAL_LD_FLAGS"
+     test "$REAL_LINK" && LINK="$REAL_LINK"
+     echo "$ac_t""$LD_FLAGS" 1>&6
+     ;;
+   esac
 fi
 
-   
-       
-
-
-if test "${with_shared}" = "yes"; then
-echo $ac_n "checking for pragma weak""... $ac_c" 1>&6
-echo "configure:1743: checking for pragma weak" >&5
-if eval "test \"`echo '$''{'ac_have_pragma_weak'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
+if test "$lib_deps" = yes; then
+	lib_deps_yes=""
+	lib_deps_no="# "
 else
-  
-ac_have_pragma_weak=no
-cat > conftest_foo.$ac_ext <<'EOF'
-#line 1750 "configure"
-#include "confdefs.h"
-#pragma weak foo = _foo
-int _foo = 17;
-EOF
-cat > conftest_bar.$ac_ext <<'EOF'
-#line 1756 "configure"
-#include "confdefs.h"
-extern int foo;
+	lib_deps_yes="# "
+	lib_deps_no=""
+fi
 
-int t() {
-  return foo;
-}
 
-int main() {
-  return t();
-}
-EOF
-if { (eval echo configure:1768: \"$'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5'\") 1>&5; (eval $'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5') 2>&5; }; then
-ac_have_pragma_weak=yes
-fi
-rm -rf conftest*
 
+# use supplied ld-flags, or none if `no'
+if test "$with_ld_flags" = no; then
+	LD_FLAGS=
+elif test -n "$with_ld_flags"; then
+	LD_FLAGS="$with_ld_flags"
 fi
 
-if test "$ac_have_pragma_weak" = "yes"; then
-	cat >> confdefs.h <<\EOF
-#define HAVE_PRAGMA_WEAK 1
-EOF
-fi
-echo "$ac_t""$ac_have_pragma_weak" 1>&6
-fi
+   
+       
 
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:1785: checking whether byte ordering is bigendian" >&5
+echo "configure:2411: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 1792 "configure"
+#line 2418 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1799,11 +2425,11 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2429: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 1807 "configure"
+#line 2433 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1814,7 +2440,7 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:1818: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2444: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -1834,7 +2460,7 @@ if test "$cross_compiling" = yes; then
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 1838 "configure"
+#line 2464 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -1847,7 +2473,7 @@ main () {
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:1851: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2477: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -1872,12 +2498,12 @@ fi
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:1876: checking for working const" >&5
+echo "configure:2502: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1881 "configure"
+#line 2507 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -1926,7 +2552,7 @@ ccp = (char const *const *) p;
 
 ; return 0; }
 EOF
-if { (eval echo configure:1930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2556: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -1947,17 +2573,104 @@ EOF
 fi
 
 
+echo $ac_n "checking for inline""... $ac_c" 1>&6
+echo "configure:2578: checking for inline" >&5
+if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat > conftest.$ac_ext <<EOF
+#line 2585 "configure"
+#include "confdefs.h"
+
+int main() {
+} $ac_kw foo() {
+; return 0; }
+EOF
+if { (eval echo configure:2592: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_inline=$ac_kw; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+
+fi
+
+echo "$ac_t""$ac_cv_c_inline" 1>&6
+case "$ac_cv_c_inline" in
+  inline | yes) ;;
+  no) cat >> confdefs.h <<\EOF
+#define inline 
+EOF
+ ;;
+  *)  cat >> confdefs.h <<EOF
+#define inline $ac_cv_c_inline
+EOF
+ ;;
+esac
+
+
+
+echo $ac_n "checking for __attribute__""... $ac_c" 1>&6
+echo "configure:2620: checking for __attribute__" >&5
+if eval "test \"`echo '$''{'ac_cv___attribute__'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 2626 "configure"
+#include "confdefs.h"
+
+#include <stdlib.h>
+
+int main() {
+
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+  exit(1);
+}
+
+; return 0; }
+EOF
+if { (eval echo configure:2643: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv___attribute__=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv___attribute__=no
+fi
+rm -f conftest*
+fi
+
+if test "$ac_cv___attribute__" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE___ATTRIBUTE__ 1
+EOF
+
+fi
+echo "$ac_t""$ac_cv___attribute__" 1>&6
+
+
 
 
 echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6
-echo "configure:1954: checking for NEXTSTEP" >&5
+echo "configure:2667: checking for NEXTSTEP" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1959 "configure"
+#line 2672 "configure"
 #include "confdefs.h"
-#ifdef NeXT
+#if defined(NeXT) && !defined(__APPLE__)
 	yes
 #endif 
 
@@ -1982,12 +2695,12 @@ echo "$ac_t""$krb_cv_sys_nextstep" 1>&6
 
 
 echo $ac_n "checking for AIX""... $ac_c" 1>&6
-echo "configure:1986: checking for AIX" >&5
+echo "configure:2699: checking for AIX" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1991 "configure"
+#line 2704 "configure"
 #include "confdefs.h"
 #ifdef _AIX
 	yes
@@ -2010,29 +2723,134 @@ echo "$ac_t""$krb_cv_sys_aix" 1>&6
 
 
 if test "$krb_cv_sys_aix" = yes ;then
-	AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o'
-	
-	AFS_EXTRA_LIBS=afslib.so
-	
+	if test "$aix_dynamic_afs" = yes; then
+		AFS_EXTRA_OBJS=
+		AFS_EXTRA_LIBS=afslib.so
+		# this works differently in AIX <=3 and 4
+		if test `uname -v` = 4 ; then
+			AFS_EXTRA_LD="-bnoentry"
+		else
+			AFS_EXTRA_LD="-e _nostart"
+		fi
+		AFS_EXTRA_DEFS=
+		
+
+
+echo $ac_n "checking for dlopen""... $ac_c" 1>&6
+echo "configure:2741: checking for dlopen" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_dlopen'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" dl; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS="$ac_lib $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 2756 "configure"
+#include "confdefs.h"
+
+int main() {
+dlopen()
+; return 0; }
+EOF
+if { (eval echo configure:2763: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
+	LIBS="$ac_save_LIBS"
 fi
 
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dlopen"
+
+: << END
+@@@funcs="$funcs dlopen"@@@
+@@@libs="$libs "" dl"@@@
+END
+
+# dlopen
+eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dlopen=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_dlopen=yes"
+	eval "LIB_dlopen="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_dlopen=no"
+	eval "LIB_dlopen="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_dlopen=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
+
+
+		if test "$ac_cv_funclib_dlopen" = yes; then
+			AIX_EXTRA_KAFS=
+		elif test "$ac_cv_funclib_dlopen" != no; then
+			AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen"
+		else
+			AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o"
+			AIX_EXTRA_KAFS=-lld
+		fi
+	else
+		AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o'
+		AFS_EXTRA_LIBS=
+		AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS'
+		AIX_EXTRA_KAFS=
+	fi
+					fi
+
 #
 # AIX needs /lib/pse.exp for getmsg, but alas that file is broken in
 # AIX414
 #
 
 if test -f /lib/pse.exp ;then
-	LIBS="$LIBS -Wl,-bI:/lib/pse.exp"
+	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
 fi
 
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:2031: checking for ANSI C header files" >&5
+echo "configure:2849: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2036 "configure"
+#line 2854 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -2040,8 +2858,8 @@ else
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:2862: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
   ac_cv_header_stdc=yes
@@ -2057,7 +2875,7 @@ rm -f conftest*
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2061 "configure"
+#line 2879 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -2075,7 +2893,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2079 "configure"
+#line 2897 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -2096,7 +2914,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 2100 "configure"
+#line 2918 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -2107,7 +2925,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
 exit (0); }
 
 EOF
-if { (eval echo configure:2111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -2131,62 +2949,117 @@ EOF
 fi
 
 
-for ac_hdr in arpa/ftp.h arpa/inet.h arpa/nameser.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2139: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2144 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
-
-for ac_hdr in arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h
+for ac_hdr in arpa/ftp.h			\
+	arpa/inet.h				\
+	arpa/nameser.h				\
+	arpa/telnet.h				\
+	bsd/bsd.h				\
+	bsdsetjmp.h				\
+	capability.h				\
+	crypt.h					\
+	curses.h				\
+	db.h					\
+	dbm.h					\
+	dirent.h				\
+	err.h					\
+	errno.h					\
+	fcntl.h					\
+	fnmatch.h				\
+	grp.h					\
+	inttypes.h				\
+	io.h					\
+	lastlog.h				\
+	libutil.h				\
+	limits.h				\
+	login.h					\
+	maillock.h				\
+	ndbm.h					\
+	net/if.h				\
+	net/if_tun.h				\
+	net/if_var.h				\
+	netdb.h					\
+	netinet/in.h				\
+	netinet/in6_machtypes.h			\
+	netinet/in_systm.h			\
+	paths.h					\
+	pty.h					\
+	pwd.h					\
+	resolv.h				\
+	rpcsvc/dbm.h				\
+	rpcsvc/ypclnt.h				\
+	sac.h					\
+	security/pam_modules.h			\
+	shadow.h				\
+	siad.h					\
+	signal.h				\
+	stropts.h				\
+	sys/bitypes.h				\
+	sys/capability.h			\
+	sys/category.h				\
+	sys/file.h				\
+	sys/filio.h				\
+	sys/ioccom.h				\
+	sys/ioctl.h				\
+	sys/locking.h				\
+	sys/mman.h				\
+	sys/param.h				\
+	sys/proc.h				\
+	sys/pty.h				\
+	sys/ptyio.h				\
+	sys/ptyvar.h				\
+	sys/resource.h				\
+	sys/select.h				\
+	sys/socket.h				\
+	sys/sockio.h				\
+	sys/stat.h				\
+	sys/str_tty.h				\
+	sys/stream.h				\
+	sys/stropts.h				\
+	sys/strtty.h				\
+	sys/syscall.h				\
+	sys/sysctl.h				\
+	sys/termio.h				\
+	sys/time.h				\
+	sys/timeb.h				\
+	sys/times.h				\
+	sys/tty.h				\
+	sys/types.h				\
+	sys/uio.h				\
+	sys/un.h				\
+	sys/utsname.h				\
+	sys/wait.h				\
+	syslog.h				\
+	term.h					\
+	termcap.h				\
+	termio.h				\
+	termios.h				\
+	tmpdir.h				\
+	ttyent.h				\
+	udb.h					\
+	ulimit.h				\
+	unistd.h				\
+	userpw.h				\
+	usersec.h				\
+	util.h					\
+	utime.h					\
+	utmp.h					\
+	utmpx.h					\
+	wait.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2179: checking for $ac_hdr" >&5
+echo "configure:3052: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2184 "configure"
+#line 3057 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2189: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:3062: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
   eval "ac_cv_header_$ac_safe=yes"
@@ -2211,382 +3084,98 @@ else
 fi
 done
 
-for ac_hdr in crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2219: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2224 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2229: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in lastlog.h login.h maillock.h ndbm.h net/if.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2259: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+echo "configure:3090: checking whether time.h and sys/time.h may both be included" >&5
+if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2264 "configure"
+#line 3095 "configure"
 #include "confdefs.h"
-#include <$ac_hdr>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+int main() {
+struct tm *tp;
+; return 0; }
 EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
+if { (eval echo configure:3104: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
+  ac_cv_header_time=yes
 else
-  echo "$ac_err" >&5
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
+  ac_cv_header_time=no
 fi
 rm -f conftest*
 fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in net/if_tun.h net/if_var.h netdb.h netinet/in.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2299: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2304 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2309: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
+echo "$ac_t""$ac_cv_header_time" 1>&6
+if test $ac_cv_header_time = yes; then
+  cat >> confdefs.h <<\EOF
+#define TIME_WITH_SYS_TIME 1
 EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in netinet/in6_machtypes.h netinet/in_systm.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2339: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2344 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2349: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
 fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2379: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6
+echo "configure:3125: checking for sys_siglist declaration in signal.h or unistd.h" >&5
+if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2384 "configure"
+#line 3130 "configure"
 #include "confdefs.h"
-#include <$ac_hdr>
+#include <sys/types.h>
+#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h.  */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+int main() {
+char *msg = *(sys_siglist + 1);
+; return 0; }
 EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
+if { (eval echo configure:3142: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
+  ac_cv_decl_sys_siglist=yes
 else
-  echo "$ac_err" >&5
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
+  ac_cv_decl_sys_siglist=no
 fi
 rm -f conftest*
 fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2419: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2424 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2429: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
+echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6
+if test $ac_cv_decl_sys_siglist = yes; then
+  cat >> confdefs.h <<\EOF
+#define SYS_SIGLIST_DECLARED 1
 EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in shadow.h siad.h signal.h stropts.h sys/bitypes.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2459: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2464 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
 fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in sys/category.h sys/cdefs.h sys/file.h sys/filio.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2499: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2504 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2509: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2539: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2544 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h
+for ac_hdr in standards.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2579: checking for $ac_hdr" >&5
+echo "configure:3168: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2584 "configure"
+#line 3173 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:3178: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
   eval "ac_cv_header_$ac_safe=yes"
@@ -2611,454 +3200,132 @@ else
 fi
 done
 
-for ac_hdr in sys/resource.h sys/select.h sys/socket.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2619: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2624 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2629: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
+for i in netinet/ip.h netinet/tcp.h; do
 
-for ac_hdr in sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2659: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2664 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
 
-for ac_hdr in sys/stropts.h sys/strtty.h sys/syscall.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2699: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3209: checking for $i" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$cv'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2704 "configure"
+#line 3214 "configure"
 #include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2709: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
+\
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
 
-for ac_hdr in sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2739: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2744 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2749: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:3224: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
+  eval "ac_cv_header_$cv=yes"
 else
   echo "$ac_err" >&5
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
+  eval "ac_cv_header_$cv=no"
 fi
 rm -f conftest*
 fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in sys/times.h sys/tty.h sys/types.h sys/uio.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2779: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2784 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2789: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+echo "$ac_t""`eval echo \\$ac_cv_header_$cv`" 1>&6
+if test `eval echo \\$ac_cv_header_$cv` = yes; then
+  ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
   cat >> confdefs.h <<EOF
 #define $ac_tr_hdr 1
 EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in sys/un.h sys/utsname.h sys/wait.h syslog.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2819: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2824 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2829: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
 fi
 done
+: << END
+@@@headers="$headers netinet/ip.h netinet/tcp.h"@@@
+END
 
-for ac_hdr in termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2859: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2864 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2869: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in unistd.h userpw.h usersec.h util.h utime.h utmp.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2899: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2904 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2909: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
-for ac_hdr in utmpx.h wait.h winsock.h
-do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2939: checking for $ac_hdr" >&5
-if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2944 "configure"
-#include "confdefs.h"
-#include <$ac_hdr>
-EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
+EXTRA_LOCL_HEADERS=
+EXTRA_HEADERS=
+if test "$ac_cv_header_err_h" != yes; then
+	EXTRA_HEADERS="$EXTRA_HEADERS err.h"
 fi
-rm -f conftest*
+if test "$ac_cv_header_fnmatch_h" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h"
 fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_hdr 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
 
 
-echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
-echo "configure:2977: checking whether time.h and sys/time.h may both be included" >&5
-if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2982 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-int main() {
-struct tm *tp;
-; return 0; }
-EOF
-if { (eval echo configure:2991: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-  rm -rf conftest*
-  ac_cv_header_time=yes
-else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_header_time=no
-fi
-rm -f conftest*
-fi
-
-echo "$ac_t""$ac_cv_header_time" 1>&6
-if test $ac_cv_header_time = yes; then
-  cat >> confdefs.h <<\EOF
-#define TIME_WITH_SYS_TIME 1
-EOF
 
-fi
 
-echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6
-echo "configure:3012: checking for sys_siglist declaration in signal.h or unistd.h" >&5
-if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then
+for i in int8_t int16_t int32_t int64_t; do
+	echo $ac_n "checking for $i""... $ac_c" 1>&6
+echo "configure:3268: checking for $i" >&5
+	
+if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3017 "configure"
+#line 3274 "configure"
 #include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
-#include <signal.h>
-/* NetBSD declares sys_siglist in unistd.h.  */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
 #endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
 int main() {
-char *msg = *(sys_siglist + 1);
+$i x;
+
 ; return 0; }
 EOF
-if { (eval echo configure:3029: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  ac_cv_decl_sys_siglist=yes
+  eval ac_cv_type_$i=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  ac_cv_decl_sys_siglist=no
+  eval ac_cv_type_$i=no
 fi
 rm -f conftest*
 fi
 
-echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6
-if test $ac_cv_decl_sys_siglist = yes; then
-  cat >> confdefs.h <<\EOF
-#define SYS_SIGLIST_DECLARED 1
+	eval ac_res=\$ac_cv_type_$i
+	if test "$ac_res" = yes; then
+		type=HAVE_`echo $i | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+		cat >> confdefs.h <<EOF
+#define $type 1
 EOF
 
-fi
-
+	fi
+	echo "$ac_t""$ac_res" 1>&6
+done
 
 
-for i in int8_t int16_t int32_t int64_t; do
+for i in u_int8_t u_int16_t u_int32_t u_int64_t; do
 	echo $ac_n "checking for $i""... $ac_c" 1>&6
-echo "configure:3053: checking for $i" >&5
+echo "configure:3321: checking for $i" >&5
 	
 if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3059 "configure"
+#line 3327 "configure"
 #include "confdefs.h"
 
-#include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -3077,7 +3344,7 @@ $i x;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3348: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval ac_cv_type_$i=yes
 else
@@ -3091,7 +3358,7 @@ fi
 
 	eval ac_res=\$ac_cv_type_$i
 	if test "$ac_res" = yes; then
-		type=HAVE_`echo $i | tr 'a-z' 'A-Z'`
+		type=HAVE_`echo $i | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 		cat >> confdefs.h <<EOF
 #define $type 1
 EOF
@@ -3101,58 +3368,134 @@ EOF
 done
 
 
-for i in u_int8_t u_int16_t u_int32_t u_int64_t; do
-	echo $ac_n "checking for $i""... $ac_c" 1>&6
-echo "configure:3107: checking for $i" >&5
-	
-if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then
+echo $ac_n "checking for strange sys/bitypes.h""... $ac_c" 1>&6
+echo "configure:3373: checking for strange sys/bitypes.h" >&5
+if eval "test \"`echo '$''{'krb_cv_int8_t_ifdef'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-  cat > conftest.$ac_ext <<EOF
-#line 3113 "configure"
+  
+cat > conftest.$ac_ext <<EOF
+#line 3379 "configure"
 #include "confdefs.h"
 
-#include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_SYS_BITYPES_H
 #include <sys/bitypes.h>
 #endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
 #ifdef HAVE_NETINET_IN6_MACHTYPES_H
 #include <netinet/in6_machtypes.h>
 #endif
 
 int main() {
-$i x;
+int8_t x;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3135: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3397: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  eval ac_cv_type_$i=yes
+  krb_cv_int8_t_ifdef=no
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  eval ac_cv_type_$i=no
+  krb_cv_int8_t_ifdef=yes
 fi
 rm -f conftest*
 fi
 
-	eval ac_res=\$ac_cv_type_$i
-	if test "$ac_res" = yes; then
-		type=HAVE_`echo $i | tr 'a-z' 'A-Z'`
-		cat >> confdefs.h <<EOF
-#define $type 1
+echo "$ac_t""$krb_cv_int8_t_ifdef" 1>&6
+if test "$krb_cv_int8_t_ifdef" = "yes"; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_STRANGE_INT8_T 1
 EOF
+fi
 
-	fi
-	echo "$ac_t""$ac_res" 1>&6
-done
+
+
+
+
+echo $ac_n "checking for crypt""... $ac_c" 1>&6
+echo "configure:3421: checking for crypt" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_crypt'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
+	ac_save_LIBS="$LIBS"
+	for ac_lib in "" crypt; do
+		if test -n "$ac_lib"; then 
+			ac_lib="-l$ac_lib"
+		else
+			ac_lib=""
+		fi
+		LIBS="$ac_lib $ac_save_LIBS"
+		cat > conftest.$ac_ext <<EOF
+#line 3436 "configure"
+#include "confdefs.h"
+
+int main() {
+crypt()
+; return 0; }
+EOF
+if { (eval echo configure:3443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+	done
+	eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
+	LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_crypt"
+
+: << END
+@@@funcs="$funcs crypt"@@@
+@@@libs="$libs "" crypt"@@@
+END
+
+# crypt
+eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_crypt=$ac_res"
+
+case "$ac_res" in
+	yes)
+	eval "ac_cv_func_crypt=yes"
+	eval "LIB_crypt="
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	echo "$ac_t""yes" 1>&6
+	;;
+	no)
+	eval "ac_cv_func_crypt=no"
+	eval "LIB_crypt="
+	echo "$ac_t""no" 1>&6
+	;;
+	*)
+	eval "ac_cv_func_crypt=yes"
+	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+	cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+	cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+	echo "$ac_t""yes, in $ac_res" 1>&6
+	;;
+esac
 
 
 
@@ -3161,7 +3504,7 @@ done
 
 
 echo $ac_n "checking for socket""... $ac_c" 1>&6
-echo "configure:3165: checking for socket" >&5
+echo "configure:3508: checking for socket" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3171,10 +3514,12 @@ if eval "test \"\$ac_cv_func_socket\" != yes" ; then
 	for ac_lib in "" socket; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3178 "configure"
+#line 3523 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -3186,7 +3531,7 @@ int main() {
 socket(0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:3190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3535: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
 else
@@ -3204,14 +3549,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_socket"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs socket"@@@
-@@@libs="$libs socket"@@@
+@@@libs="$libs "" socket"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo socket | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# socket
+eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_socket=$ac_res"
 
 case "$ac_res" in
@@ -3252,8 +3597,9 @@ fi
 
 
 
+
 echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:3257: checking for gethostbyname" >&5
+echo "configure:3603: checking for gethostbyname" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3263,10 +3609,12 @@ if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
 	for ac_lib in "" nsl; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3270 "configure"
+#line 3618 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -3278,7 +3626,7 @@ int main() {
 gethostbyname("foo")
 ; return 0; }
 EOF
-if { (eval echo configure:3282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3630: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
 else
@@ -3296,14 +3644,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_gethostbyname"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs gethostbyname"@@@
-@@@libs="$libs nsl"@@@
+@@@libs="$libs "" nsl"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo gethostbyname | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# gethostbyname
+eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_gethostbyname=$ac_res"
 
 case "$ac_res" in
@@ -3346,8 +3694,9 @@ fi
 
 
 
+
 echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6
-echo "configure:3351: checking for odm_initialize" >&5
+echo "configure:3700: checking for odm_initialize" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3357,17 +3706,19 @@ if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then
 	for ac_lib in "" odm; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3364 "configure"
+#line 3715 "configure"
 #include "confdefs.h"
 
 int main() {
 odm_initialize()
 ; return 0; }
 EOF
-if { (eval echo configure:3371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3722: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break
 else
@@ -3385,14 +3736,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_odm_initialize"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs odm_initialize"@@@
-@@@libs="$libs odm"@@@
+@@@libs="$libs "" odm"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo odm_initialize | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# odm_initialize
+eval "ac_tr_func=HAVE_`echo odm_initialize | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_odm_initialize=$ac_res"
 
 case "$ac_res" in
@@ -3433,8 +3784,9 @@ fi
 
 
 
+
 echo $ac_n "checking for getattr""... $ac_c" 1>&6
-echo "configure:3438: checking for getattr" >&5
+echo "configure:3790: checking for getattr" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3444,17 +3796,19 @@ if eval "test \"\$ac_cv_func_getattr\" != yes" ; then
 	for ac_lib in "" cfg; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3451 "configure"
+#line 3805 "configure"
 #include "confdefs.h"
 
 int main() {
 getattr()
 ; return 0; }
 EOF
-if { (eval echo configure:3458: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3812: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break
 else
@@ -3472,14 +3826,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_getattr"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs getattr"@@@
-@@@libs="$libs cfg"@@@
+@@@libs="$libs "" cfg"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo getattr | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# getattr
+eval "ac_tr_func=HAVE_`echo getattr | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_getattr=$ac_res"
 
 case "$ac_res" in
@@ -3520,8 +3874,9 @@ fi
 
 
 
+
 echo $ac_n "checking for setpcred""... $ac_c" 1>&6
-echo "configure:3525: checking for setpcred" >&5
+echo "configure:3880: checking for setpcred" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3531,17 +3886,19 @@ if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then
 	for ac_lib in "" s; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3538 "configure"
+#line 3895 "configure"
 #include "confdefs.h"
 
 int main() {
 setpcred()
 ; return 0; }
 EOF
-if { (eval echo configure:3545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break
 else
@@ -3559,14 +3916,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_setpcred"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs setpcred"@@@
-@@@libs="$libs s"@@@
+@@@libs="$libs "" s"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo setpcred | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# setpcred
+eval "ac_tr_func=HAVE_`echo setpcred | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_setpcred=$ac_res"
 
 case "$ac_res" in
@@ -3607,8 +3964,9 @@ fi
 
 
 
+
 echo $ac_n "checking for logwtmp""... $ac_c" 1>&6
-echo "configure:3612: checking for logwtmp" >&5
+echo "configure:3970: checking for logwtmp" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3618,17 +3976,19 @@ if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
 	for ac_lib in "" util; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3625 "configure"
+#line 3985 "configure"
 #include "confdefs.h"
 
 int main() {
 logwtmp()
 ; return 0; }
 EOF
-if { (eval echo configure:3632: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:3992: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
 else
@@ -3646,14 +4006,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_logwtmp"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs logwtmp"@@@
-@@@libs="$libs util"@@@
+@@@libs="$libs "" util"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo logwtmp | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# logwtmp
+eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_logwtmp=$ac_res"
 
 case "$ac_res" in
@@ -3695,8 +4055,9 @@ fi
 
 
 
+
 echo $ac_n "checking for logout""... $ac_c" 1>&6
-echo "configure:3700: checking for logout" >&5
+echo "configure:4061: checking for logout" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3706,17 +4067,19 @@ if eval "test \"\$ac_cv_func_logout\" != yes" ; then
 	for ac_lib in "" util; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3713 "configure"
+#line 4076 "configure"
 #include "confdefs.h"
 
 int main() {
 logout()
 ; return 0; }
 EOF
-if { (eval echo configure:3720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4083: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
 else
@@ -3734,14 +4097,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_logout"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs logout"@@@
-@@@libs="$libs util"@@@
+@@@libs="$libs "" util"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo logout | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# logout
+eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_logout=$ac_res"
 
 case "$ac_res" in
@@ -3781,28 +4144,31 @@ fi
 
 
 
+
 echo $ac_n "checking for tgetent""... $ac_c" 1>&6
-echo "configure:3786: checking for tgetent" >&5
+echo "configure:4150: checking for tgetent" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" termcap; do
+	for ac_lib in "" termcap ncurses curses; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 3799 "configure"
+#line 4165 "configure"
 #include "confdefs.h"
 
 int main() {
 tgetent()
 ; return 0; }
 EOF
-if { (eval echo configure:3806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4172: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
 else
@@ -3820,14 +4186,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_tgetent"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs tgetent"@@@
-@@@libs="$libs termcap"@@@
+@@@libs="$libs "" termcap ncurses curses"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo tgetent | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# tgetent
+eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_tgetent=$ac_res"
 
 case "$ac_res" in
@@ -3867,7 +4233,7 @@ esac
 # Uses ac_ vars as temps to allow command line to override cache and checks.
 # --without-x overrides everything else, but does not touch the cache.
 echo $ac_n "checking for X""... $ac_c" 1>&6
-echo "configure:3871: checking for X" >&5
+echo "configure:4237: checking for X" >&5
 
 # Check whether --with-x or --without-x was given.
 if test "${with_x+set}" = set; then
@@ -3929,13 +4295,13 @@ if test "$ac_x_includes" = NO; then
 
   # First, try using that file with no special directory specified.
 cat > conftest.$ac_ext <<EOF
-#line 3933 "configure"
+#line 4299 "configure"
 #include "confdefs.h"
 #include <$x_direct_test_include>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:4304: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
   # We can compile using X headers with no special include directory.
@@ -4003,14 +4369,14 @@ if test "$ac_x_libraries" = NO; then
   ac_save_LIBS="$LIBS"
   LIBS="-l$x_direct_test_library $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4007 "configure"
+#line 4373 "configure"
 #include "confdefs.h"
 
 int main() {
 ${x_direct_test_function}()
 ; return 0; }
 EOF
-if { (eval echo configure:4014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4380: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   LIBS="$ac_save_LIBS"
 # We can link X programs with no special library path.
@@ -4096,6 +4462,7 @@ else
   echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6
 fi
 
+
 if test "$no_x" = yes; then
   # Not all programs may use this symbol, but it does not hurt to define it.
   cat >> confdefs.h <<\EOF
@@ -4116,17 +4483,17 @@ else
     case "`(uname -sr) 2>/dev/null`" in
     "SunOS 5"*)
       echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
-echo "configure:4120: checking whether -R must be followed by a space" >&5
+echo "configure:4487: checking whether -R must be followed by a space" >&5
       ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
       cat > conftest.$ac_ext <<EOF
-#line 4123 "configure"
+#line 4490 "configure"
 #include "confdefs.h"
 
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:4130: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4497: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_R_nospace=yes
 else
@@ -4142,14 +4509,14 @@ rm -f conftest*
       else
 	LIBS="$ac_xsave_LIBS -R $x_libraries"
 	cat > conftest.$ac_ext <<EOF
-#line 4146 "configure"
+#line 4513 "configure"
 #include "confdefs.h"
 
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:4153: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4520: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_R_space=yes
 else
@@ -4181,7 +4548,7 @@ rm -f conftest*
     # libraries were built with DECnet support.  And karl@cs.umb.edu says
     # the Alpha needs dnet_stub (dnet does not exist).
     echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
-echo "configure:4185: checking for dnet_ntoa in -ldnet" >&5
+echo "configure:4552: checking for dnet_ntoa in -ldnet" >&5
 ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4189,7 +4556,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldnet  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4193 "configure"
+#line 4560 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4200,7 +4567,7 @@ int main() {
 dnet_ntoa()
 ; return 0; }
 EOF
-if { (eval echo configure:4204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4571: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4222,7 +4589,7 @@ fi
 
     if test $ac_cv_lib_dnet_dnet_ntoa = no; then
       echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
-echo "configure:4226: checking for dnet_ntoa in -ldnet_stub" >&5
+echo "configure:4593: checking for dnet_ntoa in -ldnet_stub" >&5
 ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4230,7 +4597,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldnet_stub  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4234 "configure"
+#line 4601 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4241,7 +4608,7 @@ int main() {
 dnet_ntoa()
 ; return 0; }
 EOF
-if { (eval echo configure:4245: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4612: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4270,12 +4637,12 @@ fi
     # The nsl library prevents programs from opening the X display
     # on Irix 5.2, according to dickey@clark.net.
     echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:4274: checking for gethostbyname" >&5
+echo "configure:4641: checking for gethostbyname" >&5
 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4279 "configure"
+#line 4646 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char gethostbyname(); below.  */
@@ -4298,7 +4665,7 @@ gethostbyname();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4669: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_gethostbyname=yes"
 else
@@ -4319,7 +4686,7 @@ fi
 
     if test $ac_cv_func_gethostbyname = no; then
       echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:4323: checking for gethostbyname in -lnsl" >&5
+echo "configure:4690: checking for gethostbyname in -lnsl" >&5
 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4327,7 +4694,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4331 "configure"
+#line 4698 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4338,7 +4705,7 @@ int main() {
 gethostbyname()
 ; return 0; }
 EOF
-if { (eval echo configure:4342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4368,12 +4735,12 @@ fi
     # -lsocket must be given before -lnsl if both are needed.
     # We assume that if connect needs -lnsl, so does gethostbyname.
     echo $ac_n "checking for connect""... $ac_c" 1>&6
-echo "configure:4372: checking for connect" >&5
+echo "configure:4739: checking for connect" >&5
 if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4377 "configure"
+#line 4744 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char connect(); below.  */
@@ -4396,7 +4763,7 @@ connect();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_connect=yes"
 else
@@ -4417,7 +4784,7 @@ fi
 
     if test $ac_cv_func_connect = no; then
       echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
-echo "configure:4421: checking for connect in -lsocket" >&5
+echo "configure:4788: checking for connect in -lsocket" >&5
 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4425,7 +4792,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4429 "configure"
+#line 4796 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4436,7 +4803,7 @@ int main() {
 connect()
 ; return 0; }
 EOF
-if { (eval echo configure:4440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4460,12 +4827,12 @@ fi
 
     # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
     echo $ac_n "checking for remove""... $ac_c" 1>&6
-echo "configure:4464: checking for remove" >&5
+echo "configure:4831: checking for remove" >&5
 if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4469 "configure"
+#line 4836 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char remove(); below.  */
@@ -4488,7 +4855,7 @@ remove();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_remove=yes"
 else
@@ -4509,7 +4876,7 @@ fi
 
     if test $ac_cv_func_remove = no; then
       echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
-echo "configure:4513: checking for remove in -lposix" >&5
+echo "configure:4880: checking for remove in -lposix" >&5
 ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4517,7 +4884,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lposix  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4521 "configure"
+#line 4888 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4528,7 +4895,7 @@ int main() {
 remove()
 ; return 0; }
 EOF
-if { (eval echo configure:4532: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4899: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4552,12 +4919,12 @@ fi
 
     # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
     echo $ac_n "checking for shmat""... $ac_c" 1>&6
-echo "configure:4556: checking for shmat" >&5
+echo "configure:4923: checking for shmat" >&5
 if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4561 "configure"
+#line 4928 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char shmat(); below.  */
@@ -4580,7 +4947,7 @@ shmat();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_shmat=yes"
 else
@@ -4601,7 +4968,7 @@ fi
 
     if test $ac_cv_func_shmat = no; then
       echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
-echo "configure:4605: checking for shmat in -lipc" >&5
+echo "configure:4972: checking for shmat in -lipc" >&5
 ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4609,7 +4976,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lipc  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4613 "configure"
+#line 4980 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4620,7 +4987,7 @@ int main() {
 shmat()
 ; return 0; }
 EOF
-if { (eval echo configure:4624: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4991: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4653,15 +5020,15 @@ fi
   # libraries we check for below, so use a different variable.
   #  --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
   echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
-echo "configure:4657: checking for IceConnectionNumber in -lICE" >&5
+echo "configure:5024: checking for IceConnectionNumber in -lICE" >&5
 ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
-LIBS="-lICE  $LIBS"
+LIBS="-lICE $X_EXTRA_LIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4665 "configure"
+#line 5032 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4672,7 +5039,7 @@ int main() {
 IceConnectionNumber()
 ; return 0; }
 EOF
-if { (eval echo configure:4676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4696,6 +5063,78 @@ fi
 
 fi
 
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+	echo $ac_n "checking for special X linker flags""... $ac_c" 1>&6
+echo "configure:5072: checking for special X linker flags" >&5
+if eval "test \"`echo '$''{'krb_cv_sys_x_libs_rpath'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+	ac_save_libs="$LIBS"
+	ac_save_cflags="$CFLAGS"
+	CFLAGS="$CFLAGS $X_CFLAGS"
+	krb_cv_sys_x_libs_rpath=""
+	krb_cv_sys_x_libs=""
+	for rflag in "" "-R" "-R " "-rpath "; do
+		if test "$rflag" = ""; then
+			foo="$X_LIBS"
+		else
+			foo=""
+			for flag in $X_LIBS; do
+			case $flag in
+			-L*)
+				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+				;;
+			*)
+				foo="$foo $flag"
+				;;
+			esac
+			done
+		fi
+		LIBS="$ac_save_libs $foo -lX11"
+		if test "$cross_compiling" = yes; then
+    { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5103 "configure"
+#include "confdefs.h"
+
+		#include <X11/Xlib.h>
+		foo()
+		{
+		XOpenDisplay(NULL);
+		}
+		main()
+		{
+		return 0;
+		}
+		
+EOF
+if { (eval echo configure:5117: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  :
+fi
+rm -fr conftest*
+fi
+
+	done
+	LIBS="$ac_save_libs"
+	CFLAGS="$ac_save_cflags"
+	
+fi
+
+echo "$ac_t""$krb_cv_sys_x_libs_rpath" 1>&6
+	X_LIBS="$krb_cv_sys_x_libs"
+fi
+
 if test "$no_x" = "yes" ; then
 	MAKE_X_PROGS_BIN=""
 	MAKE_X_PROGS_LIBEXEC=""
@@ -4704,6 +5143,7 @@ else
 	MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
 fi
 
+
 save_CFLAGS="$CFLAGS"
 CFLAGS="$X_CFLAGS $CFLAGS"
 save_LIBS="$LIBS"
@@ -4713,59 +5153,63 @@ LDFLAGS="$LDFLAGS $X_LIBS"
 
 
 
-echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6
-echo "configure:4718: checking for XauReadAuth" >&5
-if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then
+
+
+echo $ac_n "checking for XauWriteAuth""... $ac_c" 1>&6
+echo "configure:5160: checking for XauWriteAuth" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauWriteAuth'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
-if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
+if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" Xau X11; do
+	for ac_lib in "" X11 Xau; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4731 "configure"
+#line 5175 "configure"
 #include "confdefs.h"
 
 int main() {
-XauReadAuth()
+XauWriteAuth()
 ; return 0; }
 EOF
-if { (eval echo configure:4738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5182: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
 	done
-	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
+	eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
 	LIBS="$ac_save_LIBS"
 fi
 
 fi
 
 
-eval "ac_res=\$ac_cv_funclib_XauReadAuth"
+eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs XauReadAuth"@@@
-@@@libs="$libs Xau X11"@@@
+@@@funcs="$funcs XauWriteAuth"@@@
+@@@libs="$libs "" X11 Xau"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo XauReadAuth | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
-eval "LIB_XauReadAuth=$ac_res"
+# XauWriteAuth
+eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauWriteAuth=$ac_res"
 
 case "$ac_res" in
 	yes)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "LIB_XauReadAuth="
+	eval "ac_cv_func_XauWriteAuth=yes"
+	eval "LIB_XauWriteAuth="
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -4773,12 +5217,12 @@ EOF
 	echo "$ac_t""yes" 1>&6
 	;;
 	no)
-	eval "ac_cv_func_XauReadAuth=no"
-	eval "LIB_XauReadAuth="
+	eval "ac_cv_func_XauWriteAuth=no"
+	eval "LIB_XauWriteAuth="
 	echo "$ac_t""no" 1>&6
 	;;
 	*)
-	eval "ac_cv_func_XauReadAuth=yes"
+	eval "ac_cv_func_XauWriteAuth=yes"
 	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
@@ -4794,129 +5238,65 @@ esac
 
 
 ac_xxx="$LIBS"
-LIBS="$LIB_XauReadAuth $LIBS"
-for ac_func in XauWriteAuth
-do
-echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:4802: checking for $ac_func" >&5
-if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 4807 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-char $ac_func();
+LIBS="$LIB_XauWriteAuth $LIBS"
 
-int main() {
 
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-$ac_func();
-#endif
 
-; return 0; }
-EOF
-if { (eval echo configure:4830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-  rm -rf conftest*
-  eval "ac_cv_func_$ac_func=yes"
-else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_func_$ac_func=no"
-fi
-rm -f conftest*
-fi
-
-if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_func 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
-
-if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-  XauWriteAuth_c=writeauth.c
-  XauWriteAuth_o=writeauth.o
-fi
-LIBS="$ac_xxx"
-
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-
-
-save_LIBS="$LIBS"
-
-
-echo $ac_n "checking for dbopen""... $ac_c" 1>&6
-echo "configure:4869: checking for dbopen" >&5
-if eval "test \"`echo '$''{'ac_cv_funclib_dbopen'+set}'`\" = set"; then
+echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6
+echo "configure:5247: checking for XauReadAuth" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
-if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
+if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" $berkeley_db; do
+	for ac_lib in "" X11 Xau; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4882 "configure"
+#line 5262 "configure"
 #include "confdefs.h"
 
 int main() {
-dbopen()
+XauReadAuth()
 ; return 0; }
 EOF
-if { (eval echo configure:4889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5269: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
 	done
-	eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
+	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
 	LIBS="$ac_save_LIBS"
 fi
 
 fi
 
 
-eval "ac_res=\$ac_cv_funclib_dbopen"
+eval "ac_res=\$ac_cv_funclib_XauReadAuth"
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs dbopen"@@@
-@@@libs="$libs $berkeley_db"@@@
+@@@funcs="$funcs XauReadAuth"@@@
+@@@libs="$libs "" X11 Xau"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo dbopen | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
-eval "LIB_dbopen=$ac_res"
+# XauReadAuth
+eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauReadAuth=$ac_res"
 
 case "$ac_res" in
 	yes)
-	eval "ac_cv_func_dbopen=yes"
-	eval "LIB_dbopen="
+	eval "ac_cv_func_XauReadAuth=yes"
+	eval "LIB_XauReadAuth="
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -4924,12 +5304,12 @@ EOF
 	echo "$ac_t""yes" 1>&6
 	;;
 	no)
-	eval "ac_cv_func_dbopen=no"
-	eval "LIB_dbopen="
+	eval "ac_cv_func_XauReadAuth=no"
+	eval "LIB_XauReadAuth="
 	echo "$ac_t""no" 1>&6
 	;;
 	*)
-	eval "ac_cv_func_dbopen=yes"
+	eval "ac_cv_func_XauReadAuth=yes"
 	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
@@ -4944,62 +5324,65 @@ EOF
 esac
 
 
-LIBS="$LIB_dbopen $LIBS"
+LIBS="$LIB_XauReadAauth $LIBS"
 
 
-echo $ac_n "checking for dbm_firstkey""... $ac_c" 1>&6
-echo "configure:4952: checking for dbm_firstkey" >&5
-if eval "test \"`echo '$''{'ac_cv_funclib_dbm_firstkey'+set}'`\" = set"; then
+
+echo $ac_n "checking for XauFileName""... $ac_c" 1>&6
+echo "configure:5333: checking for XauFileName" >&5
+if eval "test \"`echo '$''{'ac_cv_funclib_XauFileName'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
+if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" $berkeley_db gdbm ndbm; do
+	for ac_lib in "" X11 Xau; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 4965 "configure"
+#line 5348 "configure"
 #include "confdefs.h"
 
 int main() {
-dbm_firstkey()
+XauFileName()
 ; return 0; }
 EOF
-if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5355: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
+  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
 fi
 rm -f conftest*
 	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
+	eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
 	LIBS="$ac_save_LIBS"
 fi
 
 fi
 
 
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
+eval "ac_res=\$ac_cv_funclib_XauFileName"
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs dbm_firstkey"@@@
-@@@libs="$libs $berkeley_db gdbm ndbm"@@@
+@@@funcs="$funcs XauFileName"@@@
+@@@libs="$libs "" X11 Xau"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
-eval "LIB_dbm_firstkey=$ac_res"
+# XauFileName
+eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauFileName=$ac_res"
 
 case "$ac_res" in
 	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
+	eval "ac_cv_func_XauFileName=yes"
+	eval "LIB_XauFileName="
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -5007,12 +5390,12 @@ EOF
 	echo "$ac_t""yes" 1>&6
 	;;
 	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
+	eval "ac_cv_func_XauFileName=no"
+	eval "LIB_XauFileName="
 	echo "$ac_t""no" 1>&6
 	;;
 	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
+	eval "ac_cv_func_XauFileName=yes"
 	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
 	cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
@@ -5027,18 +5410,185 @@ EOF
 esac
 
 
-if test -n "$LIB_dbopen"; then
-  LIB_DBM="$LIB_dbopen"
+LIBS="$ac_xxx"
+
+case "$ac_cv_funclib_XauWriteAuth" in
+yes)	;;
+no)	;;
+*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	else
+		if test "$ac_cv_funclib_XauFileName" = yes; then
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+		else
+			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+		fi
+	fi
+	;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+	
+
+if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+  NEED_WRITEAUTH_TRUE=
+  NEED_WRITEAUTH_FALSE='#'
 else
-  LIB_DBM="$LIB_dbm_firstkey"
+  NEED_WRITEAUTH_TRUE='#'
+  NEED_WRITEAUTH_FALSE=
 fi
-LIBS="$save_LIBS"
+else
+	
+	
+	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+		NEED_WRITEAUTH_TRUE=
+		NEED_WRITEAUTH_FALSE='#'
+	else
+		NEED_WRITEAUTH_TRUE='#'
+		NEED_WRITEAUTH_FALSE=
+	fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+
+
+
+
+
+lib_dbm=no
+lib_db=no
+
+for i in "" $berkeley_db gdbm ndbm; do
+
+	if test "$i"; then
+		m="lib$i"
+		l="-l$i"
+	else
+		m="libc"
+		l=""
+	fi	
+
+	echo $ac_n "checking for dbm_open in $m""... $ac_c" 1>&6
+echo "configure:5478: checking for dbm_open in $m" >&5
+	if eval "test \"`echo '$''{'ac_cv_krb_dbm_open_$m'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+
+	save_LIBS="$LIBS"
+	LIBS="$l $LIBS"
+	if test "$cross_compiling" = yes; then
+  ac_res=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5490 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#elif defined(HAVE_RPCSVC_DBM_H)
+#include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#endif
+int main()
+{
+  DBM *d;
+
+  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+  if(d == NULL)
+    return 1;
+  dbm_close(d);
+  return 0;
+}
+EOF
+if { (eval echo configure:5516: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  
+	if test -f conftest.db; then
+		ac_res=db
+	else
+		ac_res=dbm
+	fi
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_res=no
+fi
+rm -fr conftest*
+fi
+
+
+	LIBS="$save_LIBS"
+
+	eval ac_cv_krb_dbm_open_$m=$ac_res
+fi
+
+	eval ac_res=\$ac_cv_krb_dbm_open_$m
+	echo "$ac_t""$ac_res" 1>&6
+
+	if test "$lib_dbm" = no -a $ac_res = dbm; then
+		lib_dbm="$l"
+	elif test "$lib_db" = no -a $ac_res = db; then
+		lib_db="$l"
+		break
+	fi
+done
+
+echo $ac_n "checking for NDBM library""... $ac_c" 1>&6
+echo "configure:5551: checking for NDBM library" >&5
+ac_ndbm=no
+if test "$lib_db" != no; then
+	LIB_DBM="$lib_db"
+	ac_ndbm=yes
+	cat >> confdefs.h <<\EOF
+#define HAVE_NEW_DB 1
+EOF
+
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+elif test "$lib_dbm" != no; then
+	LIB_DBM="$lib_dbm"
+	ac_ndbm=yes
+	if test "$LIB_DBM"; then
+		ac_res="yes, $LIB_DBM"
+	else
+		ac_res=yes
+	fi
+else
+	LIB_DBM=""
+	ac_res=no
+fi
+test "$ac_ndbm" = yes && cat >> confdefs.h <<\EOF
+#define NDBM 1
+EOF
+
+DBLIB="$LIB_DBM"
+
+echo "$ac_t""$ac_res" 1>&6
+
+
+
 
 
 
 
 echo $ac_n "checking for syslog""... $ac_c" 1>&6
-echo "configure:5042: checking for syslog" >&5
+echo "configure:5592: checking for syslog" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5048,17 +5598,19 @@ if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
 	for ac_lib in "" syslog; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5055 "configure"
+#line 5607 "configure"
 #include "confdefs.h"
 
 int main() {
 syslog()
 ; return 0; }
 EOF
-if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
 else
@@ -5076,14 +5628,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_syslog"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs syslog"@@@
-@@@libs="$libs syslog"@@@
+@@@libs="$libs "" syslog"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo syslog | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# syslog
+eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_syslog=$ac_res"
 
 case "$ac_res" in
@@ -5122,8 +5674,9 @@ if test -n "$LIB_syslog"; then
 fi
 
 
+
 echo $ac_n "checking for working snprintf""... $ac_c" 1>&6
-echo "configure:5127: checking for working snprintf" >&5
+echo "configure:5680: checking for working snprintf" >&5
 if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5132,7 +5685,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 5136 "configure"
+#line 5689 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -5144,7 +5697,7 @@ int main()
 	return strcmp(foo, "1");
 }
 EOF
-if { (eval echo configure:5148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:5701: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -5159,26 +5712,156 @@ fi
 fi
 
 echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6
-: << END
-@@@funcs="$funcs snprintf"@@@
-END
+
 if test "$ac_cv_func_snprintf_working" = yes; then
-	foo=HAVE_SNPRINTF
 	cat >> confdefs.h <<EOF
-#define $foo 1
+#define HAVE_SNPRINTF 1
 EOF
 
 fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+
+if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
+echo $ac_n "checking if snprintf needs a prototype""... $ac_c" 1>&6
+echo "configure:5727: checking if snprintf needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_snprintf_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5732 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+struct foo { int foo; } xx;
+extern int snprintf (struct foo*);
+snprintf(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:5742: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_snprintf_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_snprintf_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_snprintf_noproto" 1>&6
+
+if test "$ac_cv_func_snprintf_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_SNPRINTF_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+
+echo $ac_n "checking for working glob""... $ac_c" 1>&6
+echo "configure:5769: checking for working glob" >&5
+if eval "test \"`echo '$''{'ac_cv_func_glob_working'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_func_glob_working=yes
+cat > conftest.$ac_ext <<EOF
+#line 5775 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <glob.h>
+int main() {
+
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
+
+; return 0; }
+EOF
+if { (eval echo configure:5786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_func_glob_working=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_glob_working" 1>&6
+
+if test "$ac_cv_func_glob_working" = yes; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_GLOB 1
+EOF
+
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+
+if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
+echo $ac_n "checking if glob needs a prototype""... $ac_c" 1>&6
+echo "configure:5810: checking if glob needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_glob_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5815 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <glob.h>
+int main() {
+struct foo { int foo; } xx;
+extern int glob (struct foo*);
+glob(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:5826: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_glob_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_glob_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_glob_noproto" 1>&6
+
+if test "$ac_cv_func_glob_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GLOB_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+
+if test "$ac_cv_func_glob_working" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h"
+	LIBOBJS="$LIBOBJS glob.o"
+fi
 
 for ac_func in asnprintf asprintf vasprintf vasnprintf vsnprintf
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5177: checking for $ac_func" >&5
+echo "configure:5860: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5182 "configure"
+#line 5865 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5201,7 +5884,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5888: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5226,16 +5909,15 @@ fi
 done
 
 
-
-for ac_func in _getpty _scrsize _setsid _stricmp fchmod fcntl flock
+for ac_func in atexit _getpty _scrsize _setsid _stricmp chroot fattach fchmod
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5234: checking for $ac_func" >&5
+echo "configure:5916: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5239 "configure"
+#line 5921 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5258,7 +5940,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5282,15 +5964,15 @@ else
 fi
 done
 
-for ac_func in forkpty frevoke gethostname getlogin getpriority getservbyname
+for ac_func in fcntl forkpty frevoke getlogin getpriority
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5289: checking for $ac_func" >&5
+echo "configure:5971: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5294 "configure"
+#line 5976 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5313,7 +5995,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5317: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5337,15 +6019,15 @@ else
 fi
 done
 
-for ac_func in getspnam getspuid gettimeofday getuid grantpt
+for ac_func in getrlimit getservbyname getspnam getspuid gettimeofday
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5344: checking for $ac_func" >&5
+echo "configure:6026: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5349 "configure"
+#line 6031 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5368,7 +6050,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5392,15 +6074,15 @@ else
 fi
 done
 
-for ac_func in innetgr iruserok mktime ptsname rand random
+for ac_func in gettosbyname getuid grantpt mktime parsetos ptsname
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5399: checking for $ac_func" >&5
+echo "configure:6081: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5404 "configure"
+#line 6086 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5423,7 +6105,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6109: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5447,15 +6129,15 @@ else
 fi
 done
 
-for ac_func in revoke setitimer setlogin setpgid setpriority
+for ac_func in rand random revoke setitimer setlogin setpgid setpriority
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5454: checking for $ac_func" >&5
+echo "configure:6136: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5459 "configure"
+#line 6141 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5478,7 +6160,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6164: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5505,12 +6187,12 @@ done
 for ac_func in setproctitle setregid setresgid setresuid setreuid setsid
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5509: checking for $ac_func" >&5
+echo "configure:6191: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5514 "configure"
+#line 6196 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5533,7 +6215,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5557,15 +6239,15 @@ else
 fi
 done
 
-for ac_func in setutent swab ttyname ttyslot ulimit uname
+for ac_func in setutent sigaction sysconf sysctl ttyname ttyslot
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5564: checking for $ac_func" >&5
+echo "configure:6246: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5569 "configure"
+#line 6251 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5588,7 +6270,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6274: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5612,15 +6294,15 @@ else
 fi
 done
 
-for ac_func in unlockpt vhangup yp_get_default_domain
+for ac_func in ulimit uname unlockpt vhangup yp_get_default_domain
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5619: checking for $ac_func" >&5
+echo "configure:6301: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5624 "configure"
+#line 6306 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5643,7 +6325,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6329: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5667,10 +6349,68 @@ else
 fi
 done
 
+for ac_func in on_exit sgi_getcapabilitybyname cap_set_proc
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6356: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6361 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6384: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+
+
 
 
 echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6
-echo "configure:5674: checking for getpwnam_r" >&5
+echo "configure:6414: checking for getpwnam_r" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5680,17 +6420,19 @@ if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
 	for ac_lib in "" c_r; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5687 "configure"
+#line 6429 "configure"
 #include "confdefs.h"
 
 int main() {
 getpwnam_r()
 ; return 0; }
 EOF
-if { (eval echo configure:5694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6436: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
 else
@@ -5708,14 +6450,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_getpwnam_r"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs getpwnam_r"@@@
-@@@libs="$libs c_r"@@@
+@@@libs="$libs "" c_r"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo getpwnam_r | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# getpwnam_r
+eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_getpwnam_r=$ac_res"
 
 case "$ac_res" in
@@ -5751,7 +6493,7 @@ esac
 
 if test "$ac_cv_func_getpwnam_r" = yes; then
 	echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6
-echo "configure:5755: checking if getpwnam_r is posix" >&5
+echo "configure:6497: checking if getpwnam_r is posix" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5761,7 +6503,7 @@ else
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 5765 "configure"
+#line 6507 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -5772,7 +6514,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:5776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6518: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_getpwnam_r_posix=yes
 else
@@ -5798,8 +6540,10 @@ fi
 
 
 
+
+
 echo $ac_n "checking for getsockopt""... $ac_c" 1>&6
-echo "configure:5803: checking for getsockopt" >&5
+echo "configure:6547: checking for getsockopt" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5809,10 +6553,12 @@ if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
 	for ac_lib in "" ; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5816 "configure"
+#line 6562 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -5824,7 +6570,7 @@ int main() {
 getsockopt(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:5828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6574: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
 else
@@ -5842,14 +6588,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_getsockopt"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs getsockopt"@@@
-@@@libs="$libs "@@@
+@@@libs="$libs "" "@@@
 END
 
-eval "ac_tr_func=HAVE_`echo getsockopt | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# getsockopt
+eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_getsockopt=$ac_res"
 
 case "$ac_res" in
@@ -5885,8 +6631,9 @@ esac
 
 
 
+
 echo $ac_n "checking for setsockopt""... $ac_c" 1>&6
-echo "configure:5890: checking for setsockopt" >&5
+echo "configure:6637: checking for setsockopt" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -5896,10 +6643,12 @@ if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
 	for ac_lib in "" ; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 5903 "configure"
+#line 6652 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -5911,7 +6660,7 @@ int main() {
 setsockopt(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:5915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6664: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
 else
@@ -5929,14 +6678,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_setsockopt"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs setsockopt"@@@
-@@@libs="$libs "@@@
+@@@libs="$libs "" "@@@
 END
 
-eval "ac_tr_func=HAVE_`echo setsockopt | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# setsockopt
+eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_setsockopt=$ac_res"
 
 case "$ac_res" in
@@ -5974,12 +6723,12 @@ esac
 for ac_func in getudbnam setlim
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5978: checking for $ac_func" >&5
+echo "configure:6727: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5983 "configure"
+#line 6732 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6002,7 +6751,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6755: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6030,8 +6779,9 @@ done
 
 
 
+
 echo $ac_n "checking for res_search""... $ac_c" 1>&6
-echo "configure:6035: checking for res_search" >&5
+echo "configure:6785: checking for res_search" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6041,10 +6791,12 @@ if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
 	for ac_lib in "" resolv; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6048 "configure"
+#line 6800 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6065,7 +6817,7 @@ int main() {
 res_search(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6821: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
 else
@@ -6083,14 +6835,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_res_search"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs res_search"@@@
-@@@libs="$libs resolv"@@@
+@@@libs="$libs "" resolv"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo res_search | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# res_search
+eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_res_search=$ac_res"
 
 case "$ac_res" in
@@ -6132,8 +6884,9 @@ fi
 
 
 
+
 echo $ac_n "checking for dn_expand""... $ac_c" 1>&6
-echo "configure:6137: checking for dn_expand" >&5
+echo "configure:6890: checking for dn_expand" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6143,10 +6896,12 @@ if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
 	for ac_lib in "" resolv; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6150 "configure"
+#line 6905 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6167,7 +6922,7 @@ int main() {
 dn_expand(0,0,0,0,0)
 ; return 0; }
 EOF
-if { (eval echo configure:6171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6926: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
 else
@@ -6185,14 +6940,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_dn_expand"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs dn_expand"@@@
-@@@libs="$libs resolv"@@@
+@@@libs="$libs "" resolv"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo dn_expand | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# dn_expand
+eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_dn_expand=$ac_res"
 
 case "$ac_res" in
@@ -6236,18 +6991,18 @@ for ac_hdr in unistd.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:6240: checking for $ac_hdr" >&5
+echo "configure:6995: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6245 "configure"
+#line 7000 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:6250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out`
+{ (eval echo configure:7005: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
   eval "ac_cv_header_$ac_safe=yes"
@@ -6275,12 +7030,12 @@ done
 for ac_func in getpagesize
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6279: checking for $ac_func" >&5
+echo "configure:7034: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6284 "configure"
+#line 7039 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6303,7 +7058,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6328,7 +7083,7 @@ fi
 done
 
 echo $ac_n "checking for working mmap""... $ac_c" 1>&6
-echo "configure:6332: checking for working mmap" >&5
+echo "configure:7087: checking for working mmap" >&5
 if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6336,7 +7091,7 @@ else
   ac_cv_func_mmap_fixed_mapped=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 6340 "configure"
+#line 7095 "configure"
 #include "confdefs.h"
 
 /* Thanks to Mike Haertel and Jim Avera for this test.
@@ -6476,7 +7231,7 @@ main()
 }
 
 EOF
-if { (eval echo configure:6480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7235: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_mmap_fixed_mapped=yes
 else
@@ -6501,19 +7256,19 @@ fi
 # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
 # for constant arguments.  Useless!
 echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
-echo "configure:6505: checking for working alloca.h" >&5
+echo "configure:7260: checking for working alloca.h" >&5
 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6510 "configure"
+#line 7265 "configure"
 #include "confdefs.h"
 #include <alloca.h>
 int main() {
 char *p = alloca(2 * sizeof(int));
 ; return 0; }
 EOF
-if { (eval echo configure:6517: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7272: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_header_alloca_h=yes
 else
@@ -6534,25 +7289,30 @@ EOF
 fi
 
 echo $ac_n "checking for alloca""... $ac_c" 1>&6
-echo "configure:6538: checking for alloca" >&5
+echo "configure:7293: checking for alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6543 "configure"
+#line 7298 "configure"
 #include "confdefs.h"
 
 #ifdef __GNUC__
 # define alloca __builtin_alloca
 #else
-# if HAVE_ALLOCA_H
-#  include <alloca.h>
+# ifdef _MSC_VER
+#  include <malloc.h>
+#  define alloca _alloca
 # else
-#  ifdef _AIX
- #pragma alloca
+#  if HAVE_ALLOCA_H
+#   include <alloca.h>
 #  else
-#   ifndef alloca /* predefined by HP cc +Olibcalls */
+#   ifdef _AIX
+ #pragma alloca
+#   else
+#    ifndef alloca /* predefined by HP cc +Olibcalls */
 char *alloca ();
+#    endif
 #   endif
 #  endif
 # endif
@@ -6562,7 +7322,7 @@ int main() {
 char *p = (char *) alloca(1);
 ; return 0; }
 EOF
-if { (eval echo configure:6566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_alloca_works=yes
 else
@@ -6587,19 +7347,19 @@ if test $ac_cv_func_alloca_works = no; then
   # that cause trouble.  Some versions do not even contain alloca or
   # contain a buggy version.  If you still want to use their alloca,
   # use ar to extract alloca.o from them instead of compiling alloca.c.
-  ALLOCA=alloca.o
+  ALLOCA=alloca.${ac_objext}
   cat >> confdefs.h <<\EOF
 #define C_ALLOCA 1
 EOF
 
 
 echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
-echo "configure:6598: checking whether alloca needs Cray hooks" >&5
+echo "configure:7358: checking whether alloca needs Cray hooks" >&5
 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6603 "configure"
+#line 7363 "configure"
 #include "confdefs.h"
 #if defined(CRAY) && ! defined(CRAY2)
 webecray
@@ -6624,12 +7384,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6
 if test $ac_cv_os_cray = yes; then
 for ac_func in _getb67 GETB67 getb67; do
   echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6628: checking for $ac_func" >&5
+echo "configure:7388: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6633 "configure"
+#line 7393 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6652,7 +7412,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7416: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6679,7 +7439,7 @@ done
 fi
 
 echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
-echo "configure:6683: checking stack direction for C alloca" >&5
+echo "configure:7443: checking stack direction for C alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6687,7 +7447,7 @@ else
   ac_cv_c_stack_direction=0
 else
   cat > conftest.$ac_ext <<EOF
-#line 6691 "configure"
+#line 7451 "configure"
 #include "confdefs.h"
 find_stack_direction ()
 {
@@ -6706,7 +7466,7 @@ main ()
   exit (find_stack_direction() < 0);
 }
 EOF
-if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7470: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_stack_direction=1
 else
@@ -6734,7 +7494,7 @@ fi
 
 if test "$ac_cv_func_getlogin" = yes; then
 echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6
-echo "configure:6738: checking if getlogin is posix" >&5
+echo "configure:7498: checking if getlogin is posix" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6759,8 +7519,9 @@ fi
 
 
 
+
 echo $ac_n "checking for hstrerror""... $ac_c" 1>&6
-echo "configure:6764: checking for hstrerror" >&5
+echo "configure:7525: checking for hstrerror" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6770,10 +7531,12 @@ if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
 	for ac_lib in "" resolv; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 6777 "configure"
+#line 7540 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -6782,7 +7545,7 @@ int main() {
 hstrerror(17)
 ; return 0; }
 EOF
-if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7549: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
 else
@@ -6800,14 +7563,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_hstrerror"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs hstrerror"@@@
-@@@libs="$libs resolv"@@@
+@@@libs="$libs "" resolv"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo hstrerror | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# hstrerror
+eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_hstrerror=$ac_res"
 
 case "$ac_res" in
@@ -6849,16 +7612,184 @@ if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
 LIBOBJS="$LIBOBJS hstrerror.o"
 fi
 
+if test "$ac_cv_func_hstrerror" = yes; then
+
+if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
+echo $ac_n "checking if hstrerror needs a prototype""... $ac_c" 1>&6
+echo "configure:7620: checking if hstrerror needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_hstrerror_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7625 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int main() {
+struct foo { int foo; } xx;
+extern int hstrerror (struct foo*);
+hstrerror(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:7638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_hstrerror_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_hstrerror_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_hstrerror_noproto" 1>&6
+
+if test "$ac_cv_func_hstrerror_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_HSTRERROR_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+for ac_func in chown daemon err errx fchown flock fnmatch
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7666: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7671 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs chown daemon err errx fchown flock fnmatch"@@@
+END
+done
+
+for ac_func in getcwd getdtablesize gethostname geteuid getgid getegid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7727: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7732 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7755: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs getcwd getdtablesize gethostname geteuid getgid getegid"@@@
+END
+done
 
-for ac_func in chown daemon err errx fchown getcwd getdtablesize getopt
+for ac_func in getopt getusershell inet_aton initgroups innetgr iruserok lstat
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6857: checking for $ac_func" >&5
+echo "configure:7788: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6862 "configure"
+#line 7793 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6881,7 +7812,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7816: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6896,7 +7827,7 @@ fi
 if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -6906,21 +7837,20 @@ else
 LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs chown daemon err errx fchown getcwd getdtablesize getopt"@@@
+@@@funcs="$funcs getopt getusershell inet_aton initgroups innetgr iruserok lstat"@@@
 END
 done
 
-for ac_func in getusershell inet_aton initgroups lstat memmove mkstemp
+for ac_func in memmove mkstemp putenv rcmd readv setegid setenv seteuid
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6919: checking for $ac_func" >&5
+echo "configure:7849: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6924 "configure"
+#line 7854 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6943,7 +7873,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7877: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6958,7 +7888,7 @@ fi
 if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -6968,21 +7898,20 @@ else
 LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs getusershell inet_aton initgroups lstat memmove mkstemp"@@@
+@@@funcs="$funcs memmove mkstemp putenv rcmd readv setegid setenv seteuid"@@@
 END
 done
 
-for ac_func in putenv rcmd setegid setenv seteuid strcasecmp strdup
+for ac_func in strcasecmp strncasecmp strdup strerror strftime strlwr
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6981: checking for $ac_func" >&5
+echo "configure:7910: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6986 "configure"
+#line 7915 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7005,7 +7934,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7938: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7020,7 +7949,7 @@ fi
 if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -7030,21 +7959,20 @@ else
 LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs putenv rcmd setegid setenv seteuid strcasecmp strdup"@@@
+@@@funcs="$funcs strcasecmp strncasecmp strdup strerror strftime strlwr"@@@
 END
 done
 
-for ac_func in strerror strftime strlwr strnlen strtok_r strupr unsetenv
+for ac_func in strndup strnlen strsep strtok_r strupr
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7043: checking for $ac_func" >&5
+echo "configure:7971: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7048 "configure"
+#line 7976 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7067,7 +7995,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7082,7 +8010,7 @@ fi
 if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -7092,21 +8020,20 @@ else
 LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs strerror strftime strlwr strnlen strtok_r strupr unsetenv"@@@
+@@@funcs="$funcs strndup strnlen strsep strtok_r strupr"@@@
 END
 done
 
-for ac_func in verr verrx vwarn vwarnx warn warnx
+for ac_func in swab unsetenv verr verrx vsyslog
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7105: checking for $ac_func" >&5
+echo "configure:8032: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7110 "configure"
+#line 8037 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7129,7 +8056,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:8060: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7144,7 +8071,7 @@ fi
 if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   
-ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'`
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
 cat >> confdefs.h <<EOF
 #define $ac_tr_func 1
 EOF
@@ -7154,17 +8081,269 @@ else
 LIBOBJS="$LIBOBJS ${ac_func}.o"
 fi
 
-# autoheader tricks *sigh*
 : << END
-@@@funcs="$funcs verr verrx vwarn vwarnx warn warnx"@@@
+@@@funcs="$funcs swab unsetenv verr verrx vsyslog"@@@
 END
 done
 
+for ac_func in vwarn vwarnx warn warnx writev
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8093: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8098 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  
+ac_tr_func=HAVE_`echo $ac_func | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`
+cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+LIBOBJS="$LIBOBJS ${ac_func}.o"
+fi
+
+: << END
+@@@funcs="$funcs vwarn vwarnx warn warnx writev"@@@
+END
+done
+
+
+if test "$ac_cv_func_gethostname" = "yes"; then
+
+if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
+echo $ac_n "checking if gethostname needs a prototype""... $ac_c" 1>&6
+echo "configure:8156: checking if gethostname needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostname_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8161 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+int main() {
+struct foo { int foo; } xx;
+extern int gethostname (struct foo*);
+gethostname(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8172: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostname_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostname_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostname_noproto" 1>&6
+
+if test "$ac_cv_func_gethostname_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GETHOSTNAME_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+if test "$ac_cv_func_mkstemp" = "yes"; then
+
+if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
+echo $ac_n "checking if mkstemp needs a prototype""... $ac_c" 1>&6
+echo "configure:8201: checking if mkstemp needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_mkstemp_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8206 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+int main() {
+struct foo { int foo; } xx;
+extern int mkstemp (struct foo*);
+mkstemp(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8217: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_mkstemp_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_mkstemp_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_mkstemp_noproto" 1>&6
+
+if test "$ac_cv_func_mkstemp_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_MKSTEMP_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+if test "$ac_cv_func_inet_aton" = "yes"; then
+
+if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
+echo $ac_n "checking if inet_aton needs a prototype""... $ac_c" 1>&6
+echo "configure:8246: checking if inet_aton needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_inet_aton_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8251 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+int main() {
+struct foo { int foo; } xx;
+extern int inet_aton (struct foo*);
+inet_aton(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8273: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_inet_aton_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_inet_aton_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_inet_aton_noproto" 1>&6
+
+if test "$ac_cv_func_inet_aton_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_INET_ATON_PROTO 1
+EOF
+
+fi
+
+fi
+
+fi
+
+echo $ac_n "checking if realloc is broken""... $ac_c" 1>&6
+echo "configure:8299: checking if realloc is broken" >&5
+if eval "test \"`echo '$''{'ac_cv_func_realloc_broken'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+ac_cv_func_realloc_broken=no
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8309 "configure"
+#include "confdefs.h"
+
+#include <stddef.h>
+#include <stdlib.h>
+
+int main()
+{
+	return realloc(NULL, 17) == NULL;
+}
+
+EOF
+if { (eval echo configure:8321: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_realloc_broken=yes
+fi
+rm -fr conftest*
+fi
+
+
+fi
+
+echo "$ac_t""$ac_cv_func_realloc_broken" 1>&6
+if test "$ac_cv_func_realloc_broken" = yes ; then
+	cat >> confdefs.h <<\EOF
+#define BROKEN_REALLOC 1
+EOF
+
+fi
 
 
 if test "$ac_cv_func_getcwd" = yes; then
 echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6
-echo "configure:7168: checking if getcwd is broken" >&5
+echo "configure:8347: checking if getcwd is broken" >&5
 if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -7175,7 +8354,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 7179 "configure"
+#line 8358 "configure"
 #include "confdefs.h"
 
 #include <errno.h>
@@ -7197,7 +8376,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:7201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8380: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_getcwd_broken=yes
 else
@@ -7226,7 +8405,7 @@ fi
 
 
 echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6
-echo "configure:7230: checking which authentication modules should be built" >&5
+echo "configure:8409: checking which authentication modules should be built" >&5
 
 LIB_AUTH_SUBDIRS=
 
@@ -7234,7 +8413,7 @@ if test "$ac_cv_header_siad_h" = yes; then
 	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
 fi
 
-if test "$ac_cv_header_security_pam_modules_h" = yes; then
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
 	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
 fi
 
@@ -7247,7 +8426,7 @@ echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6
 
 
 echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6
-echo "configure:7251: checking for tunnel devices" >&5
+echo "configure:8430: checking for tunnel devices" >&5
 
 APPL_KIP_DIR=
 
@@ -7260,13 +8439,214 @@ echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6
 
 
 
+echo $ac_n "checking if gethostbyname is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8444: checking if gethostbyname is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyname_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8449 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct hostent *gethostbyname(const char *);
+; return 0; }
+EOF
+if { (eval echo configure:8472: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyname_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostbyname_proto_compat" 1>&6
+
+if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if gethostbyaddr is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8497: checking if gethostbyaddr is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_gethostbyaddr_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8502 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct hostent *gethostbyaddr(const void *, size_t, int);
+; return 0; }
+EOF
+if { (eval echo configure:8525: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_gethostbyaddr_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_gethostbyaddr_proto_compat" 1>&6
+
+if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if getservbyname is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8550: checking if getservbyname is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getservbyname_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8555 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int main() {
+struct servent *getservbyname(const char *, const char *);
+; return 0; }
+EOF
+if { (eval echo configure:8578: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_getservbyname_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_getservbyname_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_getservbyname_proto_compat" 1>&6
+
+if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define GETSERVBYNAME_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if openlog is compatible with system prototype""... $ac_c" 1>&6
+echo "configure:8603: checking if openlog is compatible with system prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_openlog_proto_compat'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8608 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+
+int main() {
+void openlog(const char *, int, int);
+; return 0; }
+EOF
+if { (eval echo configure:8619: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_openlog_proto_compat=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_openlog_proto_compat=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_openlog_proto_compat" 1>&6
+
+if test "$ac_cv_func_openlog_proto_compat" = yes; then
+	cat >> confdefs.h <<\EOF
+#define OPENLOG_PROTO_COMPATIBLE 1
+EOF
+
+fi
+
+
+
+
+if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
 echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6
-echo "configure:7265: checking if crypt needs a prototype" >&5
+echo "configure:8645: checking if crypt needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7270 "configure"
+#line 8650 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_CRYPT_H
@@ -7283,7 +8663,7 @@ crypt(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:7287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8667: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_crypt_noproto=yes"
 else
@@ -7303,20 +8683,63 @@ if test "$ac_cv_func_crypt_noproto" = yes; then
 EOF
 
 fi
-: << END
-@@@syms="$syms NEED_CRYPT_PROTO"@@@
-END
 
+fi
+
+
+
+if test "$ac_cv_func_fclose+set" != set -o "$ac_cv_func_fclose" = yes; then
+echo $ac_n "checking if fclose needs a prototype""... $ac_c" 1>&6
+echo "configure:8694: checking if fclose needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_fclose_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8699 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int fclose (struct foo*);
+fclose(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8711: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_fclose_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_fclose_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_fclose_noproto" 1>&6
+
+if test "$ac_cv_func_fclose_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_FCLOSE_PROTO 1
+EOF
+
+fi
+
+fi
 
 
 
+if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
 echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6
-echo "configure:7315: checking if strtok_r needs a prototype" >&5
+echo "configure:8738: checking if strtok_r needs a prototype" >&5
 if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7320 "configure"
+#line 8743 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -7328,7 +8751,7 @@ strtok_r(&xx);
 
 ; return 0; }
 EOF
-if { (eval echo configure:7332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8755: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_strtok_r_noproto=yes"
 else
@@ -7348,21 +8771,153 @@ if test "$ac_cv_func_strtok_r_noproto" = yes; then
 EOF
 
 fi
-: << END
-@@@syms="$syms NEED_STRTOK_R_PROTO"@@@
-END
 
+fi
+
+
+
+if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
+echo $ac_n "checking if strsep needs a prototype""... $ac_c" 1>&6
+echo "configure:8782: checking if strsep needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_strsep_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8787 "configure"
+#include "confdefs.h"
+
+#include <string.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int strsep (struct foo*);
+strsep(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_strsep_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_strsep_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_strsep_noproto" 1>&6
+
+if test "$ac_cv_func_strsep_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_STRSEP_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
+echo $ac_n "checking if getusershell needs a prototype""... $ac_c" 1>&6
+echo "configure:8826: checking if getusershell needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getusershell_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8831 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+
+int main() {
+struct foo { int foo; } xx;
+extern int getusershell (struct foo*);
+getusershell(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8843: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_getusershell_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_getusershell_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_getusershell_noproto" 1>&6
+
+if test "$ac_cv_func_getusershell_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_GETUSERSHELL_PROTO 1
+EOF
+
+fi
+
+fi
+
+
+
+if test "$ac_cv_func_utime+set" != set -o "$ac_cv_func_utime" = yes; then
+echo $ac_n "checking if utime needs a prototype""... $ac_c" 1>&6
+echo "configure:8870: checking if utime needs a prototype" >&5
+if eval "test \"`echo '$''{'ac_cv_func_utime_noproto'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8875 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+
+int main() {
+struct foo { int foo; } xx;
+extern int utime (struct foo*);
+utime(&xx);
+
+; return 0; }
+EOF
+if { (eval echo configure:8889: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_utime_noproto=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_utime_noproto=no"
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_utime_noproto" 1>&6
+
+if test "$ac_cv_func_utime_noproto" = yes; then
+	cat >> confdefs.h <<\EOF
+#define NEED_UTIME_PROTO 1
+EOF
+
+fi
+
+fi
 
 
 
 echo $ac_n "checking for h_errno""... $ac_c" 1>&6
-echo "configure:7360: checking for h_errno" >&5
+echo "configure:8915: checking for h_errno" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7366 "configure"
+#line 8921 "configure"
 #include "confdefs.h"
 extern int h_errno;
 int foo() { return h_errno; }
@@ -7370,7 +8925,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:7374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:8929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_errno=yes
 else
@@ -7383,29 +8938,23 @@ rm -f conftest*
 
 fi
 
-eval "ac_tr_var=HAVE_H_ERRNO"
-
-
-: << END
-@@@syms="$syms HAVE_H_ERRNO"@@@
-END
 
 
 echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6
 if test `eval echo \\$ac_cv_var_h_errno` = yes; then
 	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+#define HAVE_H_ERRNO 1
 EOF
 
 	
 echo $ac_n "checking if h_errno is properly declared""... $ac_c" 1>&6
-echo "configure:7403: checking if h_errno is properly declared" >&5
+echo "configure:8952: checking if h_errno is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7409 "configure"
+#line 8958 "configure"
 #include "confdefs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -7418,7 +8967,7 @@ int main() {
 h_errno.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7422: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8971: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_errno_declaration=no"
 else
@@ -7432,34 +8981,30 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_H_ERRNO_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_H_ERRNO_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6
 if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_ERRNO_DECLARATION 1
 EOF
 
 fi
 
+
 fi
 
 
 
+
 echo $ac_n "checking for h_errlist""... $ac_c" 1>&6
-echo "configure:7457: checking for h_errlist" >&5
+echo "configure:9002: checking for h_errlist" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7463 "configure"
+#line 9008 "configure"
 #include "confdefs.h"
 extern int h_errlist;
 int foo() { return h_errlist; }
@@ -7467,7 +9012,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:7471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:9016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_errlist=yes
 else
@@ -7480,29 +9025,23 @@ rm -f conftest*
 
 fi
 
-eval "ac_tr_var=HAVE_H_ERRLIST"
-
-
-: << END
-@@@syms="$syms HAVE_H_ERRLIST"@@@
-END
 
 
 echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6
 if test `eval echo \\$ac_cv_var_h_errlist` = yes; then
 	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+#define HAVE_H_ERRLIST 1
 EOF
 
 	
 echo $ac_n "checking if h_errlist is properly declared""... $ac_c" 1>&6
-echo "configure:7500: checking if h_errlist is properly declared" >&5
+echo "configure:9039: checking if h_errlist is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7506 "configure"
+#line 9045 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -7512,7 +9051,7 @@ int main() {
 h_errlist.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9055: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_errlist_declaration=no"
 else
@@ -7526,34 +9065,30 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_H_ERRLIST_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_H_ERRLIST_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6
 if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_ERRLIST_DECLARATION 1
 EOF
 
 fi
 
+
 fi
 
 
 
+
 echo $ac_n "checking for h_nerr""... $ac_c" 1>&6
-echo "configure:7551: checking for h_nerr" >&5
+echo "configure:9086: checking for h_nerr" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7557 "configure"
+#line 9092 "configure"
 #include "confdefs.h"
 extern int h_nerr;
 int foo() { return h_nerr; }
@@ -7561,7 +9096,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:7565: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:9100: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var_h_nerr=yes
 else
@@ -7574,29 +9109,23 @@ rm -f conftest*
 
 fi
 
-eval "ac_tr_var=HAVE_H_NERR"
-
-
-: << END
-@@@syms="$syms HAVE_H_NERR"@@@
-END
 
 
 echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6
 if test `eval echo \\$ac_cv_var_h_nerr` = yes; then
 	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+#define HAVE_H_NERR 1
 EOF
 
 	
 echo $ac_n "checking if h_nerr is properly declared""... $ac_c" 1>&6
-echo "configure:7594: checking if h_nerr is properly declared" >&5
+echo "configure:9123: checking if h_nerr is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7600 "configure"
+#line 9129 "configure"
 #include "confdefs.h"
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -7606,7 +9135,7 @@ int main() {
 h_nerr.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7610: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9139: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_h_nerr_declaration=no"
 else
@@ -7620,34 +9149,30 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_H_NERR_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_H_NERR_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6
 if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_H_NERR_DECLARATION 1
 EOF
 
 fi
 
+
 fi
 
 
 
+
 echo $ac_n "checking for __progname""... $ac_c" 1>&6
-echo "configure:7645: checking for __progname" >&5
+echo "configure:9170: checking for __progname" >&5
 if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7651 "configure"
+#line 9176 "configure"
 #include "confdefs.h"
 extern int __progname;
 int foo() { return __progname; }
@@ -7655,7 +9180,7 @@ int main() {
 foo()
 ; return 0; }
 EOF
-if { (eval echo configure:7659: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:9184: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_var___progname=yes
 else
@@ -7668,29 +9193,23 @@ rm -f conftest*
 
 fi
 
-eval "ac_tr_var=HAVE___PROGNAME"
-
-
-: << END
-@@@syms="$syms HAVE___PROGNAME"@@@
-END
 
 
 echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6
 if test `eval echo \\$ac_cv_var___progname` = yes; then
 	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+#define HAVE___PROGNAME 1
 EOF
 
 	
 echo $ac_n "checking if __progname is properly declared""... $ac_c" 1>&6
-echo "configure:7688: checking if __progname is properly declared" >&5
+echo "configure:9207: checking if __progname is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7694 "configure"
+#line 9213 "configure"
 #include "confdefs.h"
 #ifdef HAVE_ERR_H
 #include <err.h>
@@ -7700,7 +9219,7 @@ int main() {
 __progname.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9223: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var___progname_declaration=no"
 else
@@ -7714,34 +9233,30 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE___PROGNAME_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE___PROGNAME_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6
 if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE___PROGNAME_DECLARATION 1
 EOF
 
 fi
 
+
 fi
 
 
 
+
 echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6
-echo "configure:7739: checking if optarg is properly declared" >&5
+echo "configure:9254: checking if optarg is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7745 "configure"
+#line 9260 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } optarg;
@@ -7749,7 +9264,7 @@ int main() {
 optarg.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7753: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9268: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optarg_declaration=no"
 else
@@ -7763,31 +9278,26 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_OPTARG_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_OPTARG_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6
 if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTARG_DECLARATION 1
 EOF
 
 fi
 
 
+
 echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6
-echo "configure:7785: checking if optind is properly declared" >&5
+echo "configure:9295: checking if optind is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7791 "configure"
+#line 9301 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } optind;
@@ -7795,7 +9305,7 @@ int main() {
 optind.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9309: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optind_declaration=no"
 else
@@ -7809,31 +9319,26 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_OPTIND_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_OPTIND_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6
 if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTIND_DECLARATION 1
 EOF
 
 fi
 
 
+
 echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6
-echo "configure:7831: checking if opterr is properly declared" >&5
+echo "configure:9336: checking if opterr is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7837 "configure"
+#line 9342 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } opterr;
@@ -7841,7 +9346,7 @@ int main() {
 opterr.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9350: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_opterr_declaration=no"
 else
@@ -7855,31 +9360,26 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_OPTERR_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_OPTERR_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6
 if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTERR_DECLARATION 1
 EOF
 
 fi
 
 
+
 echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6
-echo "configure:7877: checking if optopt is properly declared" >&5
+echo "configure:9377: checking if optopt is properly declared" >&5
 if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 7883 "configure"
+#line 9383 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 extern struct { int foo; } optopt;
@@ -7887,7 +9387,7 @@ int main() {
 optopt.foo = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:7891: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9391: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_var_optopt_declaration=no"
 else
@@ -7901,30 +9401,67 @@ rm -f conftest*
 fi
 
 
-ac_tr_var=HAVE_OPTOPT_DECLARATION
-
-
-: << END
-@@@syms="$syms HAVE_OPTOPT_DECLARATION"@@@
-END
 
 
 echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6
 if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
-	cat >> confdefs.h <<EOF
-#define $ac_tr_var 1
+	cat >> confdefs.h <<\EOF
+#define HAVE_OPTOPT_DECLARATION 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking if environ is properly declared""... $ac_c" 1>&6
+echo "configure:9419: checking if environ is properly declared" >&5
+if eval "test \"`echo '$''{'ac_cv_var_environ_declaration'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9425 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+extern struct { int foo; } environ;
+int main() {
+environ.foo = 1;
+; return 0; }
+EOF
+if { (eval echo configure:9433: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_var_environ_declaration=no"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_var_environ_declaration=yes"
+fi
+rm -f conftest*
+
+fi
+
+
+
+
+echo "$ac_t""$ac_cv_var_environ_declaration" 1>&6
+if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_ENVIRON_DECLARATION 1
 EOF
 
 fi
 
 
+
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:7923: checking return type of signal handlers" >&5
+echo "configure:9460: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7928 "configure"
+#line 9465 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -7941,7 +9478,7 @@ int main() {
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:7945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9482: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -7966,119 +9503,376 @@ EOF
 
 fi
 
+
+
+
+echo $ac_n "checking for ut_addr in struct utmp""... $ac_c" 1>&6
+echo "configure:9511: checking for ut_addr in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_addr'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 7971 "configure"
+#line 9517 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_addr;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_user" >/dev/null 2>&1; then
+if { (eval echo configure:9525: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_USER 1
+  ac_cv_type_struct_utmp_ut_addr=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_addr=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_addr" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_ADDR 1
 EOF
 
+	
 fi
-rm -f conftest*
 
+
+
+
+echo $ac_n "checking for ut_host in struct utmp""... $ac_c" 1>&6
+echo "configure:9551: checking for ut_host in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_host'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 7986 "configure"
+#line 9557 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_host;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_host" >/dev/null 2>&1; then
+if { (eval echo configure:9565: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_HOST 1
+  ac_cv_type_struct_utmp_ut_host=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_host=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_host" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_HOST 1
 EOF
 
+	
 fi
-rm -f conftest*
 
+
+
+
+echo $ac_n "checking for ut_id in struct utmp""... $ac_c" 1>&6
+echo "configure:9591: checking for ut_id in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_id'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 8001 "configure"
+#line 9597 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_id;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_addr" >/dev/null 2>&1; then
+if { (eval echo configure:9605: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_ADDR 1
+  ac_cv_type_struct_utmp_ut_id=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_id=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_id" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_ID 1
 EOF
 
+	
 fi
-rm -f conftest*
 
+
+
+
+echo $ac_n "checking for ut_pid in struct utmp""... $ac_c" 1>&6
+echo "configure:9631: checking for ut_pid in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_pid'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 8016 "configure"
+#line 9637 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_pid;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_type" >/dev/null 2>&1; then
+if { (eval echo configure:9645: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_TYPE 1
+  ac_cv_type_struct_utmp_ut_pid=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_pid=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_pid" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_PID 1
 EOF
 
+	
 fi
-rm -f conftest*
 
+
+
+
+echo $ac_n "checking for ut_type in struct utmp""... $ac_c" 1>&6
+echo "configure:9671: checking for ut_type in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_type'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 8031 "configure"
+#line 9677 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_type;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_pid" >/dev/null 2>&1; then
+if { (eval echo configure:9685: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_PID 1
+  ac_cv_type_struct_utmp_ut_type=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_type=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_type" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_TYPE 1
 EOF
 
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_user in struct utmp""... $ac_c" 1>&6
+echo "configure:9711: checking for ut_user in struct utmp" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmp_ut_user'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9717 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmp x; x.ut_user;
+; return 0; }
+EOF
+if { (eval echo configure:9725: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_user=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmp_ut_user=no
 fi
 rm -f conftest*
+fi
 
+echo "$ac_t""$ac_cv_type_struct_utmp_ut_user" 1>&6
+if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMP_UT_USER 1
+EOF
+
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_exit in struct utmpx""... $ac_c" 1>&6
+echo "configure:9751: checking for ut_exit in struct utmpx" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_exit'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 8046 "configure"
+#line 9757 "configure"
 #include "confdefs.h"
-#include <utmp.h>
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmpx x; x.ut_exit;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_id" >/dev/null 2>&1; then
+if { (eval echo configure:9765: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  cat >> confdefs.h <<\EOF
-#define HAVE_UT_ID 1
+  ac_cv_type_struct_utmpx_ut_exit=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_exit=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmpx_ut_exit" 1>&6
+if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMPX_UT_EXIT 1
 EOF
 
+	
+fi
+
+
+
+
+echo $ac_n "checking for ut_syslen in struct utmpx""... $ac_c" 1>&6
+echo "configure:9791: checking for ut_syslen in struct utmpx" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_utmpx_ut_syslen'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9797 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+ #include <utmp.h>
+int main() {
+struct utmpx x; x.ut_syslen;
+; return 0; }
+EOF
+if { (eval echo configure:9805: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_syslen=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_utmpx_ut_syslen=no
 fi
 rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_struct_utmpx_ut_syslen" 1>&6
+if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
+	
+	cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
+EOF
+
+	
+fi
+
+
+
 
+echo $ac_n "checking for struct spwd""... $ac_c" 1>&6
+echo "configure:9831: checking for struct spwd" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_spwd'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
 cat > conftest.$ac_ext <<EOF
-#line 8061 "configure"
+#line 9837 "configure"
 #include "confdefs.h"
-#include <utmpx.h>
+#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+int main() {
+struct spwd foo;
+; return 0; }
 EOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ut_syslen" >/dev/null 2>&1; then
+if { (eval echo configure:9847: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_struct_spwd=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
   rm -rf conftest*
+  ac_cv_struct_spwd=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_struct_spwd" 1>&6
+
+if test "$ac_cv_struct_spwd" = "yes"; then
   cat >> confdefs.h <<\EOF
-#define HAVE_UT_SYSLEN 1
+#define HAVE_STRUCT_SPWD 1
 EOF
 
 fi
-rm -f conftest*
 
 
 echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6
-echo "configure:8077: checking for st_blksize in struct stat" >&5
+echo "configure:9871: checking for st_blksize in struct stat" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8082 "configure"
+#line 9876 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -8086,7 +9880,7 @@ int main() {
 struct stat s; s.st_blksize;
 ; return 0; }
 EOF
-if { (eval echo configure:8090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9884: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_st_blksize=yes
 else
@@ -8110,7 +9904,7 @@ fi
 
 
 echo $ac_n "checking for struct winsize""... $ac_c" 1>&6
-echo "configure:8114: checking for struct winsize" >&5
+echo "configure:9908: checking for struct winsize" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8118,7 +9912,7 @@ else
 ac_cv_struct_winsize=no
 for i in sys/termios.h sys/ioctl.h; do
 cat > conftest.$ac_ext <<EOF
-#line 8122 "configure"
+#line 9916 "configure"
 #include "confdefs.h"
 #include <$i>
 EOF
@@ -8136,10 +9930,11 @@ if test "$ac_cv_struct_winsize" = "yes"; then
   cat >> confdefs.h <<\EOF
 #define HAVE_STRUCT_WINSIZE 1
 EOF
+
 fi
 echo "$ac_t""$ac_cv_struct_winsize" 1>&6
 cat > conftest.$ac_ext <<EOF
-#line 8143 "configure"
+#line 9938 "configure"
 #include "confdefs.h"
 #include <termios.h>
 EOF
@@ -8154,7 +9949,7 @@ fi
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 8158 "configure"
+#line 9953 "configure"
 #include "confdefs.h"
 #include <termios.h>
 EOF
@@ -8172,12 +9967,12 @@ rm -f conftest*
 
 
 echo $ac_n "checking for pid_t""... $ac_c" 1>&6
-echo "configure:8176: checking for pid_t" >&5
+echo "configure:9971: checking for pid_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8181 "configure"
+#line 9976 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -8186,7 +9981,7 @@ else
 #endif
 EOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
   rm -rf conftest*
   ac_cv_type_pid_t=yes
 else
@@ -8205,12 +10000,12 @@ EOF
 fi
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:8209: checking for uid_t in sys/types.h" >&5
+echo "configure:10004: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8214 "configure"
+#line 10009 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -8239,12 +10034,12 @@ EOF
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:8243: checking for off_t" >&5
+echo "configure:10038: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8248 "configure"
+#line 10043 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -8253,7 +10048,7 @@ else
 #endif
 EOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
   rm -rf conftest*
   ac_cv_type_off_t=yes
 else
@@ -8272,12 +10067,12 @@ EOF
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:8276: checking for size_t" >&5
+echo "configure:10071: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8281 "configure"
+#line 10076 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -8286,7 +10081,7 @@ else
 #endif
 EOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
   rm -rf conftest*
   ac_cv_type_size_t=yes
 else
@@ -8305,183 +10100,271 @@ EOF
 fi
 
 
+echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
+echo "configure:10105: checking for ssize_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10110 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "ssize_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_ssize_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_ssize_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_ssize_t" 1>&6
+if test $ac_cv_type_ssize_t = no; then
+  cat >> confdefs.h <<\EOF
+#define ssize_t int
+EOF
 
-echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6
-echo "configure:8311: checking for sa_len in struct sockaddr" >&5
-if eval "test \"`echo '$''{'krb_cv_struct_sockaddr_sa_len'+set}'`\" = set"; then
+fi
+
+
+
+echo $ac_n "checking for broken sys/socket.h""... $ac_c" 1>&6
+echo "configure:10144: checking for broken sys/socket.h" >&5
+if eval "test \"`echo '$''{'krb_cv_header_sys_socket_h_broken'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8317 "configure"
+#line 10150 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/socket.h>
 int main() {
-struct sockaddr sa;
-int foo = sa.sa_len;
+
 ; return 0; }
 EOF
-if { (eval echo configure:8326: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10159: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  krb_cv_struct_sockaddr_sa_len=yes
+  krb_cv_header_sys_socket_h_broken=no
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  krb_cv_struct_sockaddr_sa_len=no
+  krb_cv_header_sys_socket_h_broken=yes
 fi
 rm -f conftest*
+fi
 
+echo "$ac_t""$krb_cv_header_sys_socket_h_broken" 1>&6
+
+
+
+
+
+echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6
+echo "configure:10178: checking for sa_len in struct sockaddr" >&5
+if eval "test \"`echo '$''{'ac_cv_type_struct_sockaddr_sa_len'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10184 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+int main() {
+struct sockaddr x; x.sa_len;
+; return 0; }
+EOF
+if { (eval echo configure:10192: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_struct_sockaddr_sa_len=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_struct_sockaddr_sa_len=no
+fi
+rm -f conftest*
 fi
 
-echo "$ac_t""$krb_cv_struct_sockaddr_sa_len" 1>&6
-if test "$krb_cv_struct_sockaddr_sa_len" = yes; then
+echo "$ac_t""$ac_cv_type_struct_sockaddr_sa_len" 1>&6
+if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
+	
 	cat >> confdefs.h <<\EOF
-#define SOCKADDR_HAS_SA_LEN 1
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
 EOF
 
+	
 fi
 
 
+
+
 if test "$ac_cv_header_siad_h" = yes; then
-echo $ac_n "checking for ouid in struct siaentity""... $ac_c" 1>&6
-echo "configure:8350: checking for ouid in struct siaentity" >&5
-if eval "test \"`echo '$''{'krb_cv_struct_siaentity_ouid'+set}'`\" = set"; then
+
+
+echo $ac_n "checking for ouid in SIAENTITY""... $ac_c" 1>&6
+echo "configure:10221: checking for ouid in SIAENTITY" >&5
+if eval "test \"`echo '$''{'ac_cv_type_siaentity_ouid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8356 "configure"
+#line 10227 "configure"
 #include "confdefs.h"
 #include <siad.h>
-
 int main() {
-SIAENTITY e;
-int foo = e.ouid;
+SIAENTITY x; x.ouid;
 ; return 0; }
 EOF
-if { (eval echo configure:8365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10234: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  krb_cv_struct_siaentity_ouid=yes
+  ac_cv_type_siaentity_ouid=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  krb_cv_struct_siaentity_ouid=no
+  ac_cv_type_siaentity_ouid=no
 fi
 rm -f conftest*
-
 fi
 
-echo "$ac_t""$krb_cv_struct_siaentity_ouid" 1>&6
-if test "$krb_cv_struct_siaentity_ouid" = yes; then
+echo "$ac_t""$ac_cv_type_siaentity_ouid" 1>&6
+if test "$ac_cv_type_siaentity_ouid" = yes; then
+	
 	cat >> confdefs.h <<\EOF
-#define SIAENTITY_HAS_OUID 1
+#define HAVE_SIAENTITY_OUID 1
 EOF
 
+	
 fi
+
+
 fi
 
 
-echo $ac_n "checking for working getmsg""... $ac_c" 1>&6
-echo "configure:8389: checking for working getmsg" >&5
-if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
+for ac_func in getmsg
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:10263: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_getmsg=no
-else
   cat > conftest.$ac_ext <<EOF
-#line 8397 "configure"
+#line 10268 "configure"
 #include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
 
-#include <stdio.h>
+int main() {
 
-int main()
-{
-  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-  return 0;
-}
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
 
+; return 0; }
 EOF
-if { (eval echo configure:8409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
-  ac_cv_func_getmsg=yes
+if { (eval echo configure:10291: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  ac_cv_func_getmsg=no
-fi
-rm -fr conftest*
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
 fi
-
+rm -f conftest*
 fi
 
-echo "$ac_t""$ac_cv_func_getmsg" 1>&6
-test "$ac_cv_func_getmsg" = "yes" &&
-cat >> confdefs.h <<\EOF
-#define HAVE_GETMSG 1
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
 EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
 
 
+if test "$ac_cf_func_getmsg" = "yes"; then
 
-save_LIBS="$LIBS"
-LIBS="$LIB_DBM $LIBS"
-echo $ac_n "checking for berkeley db""... $ac_c" 1>&6
-echo "configure:8434: checking for berkeley db" >&5
-if eval "test \"`echo '$''{'krb_cv_lib_berkeleydb'+set}'`\" = set"; then
+echo $ac_n "checking for working getmsg""... $ac_c" 1>&6
+echo "configure:10319: checking for working getmsg" >&5
+if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test "$cross_compiling" = yes; then
-  krb_cv_lib_berkeleydb=no
+  ac_cv_func_getmsg=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 8442 "configure"
+#line 10327 "configure"
 #include "confdefs.h"
 
-#include <unistd.h>
-#include <fcntl.h>
-#include <ndbm.h>
+#include <stdio.h>
+
 int main()
 {
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if(d == NULL)
-    return 1;
-  dbm_close(d);
-  return access("conftest.db", F_OK) != 0;
+  getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+  return 0;
 }
+
 EOF
-if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10339: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
-  krb_cv_lib_berkeleydb=yes
+  ac_cv_func_getmsg=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -fr conftest*
-  krb_cv_lib_berkeleydb=no
+  ac_cv_func_getmsg=no
 fi
 rm -fr conftest*
 fi
 
 fi
 
-echo "$ac_t""$krb_cv_lib_berkeleydb" 1>&6
-test "$krb_cv_lib_berkeleydb" = "yes" &&
+echo "$ac_t""$ac_cv_func_getmsg" 1>&6
+test "$ac_cv_func_getmsg" = "yes" &&
 cat >> confdefs.h <<\EOF
-#define HAVE_NEW_DB 1
+#define HAVE_GETMSG 1
 EOF
 
-LIBS="$save_LIBS"
+
+fi
+
+
 
 
 
 
 echo $ac_n "checking for el_init""... $ac_c" 1>&6
-echo "configure:8485: checking for el_init" >&5
+echo "configure:10368: checking for el_init" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8491,17 +10374,19 @@ if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
 	for ac_lib in "" edit; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 8498 "configure"
+#line 10383 "configure"
 #include "confdefs.h"
 
 int main() {
 el_init()
 ; return 0; }
 EOF
-if { (eval echo configure:8505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:10390: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
 else
@@ -8519,14 +10404,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_el_init"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs el_init"@@@
-@@@libs="$libs edit"@@@
+@@@libs="$libs "" edit"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo el_init | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# el_init
+eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_el_init=$ac_res"
 
 case "$ac_res" in
@@ -8560,30 +10445,73 @@ EOF
 esac
 
 
+if test "$ac_cv_func_el_init" = yes ; then
+	echo $ac_n "checking for four argument el_init""... $ac_c" 1>&6
+echo "configure:10451: checking for four argument el_init" >&5
+if eval "test \"`echo '$''{'ac_cv_func_el_init_four'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+		cat > conftest.$ac_ext <<EOF
+#line 10457 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+			#include <histedit.h>
+int main() {
+el_init("", NULL, NULL, NULL);
+; return 0; }
+EOF
+if { (eval echo configure:10465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_func_el_init_four=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_func_el_init_four=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_func_el_init_four" 1>&6
+	if test "$ac_cv_func_el_init_four" = yes; then
+		cat >> confdefs.h <<\EOF
+#define HAVE_FOUR_VALUED_EL_INIT 1
+EOF
+
+	fi
+fi
+
+
+save_LIBS="$LIBS"
+LIBS="$LIB_tgetent $LIBS"
+
 
 
 echo $ac_n "checking for readline""... $ac_c" 1>&6
-echo "configure:8567: checking for readline" >&5
+echo "configure:10493: checking for readline" >&5
 if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 if eval "test \"\$ac_cv_func_readline\" != yes" ; then
 	ac_save_LIBS="$LIBS"
-	for ac_lib in "" readline; do
+	for ac_lib in "" edit readline; do
 		if test -n "$ac_lib"; then 
 			ac_lib="-l$ac_lib"
-			LIBS="$ac_lib $ac_save_LIBS"
+		else
+			ac_lib=""
 		fi
+		LIBS="$ac_lib $ac_save_LIBS"
 		cat > conftest.$ac_ext <<EOF
-#line 8580 "configure"
+#line 10508 "configure"
 #include "confdefs.h"
 
 int main() {
 readline()
 ; return 0; }
 EOF
-if { (eval echo configure:8587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:10515: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break
 else
@@ -8601,14 +10529,14 @@ fi
 
 eval "ac_res=\$ac_cv_funclib_readline"
 
-# autoheader tricks *sigh*
 : << END
 @@@funcs="$funcs readline"@@@
-@@@libs="$libs readline"@@@
+@@@libs="$libs "" edit readline"@@@
 END
 
-eval "ac_tr_func=HAVE_`echo readline | tr '[a-z]' '[A-Z]'`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`"
+# readline
+eval "ac_tr_func=HAVE_`echo readline | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
 eval "LIB_readline=$ac_res"
 
 case "$ac_res" in
@@ -8642,43 +10570,25 @@ EOF
 esac
 
 
-
-if test "$with_readline"; then
-	cat >> confdefs.h <<\EOF
-#define HAVE_READLINE 1
-EOF
-
-	editline_OBJS=
-	LIB_readline="$READLINELIB "'$(LIB_tgetent)'
-	INCLUDE_readline="$READLINEINCLUDE"
-elif test "$ac_cv_func_el_init" = yes; then
-	cat >> confdefs.h <<\EOF
-#define HAVE_READLINE 1
-EOF
-
-
-	editline_OBJS=edit_compat.o
-	LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)'
-
-	INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+LIBS="$save_LIBS"
+el_yes="# "
+if test "$with_readline" -a "$with_readline" != "no"; then
+	:
 elif test "$ac_cv_func_readline" = yes; then
-	cat >> confdefs.h <<\EOF
-#define HAVE_READLINE 1
-EOF
-
-	editline_OBJS=
-	LIB_readline='-lreadline $(LIB_tgetent)'
 	INCLUDE_readline=
+elif test "$ac_cv_func_el_init" = yes; then
+	el_yes=
+	LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init"
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
 else
-	cat >> confdefs.h <<\EOF
+	LIB_readline='-L$(top_builddir)/lib/editline -leditline'
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
+fi
+LIB_readline="$LIB_readline \$(LIB_tgetent)"
+cat >> confdefs.h <<\EOF
 #define HAVE_READLINE 1
 EOF
 
-	editline_OBJS="editline.o complete.o sysunix.o"
-	LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)'
-	INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
-fi
-
 
 
 
@@ -8708,7 +10618,7 @@ EOF
 # And also something wierd has happend with dec-osf1, fallback to bsd-ptys
 
 echo $ac_n "checking for streamspty""... $ac_c" 1>&6
-echo "configure:8712: checking for streamspty" >&5
+echo "configure:10622: checking for streamspty" >&5
 case "`uname -sr`" in
 SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
 	krb_cv_sys_streamspty=no
@@ -8734,7 +10644,7 @@ fi
 echo "$ac_t""$krb_cv_sys_streamspty" 1>&6
 
 echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6
-echo "configure:8738: checking if /bin/ls takes -A" >&5
+echo "configure:10648: checking if /bin/ls takes -A" >&5
 if /bin/ls -A > /dev/null 2>&1 ;then
 	cat >> confdefs.h <<\EOF
 #define HAVE_LS_A 1
@@ -8747,7 +10657,7 @@ fi
 echo "$ac_t""$krb_ls_a" 1>&6
 	
 echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6
-echo "configure:8751: checking for suffix of preformatted manual pages" >&5
+echo "configure:10661: checking for suffix of preformatted manual pages" >&5
 if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8767,10 +10677,7 @@ fi
 
 
 
-KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs'
-if test "$krb_cv_sys_aix" = yes; then
-	KRB_KAFS_LIB="$KRB_KAFS_LIB -lld"
-fi
+KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS"
 
 
 
@@ -8780,7 +10687,7 @@ test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
 
 for i in bin lib libexec sbin; do
 	i=${i}dir
-	foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
+	HAVE_SIAENTITY_OUID=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'`
 	x="\$${i}"
 	eval y="$x"
 	while test "x$y" != "x$x"; do
@@ -8788,7 +10695,7 @@ for i in bin lib libexec sbin; do
 		eval y="$x"
 	done
 	cat >> confdefs.h <<EOF
-#define $foo "$x"
+#define $HAVE_SIAENTITY_OUID "$x"
 EOF
 
 done
@@ -8816,7 +10723,7 @@ EOF
 # Ultrix sh set writes to stderr and can't be redirected directly,
 # and sets the high bit in the cache file unless we assign to the vars.
 (set) 2>&1 |
-  case `(ac_space=' '; set) 2>&1 | grep '^ac_space'` in
+  case `(ac_space=' '; set | grep ac_space) 2>&1` in
   *ac_space=\ *)
     # `set' does not quote correctly, so add quotes (double-quote substitution
     # turns \\\\ into \\, and sed turns \\ into \).
@@ -8883,7 +10790,7 @@ do
     echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
     exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
   -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
-    echo "$CONFIG_STATUS generated by autoconf version 2.12"
+    echo "$CONFIG_STATUS generated by autoconf version 2.13"
     exit 0 ;;
   -help | --help | --hel | --he | --h)
     echo "\$ac_cs_usage"; exit 0 ;;
@@ -8899,12 +10806,10 @@ Makefile 					\
 include/Makefile				\
 include/sys/Makefile				\
 						\
-util/Makefile					\
-util/et/Makefile				\
-						\
 man/Makefile					\
 						\
 lib/Makefile					\
+lib/com_err/Makefile				\
 lib/des/Makefile				\
 lib/krb/Makefile				\
 lib/kdb/Makefile				\
@@ -8915,6 +10820,7 @@ lib/roken/Makefile				\
 lib/otp/Makefile				\
 lib/sl/Makefile					\
 lib/editline/Makefile				\
+lib/rxkad/Makefile				\
 lib/auth/Makefile				\
 lib/auth/pam/Makefile				\
 lib/auth/sia/Makefile				\
@@ -8939,8 +10845,9 @@ appl/telnet/telnet/Makefile			\
 appl/telnet/telnetd/Makefile			\
 appl/bsd/Makefile 				\
 appl/kauth/Makefile				\
-appl/kpopper/Makefile				\
+appl/popper/Makefile				\
 appl/movemail/Makefile				\
+appl/push/Makefile				\
 appl/sample/Makefile				\
 appl/xnlock/Makefile				\
 appl/kx/Makefile				\
@@ -8956,9 +10863,11 @@ sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
  s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
 $ac_vpsub
 $extrasub
+s%@SHELL@%$SHELL%g
 s%@CFLAGS@%$CFLAGS%g
 s%@CPPFLAGS@%$CPPFLAGS%g
 s%@CXXFLAGS@%$CXXFLAGS%g
+s%@FFLAGS@%$FFLAGS%g
 s%@DEFS@%$DEFS%g
 s%@LDFLAGS@%$LDFLAGS%g
 s%@LIBS@%$LIBS%g
@@ -8984,6 +10893,7 @@ s%@host_alias@%$host_alias%g
 s%@host_cpu@%$host_cpu%g
 s%@host_vendor@%$host_vendor%g
 s%@host_os@%$host_os%g
+s%@CANONICAL_HOST@%$CANONICAL_HOST%g
 s%@SET_MAKE@%$SET_MAKE%g
 s%@LN_S@%$LN_S%g
 s%@CC@%$CC%g
@@ -8993,13 +10903,29 @@ s%@LEX@%$LEX%g
 s%@LEXLIB@%$LEXLIB%g
 s%@RANLIB@%$RANLIB%g
 s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
 s%@INSTALL_DATA@%$INSTALL_DATA%g
+s%@AWK@%$AWK%g
 s%@MAKEINFO@%$MAKEINFO%g
-s%@SOCKSINCLUDE@%$SOCKSINCLUDE%g
-s%@SOCKSLIB@%$SOCKSLIB%g
+s%@WFLAGS@%$WFLAGS%g
+s%@WFLAGS_NOUNUSED@%$WFLAGS_NOUNUSED%g
+s%@WFLAGS_NOIMPLICITINT@%$WFLAGS_NOIMPLICITINT%g
+s%@INCLUDE_socks@%$INCLUDE_socks%g
+s%@LIB_socks@%$LIB_socks%g
 s%@CRACKLIB@%$CRACKLIB%g
-s%@READLINEINCLUDE@%$READLINEINCLUDE%g
-s%@READLINELIB@%$READLINELIB%g
+s%@LIB_otp@%$LIB_otp%g
+s%@OTP_dir@%$OTP_dir%g
+s%@LIB_security@%$LIB_security%g
+s%@AFSWS@%$AFSWS%g
+s%@LIB_SUBDIRS@%$LIB_SUBDIRS%g
+s%@disable_cat_manpages@%$disable_cat_manpages%g
+s%@INCLUDE_readline@%$INCLUDE_readline%g
+s%@LIB_readline@%$LIB_readline%g
+s%@INCLUDE_hesiod@%$INCLUDE_hesiod%g
+s%@LIB_hesiod@%$LIB_hesiod%g
+s%@LINK@%$LINK%g
+s%@lib_deps_yes@%$lib_deps_yes%g
+s%@lib_deps_no@%$lib_deps_no%g
 s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g
 s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g
 s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g
@@ -9010,10 +10936,18 @@ s%@LD_FLAGS@%$LD_FLAGS%g
 s%@LIBEXT@%$LIBEXT%g
 s%@LIBPREFIX@%$LIBPREFIX%g
 s%@EXECSUFFIX@%$EXECSUFFIX%g
+s%@build_symlink_command@%$build_symlink_command%g
+s%@install_symlink_command@%$install_symlink_command%g
+s%@install_symlink_command2@%$install_symlink_command2%g
+s%@LIB_dlopen@%$LIB_dlopen%g
 s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g
 s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g
-s%@ac_cv_header_sys_cdefs_h@%$ac_cv_header_sys_cdefs_h%g
-s%@ac_cv_header_err_h@%$ac_cv_header_err_h%g
+s%@AFS_EXTRA_LD@%$AFS_EXTRA_LD%g
+s%@AFS_EXTRA_DEFS@%$AFS_EXTRA_DEFS%g
+s%@AIX_EXTRA_KAFS@%$AIX_EXTRA_KAFS%g
+s%@EXTRA_HEADERS@%$EXTRA_HEADERS%g
+s%@EXTRA_LOCL_HEADERS@%$EXTRA_LOCL_HEADERS%g
+s%@LIB_crypt@%$LIB_crypt%g
 s%@LIB_socket@%$LIB_socket%g
 s%@LIB_gethostbyname@%$LIB_gethostbyname%g
 s%@LIB_odm_initialize@%$LIB_odm_initialize%g
@@ -9028,12 +10962,13 @@ s%@X_LIBS@%$X_LIBS%g
 s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g
 s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g
 s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g
+s%@LIB_XauWriteAuth@%$LIB_XauWriteAuth%g
 s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g
-s%@XauWriteAuth_c@%$XauWriteAuth_c%g
-s%@XauWriteAuth_o@%$XauWriteAuth_o%g
-s%@LIB_dbopen@%$LIB_dbopen%g
-s%@LIB_dbm_firstkey@%$LIB_dbm_firstkey%g
+s%@LIB_XauFileName@%$LIB_XauFileName%g
+s%@NEED_WRITEAUTH_TRUE@%$NEED_WRITEAUTH_TRUE%g
+s%@NEED_WRITEAUTH_FALSE@%$NEED_WRITEAUTH_FALSE%g
 s%@LIB_DBM@%$LIB_DBM%g
+s%@DBLIB@%$DBLIB%g
 s%@LIB_syslog@%$LIB_syslog%g
 s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g
 s%@LIB_getsockopt@%$LIB_getsockopt%g
@@ -9045,10 +10980,9 @@ s%@LIB_hstrerror@%$LIB_hstrerror%g
 s%@LIBOBJS@%$LIBOBJS%g
 s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g
 s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g
+s%@krb_cv_header_sys_socket_h_broken@%$krb_cv_header_sys_socket_h_broken%g
 s%@LIB_el_init@%$LIB_el_init%g
-s%@LIB_readline@%$LIB_readline%g
-s%@INCLUDE_readline@%$INCLUDE_readline%g
-s%@editline_OBJS@%$editline_OBJS%g
+s%@el_yes@%$el_yes%g
 s%@CATSUFFIX@%$CATSUFFIX%g
 s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g
 
@@ -9097,12 +11031,10 @@ Makefile 					\
 include/Makefile				\
 include/sys/Makefile				\
 						\
-util/Makefile					\
-util/et/Makefile				\
-						\
 man/Makefile					\
 						\
 lib/Makefile					\
+lib/com_err/Makefile				\
 lib/des/Makefile				\
 lib/krb/Makefile				\
 lib/kdb/Makefile				\
@@ -9113,6 +11045,7 @@ lib/roken/Makefile				\
 lib/otp/Makefile				\
 lib/sl/Makefile					\
 lib/editline/Makefile				\
+lib/rxkad/Makefile				\
 lib/auth/Makefile				\
 lib/auth/pam/Makefile				\
 lib/auth/sia/Makefile				\
@@ -9137,8 +11070,9 @@ appl/telnet/telnet/Makefile			\
 appl/telnet/telnetd/Makefile			\
 appl/bsd/Makefile 				\
 appl/kauth/Makefile				\
-appl/kpopper/Makefile				\
+appl/popper/Makefile				\
 appl/movemail/Makefile				\
+appl/push/Makefile				\
 appl/sample/Makefile				\
 appl/xnlock/Makefile				\
 appl/kx/Makefile				\
@@ -9323,12 +11257,11 @@ chmod +x $CONFIG_STATUS
 rm -fr confdefs* $ac_clean_files
 test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
  
-KRB4VERSION="$PACKAGE-$VERSION"
 
-cat > include/newversion.h.in <<EOF
-char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
-char *krb4_version = "$KRB4VERSION";
-EOF
+cat > include/newversion.h.in <<FOOBAR
+char *${PACKAGE}_long_version = "@(#)\$Version: $PACKAGE-$VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
+char *${PACKAGE}_version = "$PACKAGE-$VERSION";
+FOOBAR
 
 if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
 	echo "include/version.h is unchanged"
@@ -9341,3 +11274,4 @@ else
 	mv -f include/newversion.h.in include/version.h.in
 	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
 fi
+
diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in
index 9265666..ec17759 100644
--- a/crypto/kerberosIV/configure.in
+++ b/crypto/kerberosIV/configure.in
@@ -8,7 +8,7 @@ dnl
 
 dnl Process this file with autoconf to produce a configure script.
 dnl
-AC_REVISION($Revision: 1.285 $)
+AC_REVISION($Revision: 1.415.2.9 $)
 AC_INIT(lib/krb/getrealm.c)
 AC_CONFIG_HEADER(include/config.h)
 
@@ -18,12 +18,37 @@ dnl
 
 PACKAGE=krb4
 AC_SUBST(PACKAGE)dnl
-VERSION=0.9.6
+VERSION=0.10.1
 AC_SUBST(VERSION)dnl
+AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl
+AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl
+
 # This may be overridden using --prefix=/usr to configure
 AC_PREFIX_DEFAULT(/usr/athena)
 
 AC_CANONICAL_HOST
+CANONICAL_HOST=$host
+AC_SUBST(CANONICAL_HOST)
+
+dnl OS specific defines
+
+sunos=no
+case "$host" in 
+*-*-sunos4*)
+	sunos=40
+	;;
+*-*-solaris2.7)
+	sunos=57
+	;;
+*-*-solaris2*)
+	sunos=50
+	;;
+esac
+if test "$sunos" != no; then
+	AC_DEFINE_UNQUOTED(SunOS, $sunos, 
+		[Define to what version of SunOS you are running.])
+fi
+
 AC_PROG_MAKE_SET
 AC_ARG_PROGRAM
 
@@ -42,19 +67,43 @@ AC_KRB_PROG_YACC
 AC_PROG_LEX
 AC_PROG_RANLIB
 AC_PROG_INSTALL
+dnl AC_PROG_AWK
+dnl mawk seems to mishandle \# in lib/roken/roken.awk
+AC_CHECK_PROGS(AWK, gawk nawk awk, )
 AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :)
 
+dnl Use make Wall or make WFLAGS=".."
+WFLAGS=""
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+AC_SUBST(WFLAGS) dnl
+AC_SUBST(WFLAGS_NOUNUSED) dnl
+AC_SUBST(WFLAGS_NOIMPLICITINT) dnl
+
 dnl
 dnl check for build options
 dnl
 
-AC_TEST_PACKAGE(socks,socks.h,libsocks5.a,-lsocks5)
-CFLAGS="$SOCKSINCLUDE $CFLAGS"
-LIBS="$SOCKSLIB $LIBS"
+AC_TEST_PACKAGE_NEW(socks,[#include <socks.h>],-lsocks5)
+CFLAGS="$INCLUDE_socks $CFLAGS"
+LIBS="$LIB_socks $LIBS"
+
+AC_ARG_ENABLE(legacy-kdestroy,
+[  --enable-legacy-kdestroy    kdestroy doesn't destroy tokens by default],[
+if test "$enableval" = "yes"; then
+	AC_DEFINE(LEGACY_KDESTROY,1, [Define to enable old kdestroy behavior.])
+fi
+])
 
-dnl Check if we want to use shared libraries
-AC_ARG_WITH(shared,
-[  --with-shared           create shared libraries for Kerberos])
+AC_ARG_ENABLE(match-subdomains,
+[  --enable-match-subdomains	match realm in subdomains],
+[if test "$enableval" = "yes"; then
+	AC_DEFINE(MATCH_SUBDOMAINS,1, [Define if you want to match subdomains.])
+fi
+])
+
+AC_ARG_WITH(ld-flags,
+[  --with-ld-flags=flags   what flags use when linking])
 
 AC_ARG_WITH(cracklib,
 [  --with-cracklib=dir     use the cracklib.a in dir],
@@ -73,26 +122,73 @@ AC_MSG_RESULT(Using cracklib in $with_cracklib)
 AC_SUBST(CRACKLIB)dnl
 test -n "$with_dictpath" &&
 AC_MSG_RESULT(Using dictpath=$with_dictpath) &&
-AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath")
+AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath", [Define this to be the directory where the 
+	dictionary for cracklib resides.])
 
 AC_ARG_WITH(mailspool,
 [  --with-mailspool=dir    this is the mail spool directory]
 )
 
 test -n "$with_mailspool" &&
-AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool")
+AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool", [Define this to the path of the mail spool directory.])
+
+AC_ARG_WITH(db-dir,
+[  --with-db-dir=dir	   this is the database directory (default /var/kerberos)])
+
+test -n "$with_db_dir" &&
+AC_DEFINE_UNQUOTED(DB_DIR, "$with_db_dir", [Define this to the kerberos database directory.])
 
 AC_ARG_ENABLE(random-mkey,
 [  --enable-random-mkey    use new code for master keys],[
 if test "$enableval" = "yes"; then
-	AC_DEFINE(RANDOM_MKEY,1)
+	AC_DEFINE(RANDOM_MKEY,1, [Define to enable new master key code.])
 fi
 ])
 
 AC_ARG_WITH(mkey,
 [  --with-mkey=file        where to put the master key],[
 if test -n "$withval"; then
-	AC_DEFINE_UNQUOTED(MKEYFILE,"$withval")
+	AC_DEFINE_UNQUOTED(MKEYFILE,"$withval", [Define this to the location of the master key.])
+fi
+])
+
+otp=yes
+AC_ARG_ENABLE(otp,
+[  --disable-otp           if you don't want OTP support],
+[
+if test "$enableval" = "no"; then
+	otp=no
+fi
+])
+
+if test "$otp" = "yes"; then
+	AC_DEFINE(OTP)
+	LIB_otp='-L$(top_builddir)/lib/otp -lotp'
+	OTP_dir=otp
+	LIB_SUBDIRS="$LIB_SUBDIRS otp"
+fi
+AC_SUBST(LIB_otp)
+AC_SUBST(OTP_dir)
+
+AC_CHECK_OSFC2
+
+mmap=yes
+AC_ARG_ENABLE(mmap,
+[  --disable-mmap          disable use of mmap],
+[
+if test "$enableval" = "no"; then
+	mmap=no
+fi
+])
+if test "$mmap" = "no"; then
+	AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
+fi
+
+aix_dynamic_afs=yes
+AC_ARG_ENABLE(dynamic-afs,
+[  --disable-dynamic-afs   don't use loaded AFS library with AIX],[
+if test "$enableval" = "no"; then
+	aix_dynamic_afs=no
 fi
 ])
 
@@ -108,7 +204,7 @@ afs_support=yes
 AC_ARG_WITH(afs-support,
 [  --without-afs-support   if you don't want support for afs],[
 if test "$withval" = no; then
-	AC_DEFINE(NO_AFS)
+	AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.])
 	afs_support=no
 fi
 ])
@@ -120,129 +216,53 @@ AC_ARG_WITH(des-quad-checksum,
 des_quad="$withval"
 ])
 if test "$des_quad" = "new"; then
-	AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_NEW)
+	ac_x=DES_QUAD_NEW
 elif test "$des_quad" = "old"; then
-	AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_OLD)
+	ac_x=DES_QUAD_OLD
 else
-	AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_GUESS)
+	ac_x=DES_QUAD_GUESS
 fi	
+AC_DEFINE_UNQUOTED(DES_QUAD_DEFAULT,$ac_x, 
+	[Set this to the type of des-quad-cheksum to use.])
 
-AC_TEST_PACKAGE(readline,readline.h,libreadline.a,-lreadline)
-
-dnl
-dnl Shared library stuff has to be different everywhere
-dnl
-
-AC_SUBST(CFLAGS)dnl
-AC_SUBST(LDFLAGS)dnl
+AC_ARG_WITH(afsws,
+[  --with-afsws=dir        use AFS includes and libraries from dir=/usr/afsws],
+AFSWS=$withval,
+AFSWS=/usr/afsws
+)
+test "$AFSWS" = "yes" && AFSWS=/usr/afsws
+AC_SUBST(AFSWS)
 
-case ${with_shared} in
-  yes ) with_shared=yes;;
-  no  ) with_shared=no;;
-  *   ) with_shared=no;;
-esac
+AC_ARG_ENABLE(rxkad,
+[  --enable-rxkad           build rxkad library],,[
+test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
+])
 
-# NOTE: Building shared libraries may not work if you do not use gcc!
-#
-# OS		$SHLIBEXT
-# HP-UX		sl
-# Linux		so
-# NetBSD	so
-# FreeBSD	so
-# OSF		so
-# SunOS5	so
-# SunOS4	so.0.5
-# Irix		so
-#
-# LIBEXT is the extension we should build (.a or $SHLIBEXT)
-REAL_PICFLAGS="-fpic"
-LDSHARED='$(CC) $(PICFLAGS) -shared'
-LIBPREFIX=lib
-REAL_SHLIBEXT=so
-changequote({,})dnl
-SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
-changequote([,])dnl
-case "${host}" in
-*-*-hpux*)
-	REAL_SHLIBEXT=sl
-	REAL_LD_FLAGS='-Wl,+b$(libdir)'
-	if test -z "$GCC"; then
-		LDSHARED="ld -b"
-		REAL_PICFLAGS="+z"
-	fi
-	;;
-*-*-linux*)
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	;;
-*-*-*bsd*)
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	LDSHARED='ld -Bshareable'
-	REAL_LD_FLAGS='-Wl,-R$(libdir)'
-	;;
-*-*-osf*)
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	REAL_PICFLAGS=
-	LDSHARED='ld -shared -expect_unresolved \*'
-	;;
-*-*-solaris2*)
-	REAL_LD_FLAGS='-Wl,-R$(libdir)'
-	if test -z "$GCC"; then
-		LDSHARED='$(CC) -G'
-		REAL_PICFLAGS="-Kpic"
-	fi
-	;;
-*-*-sunos*)
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	REAL_LD_FLAGS='-Wl,-L$(libdir)'
-	;;
-*-*-irix*)
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	REAL_PICFLAGS=
-	;;
-*-*-os2_emx*)
-	LD_FLAGS='-Zexe'
-	LIBPREFIX=
-	EXECSUFFIX='.exe'
-	RANLIB=EMXOMF
-	REAL_SHLIBEXT=nobuild
-	;;
-*-*-cygwin32*)
-	EXECSUFFIX='.exe'
-	REAL_SHLIBEXT=nobuild
-	;;
-*)	REAL_SHLIBEXT=nobuild
-	REAL_PICFLAGS= 
-	;;
-esac
+if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
+	LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
+fi
+AC_SUBST(LIB_SUBDIRS)
 
-if test "${with_shared}" != "yes" ; then 
- PICFLAGS=""
- SHLIBEXT="nobuild"
- LIBEXT="a"
-else
- PICFLAGS="$REAL_PICFLAGS"
- SHLIBEXT="$REAL_SHLIBEXT"
- LIBEXT="$SHLIBEXT"
- LD_FLAGS="$REAL_LD_FLAGS"
+AC_ARG_ENABLE(cat-manpages,
+[  --disable-cat-manpages   don't install any preformatted manpages],
+[
+if test "$enableval" = "no"; then
+	disable_cat_manpages=yes
 fi
+])
 
-AC_SUBST(REAL_PICFLAGS) dnl
-AC_SUBST(REAL_SHLIBEXT) dnl
-AC_SUBST(REAL_LD_FLAGS) dnl
+AC_SUBST(disable_cat_manpages)dnl
 
-AC_SUBST(PICFLAGS) dnl
-AC_SUBST(SHLIBEXT) dnl
-AC_SUBST(LDSHARED) dnl
-AC_SUBST(LD_FLAGS) dnl
-AC_SUBST(LIBEXT) dnl
-AC_SUBST(LIBPREFIX) dnl
-AC_SUBST(EXECSUFFIX) dnl
+AC_TEST_PACKAGE_NEW(readline,[
+#include <stdio.h>
+#include <readline.h>
+],-lreadline)
 
-dnl
-dnl Check if we need to use weak-stuff
-dnl
+AC_MIPS_ABI
+
+AC_TEST_PACKAGE_NEW(hesiod,[#include <hesiod.h>],-lhesiod)
 
-AC_HAVE_PRAGMA_WEAK
+AC_SHARED_LIBS
 
 dnl
 dnl Check for endian-ness, this breaks cross compilation
@@ -255,6 +275,16 @@ dnl
 AC_C_CONST
 
 dnl
+dnl Check for inline keyword
+dnl
+AC_C_INLINE
+
+dnl
+dnl Check for __attribute__
+dnl
+AC_C___ATTRIBUTE__
+
+dnl
 dnl Check for strange operating systems that you need to handle differently
 dnl
 
@@ -262,10 +292,36 @@ AC_KRB_SYS_NEXTSTEP
 AC_KRB_SYS_AIX
 
 if test "$krb_cv_sys_aix" = yes ;then
-	AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o'
-	AC_SUBST(AFS_EXTRA_OBJS)
-	AFS_EXTRA_LIBS=afslib.so
-	AC_SUBST(AFS_EXTRA_LIBS)
+	if test "$aix_dynamic_afs" = yes; then
+		AFS_EXTRA_OBJS=
+		AFS_EXTRA_LIBS=afslib.so
+		# this works differently in AIX <=3 and 4
+		if test `uname -v` = 4 ; then
+			AFS_EXTRA_LD="-bnoentry"
+		else
+			AFS_EXTRA_LD="-e _nostart"
+		fi
+		AFS_EXTRA_DEFS=
+		AC_FIND_FUNC_NO_LIBS(dlopen, dl)
+		if test "$ac_cv_funclib_dlopen" = yes; then
+			AIX_EXTRA_KAFS=
+		elif test "$ac_cv_funclib_dlopen" != no; then
+			AIX_EXTRA_KAFS="$ac_cv_funclib_dlopen"
+		else
+			AFS_EXTRA_OBJS="$AFS_EXTRA_OBJS dlfcn.o"
+			AIX_EXTRA_KAFS=-lld
+		fi
+	else
+		AFS_EXTRA_OBJS='$(srcdir)/afsl.exp afslib.o'
+		AFS_EXTRA_LIBS=
+		AFS_EXTRA_DEFS='-DSTATIC_AFS_SYSCALLS'
+		AIX_EXTRA_KAFS=
+	fi
+	AC_SUBST(AFS_EXTRA_OBJS)dnl
+	AC_SUBST(AFS_EXTRA_LIBS)dnl
+	AC_SUBST(AFS_EXTRA_LD)dnl
+	AC_SUBST(AFS_EXTRA_DEFS)dnl
+	AC_SUBST(AIX_EXTRA_KAFS)dnl
 fi
 
 #
@@ -274,7 +330,7 @@ fi
 #
 
 if test -f /lib/pse.exp ;then
-	LIBS="$LIBS -Wl,-bI:/lib/pse.exp"
+	LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
 fi
 
 dnl
@@ -283,40 +339,150 @@ dnl
 
 AC_HEADER_STDC
 
-AC_CHECK_HEADERS(arpa/ftp.h arpa/inet.h arpa/nameser.h)
-AC_CHECK_HEADERS(arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h)
-AC_CHECK_HEADERS(crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h)
-AC_CHECK_HEADERS(lastlog.h login.h maillock.h ndbm.h net/if.h)
-AC_CHECK_HEADERS(net/if_tun.h net/if_var.h netdb.h netinet/in.h)
-AC_CHECK_HEADERS(netinet/in6_machtypes.h netinet/in_systm.h)
-AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h)
-AC_CHECK_HEADERS(resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h)
-AC_CHECK_HEADERS(shadow.h siad.h signal.h stropts.h sys/bitypes.h)
-AC_CHECK_HEADERS(sys/category.h sys/cdefs.h sys/file.h sys/filio.h)
-AC_CHECK_HEADERS(sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h)
-AC_CHECK_HEADERS(sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h)
-AC_CHECK_HEADERS(sys/resource.h sys/select.h sys/socket.h)
-AC_CHECK_HEADERS(sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h)
-AC_CHECK_HEADERS(sys/stropts.h sys/strtty.h sys/syscall.h)
-AC_CHECK_HEADERS(sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h)
-AC_CHECK_HEADERS(sys/times.h sys/tty.h sys/types.h sys/uio.h)
-AC_CHECK_HEADERS(sys/un.h sys/utsname.h sys/wait.h syslog.h)
-AC_CHECK_HEADERS(termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h)
-AC_CHECK_HEADERS(unistd.h userpw.h usersec.h util.h utime.h utmp.h)
-AC_CHECK_HEADERS(utmpx.h wait.h winsock.h)
+AC_CHECK_HEADERS([arpa/ftp.h			\
+	arpa/inet.h				\
+	arpa/nameser.h				\
+	arpa/telnet.h				\
+	bsd/bsd.h				\
+	bsdsetjmp.h				\
+	capability.h				\
+	crypt.h					\
+	curses.h				\
+	db.h					\
+	dbm.h					\
+	dirent.h				\
+	err.h					\
+	errno.h					\
+	fcntl.h					\
+	fnmatch.h				\
+	grp.h					\
+	inttypes.h				\
+	io.h					\
+	lastlog.h				\
+	libutil.h				\
+	limits.h				\
+	login.h					\
+	maillock.h				\
+	ndbm.h					\
+	net/if.h				\
+	net/if_tun.h				\
+	net/if_var.h				\
+	netdb.h					\
+	netinet/in.h				\
+	netinet/in6_machtypes.h			\
+	netinet/in_systm.h			\
+	paths.h					\
+	pty.h					\
+	pwd.h					\
+	resolv.h				\
+	rpcsvc/dbm.h				\
+	rpcsvc/ypclnt.h				\
+	sac.h					\
+	security/pam_modules.h			\
+	shadow.h				\
+	siad.h					\
+	signal.h				\
+	stropts.h				\
+	sys/bitypes.h				\
+	sys/capability.h			\
+	sys/category.h				\
+	sys/file.h				\
+	sys/filio.h				\
+	sys/ioccom.h				\
+	sys/ioctl.h				\
+	sys/locking.h				\
+	sys/mman.h				\
+	sys/param.h				\
+	sys/proc.h				\
+	sys/pty.h				\
+	sys/ptyio.h				\
+	sys/ptyvar.h				\
+	sys/resource.h				\
+	sys/select.h				\
+	sys/socket.h				\
+	sys/sockio.h				\
+	sys/stat.h				\
+	sys/str_tty.h				\
+	sys/stream.h				\
+	sys/stropts.h				\
+	sys/strtty.h				\
+	sys/syscall.h				\
+	sys/sysctl.h				\
+	sys/termio.h				\
+	sys/time.h				\
+	sys/timeb.h				\
+	sys/times.h				\
+	sys/tty.h				\
+	sys/types.h				\
+	sys/uio.h				\
+	sys/un.h				\
+	sys/utsname.h				\
+	sys/wait.h				\
+	syslog.h				\
+	term.h					\
+	termcap.h				\
+	termio.h				\
+	termios.h				\
+	tmpdir.h				\
+	ttyent.h				\
+	udb.h					\
+	ulimit.h				\
+	unistd.h				\
+	userpw.h				\
+	usersec.h				\
+	util.h					\
+	utime.h					\
+	utmp.h					\
+	utmpx.h					\
+	wait.h])
 
 AC_HEADER_TIME
 AC_DECL_SYS_SIGLIST
-AC_SUBST(ac_cv_header_sys_cdefs_h)dnl
-AC_SUBST(ac_cv_header_err_h)dnl
+
+CHECK_NETINET_IP_AND_TCP
+
+EXTRA_LOCL_HEADERS=
+EXTRA_HEADERS=
+if test "$ac_cv_header_err_h" != yes; then
+	EXTRA_HEADERS="$EXTRA_HEADERS err.h"
+fi
+if test "$ac_cv_header_fnmatch_h" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS fnmatch.h"
+fi
+AC_SUBST(EXTRA_HEADERS)
+AC_SUBST(EXTRA_LOCL_HEADERS)
 
 AC_GROK_TYPES(int8_t int16_t int32_t int64_t)
 AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t)
 
+AC_MSG_CHECKING(for strange sys/bitypes.h)
+AC_CACHE_VAL(krb_cv_int8_t_ifdef, [
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+],
+int8_t x;
+,
+krb_cv_int8_t_ifdef=no,
+krb_cv_int8_t_ifdef=yes)])
+AC_MSG_RESULT($krb_cv_int8_t_ifdef)
+if test "$krb_cv_int8_t_ifdef" = "yes"; then
+  AC_DEFINE(HAVE_STRANGE_INT8_T, 1, [Huh?])dnl
+fi
+
 dnl
 dnl Various checks for libraries and their contents
 dnl
 
+AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
+
 dnl
 dnl System V is have misplaced the socket routines, should really be in libc
 dnl
@@ -348,12 +514,12 @@ AC_FIND_FUNC(setpcred, s)
 AC_FIND_FUNC(logwtmp, util)
 
 AC_FIND_FUNC(logout, util)
-AC_FIND_FUNC_NO_LIBS(tgetent, termcap)
+AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses)
 	
 dnl 
 dnl See if there is any X11 present
 dnl
-AC_PATH_XTRA
+KRB_CHECK_X
 if test "$no_x" = "yes" ; then
 	MAKE_X_PROGS_BIN=""
 	MAKE_X_PROGS_LIBEXEC=""
@@ -364,98 +530,37 @@ fi
 AC_SUBST(MAKE_X_PROGS_BIN)dnl
 AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl
 
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-AC_FIND_FUNC_NO_LIBS(XauReadAuth, Xau X11)
-ac_xxx="$LIBS"
-LIBS="$LIB_XauReadAuth $LIBS"
-AC_CHECK_FUNCS(XauWriteAuth)
-if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-  XauWriteAuth_c=writeauth.c
-  XauWriteAuth_o=writeauth.o
-fi
-AC_SUBST(XauWriteAuth_c)dnl
-AC_SUBST(XauWriteAuth_o)dnl
-LIBS="$ac_xxx"
-
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
+AC_CHECK_XAU
 
 dnl
 dnl Look for berkeley db, gdbm, and ndbm in that order.
 dnl
 
-save_LIBS="$LIBS"
-AC_FIND_FUNC_NO_LIBS(dbopen, $berkeley_db)
-LIBS="$LIB_dbopen $LIBS"
-AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm)
-if test -n "$LIB_dbopen"; then
-  LIB_DBM="$LIB_dbopen"
-else
-  LIB_DBM="$LIB_dbm_firstkey"
-fi
-AC_SUBST(LIB_DBM)dnl
-LIBS="$save_LIBS"
+KRB_FIND_DB("" $berkeley_db gdbm ndbm)
 
 AC_FIND_FUNC(syslog, syslog)
 
-AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
-ac_cv_func_snprintf_working=yes
-AC_TRY_RUN([
-#include <stdio.h>
-#include <string.h>
-int main()
-{
-changequote(`,')dnl
-	char foo[3];
-changequote([,])dnl
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1");
-}],:,ac_cv_func_snprintf_working=no,:))
-: << END
-@@@funcs="$funcs snprintf"@@@
-END
-if test "$ac_cv_func_snprintf_working" = yes; then
-	foo=HAVE_SNPRINTF
-	AC_DEFINE_UNQUOTED($foo)
+AC_BROKEN_SNPRINTF
+AC_BROKEN_GLOB
+
+if test "$ac_cv_func_glob_working" != yes; then
+	EXTRA_LOCL_HEADERS="$EXTRA_LOCL_HEADERS glob.h"
+	LIBOBJS="$LIBOBJS glob.o"
 fi
 
 AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf)
 
-
-AC_CHECK_FUNCS(_getpty _scrsize _setsid _stricmp fchmod fcntl flock)
-AC_CHECK_FUNCS(forkpty frevoke gethostname getlogin getpriority getservbyname)
-AC_CHECK_FUNCS(getspnam getspuid gettimeofday getuid grantpt)
-AC_CHECK_FUNCS(innetgr iruserok mktime ptsname rand random)
-AC_CHECK_FUNCS(revoke setitimer setlogin setpgid setpriority)
+AC_CHECK_FUNCS(atexit _getpty _scrsize _setsid _stricmp chroot fattach fchmod)
+AC_CHECK_FUNCS(fcntl forkpty frevoke getlogin getpriority)
+AC_CHECK_FUNCS(getrlimit getservbyname getspnam getspuid gettimeofday)
+AC_CHECK_FUNCS(gettosbyname getuid grantpt mktime parsetos ptsname)
+AC_CHECK_FUNCS(rand random revoke setitimer setlogin setpgid setpriority)
 AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid)
-AC_CHECK_FUNCS(setutent swab ttyname ttyslot ulimit uname)
-AC_CHECK_FUNCS(unlockpt vhangup yp_get_default_domain)
-AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
-	ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	AC_TRY_RUN([
-#include <pwd.h>
-int main()
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
-LIBS="$ac_libs")
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-	AC_DEFINE(POSIX_GETPWNAM_R)
-fi
-fi
+AC_CHECK_FUNCS(setutent sigaction sysconf sysctl ttyname ttyslot)
+AC_CHECK_FUNCS(ulimit uname unlockpt vhangup yp_get_default_domain)
+AC_CHECK_FUNCS(on_exit sgi_getcapabilitybyname cap_set_proc)
+
+AC_CHECK_GETPWNAM_R_POSIX
 
 AC_FIND_FUNC_NO_LIBS(getsockopt, ,
 [#ifdef HAVE_SYS_TYPES_H
@@ -513,6 +618,8 @@ AC_FIND_FUNC(dn_expand, resolv,
 ],
 [0,0,0,0,0])
 
+AC_SUBST(LIB_res_search)dnl
+AC_SUBST(LIB_dn_expand)dnl
 
 AC_FUNC_MMAP
 AC_FUNC_ALLOCA
@@ -530,7 +637,7 @@ else
 fi
 ])
 if test "$ac_cv_func_getlogin_posix" = yes; then
-	AC_DEFINE(POSIX_GETLOGIN, 1)
+	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
 fi
 fi
 
@@ -539,12 +646,67 @@ AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
 #include <netdb.h>
 #endif],
 17)
+if test "$ac_cv_func_hstrerror" = yes; then
+AC_NEED_PROTO([
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+hstrerror)
+fi
 
-AC_BROKEN(chown daemon err errx fchown getcwd getdtablesize getopt)
-AC_BROKEN(getusershell inet_aton initgroups lstat memmove mkstemp)
-AC_BROKEN(putenv rcmd setegid setenv seteuid strcasecmp strdup)
-AC_BROKEN(strerror strftime strlwr strnlen strtok_r strupr unsetenv)
-AC_BROKEN(verr verrx vwarn vwarnx warn warnx)
+AC_BROKEN(chown daemon err errx fchown flock fnmatch)
+AC_BROKEN(getcwd getdtablesize gethostname geteuid getgid getegid)
+AC_BROKEN(getopt getusershell inet_aton initgroups innetgr iruserok lstat)
+AC_BROKEN(memmove mkstemp putenv rcmd readv setegid setenv seteuid)
+AC_BROKEN(strcasecmp strncasecmp strdup strerror strftime strlwr)
+AC_BROKEN(strndup strnlen strsep strtok_r strupr)
+AC_BROKEN(swab unsetenv verr verrx vsyslog)
+AC_BROKEN(vwarn vwarnx warn warnx writev)
+
+if test "$ac_cv_func_gethostname" = "yes"; then
+AC_NEED_PROTO([
+#include <unistd.h>],
+gethostname)
+fi
+
+if test "$ac_cv_func_mkstemp" = "yes"; then
+AC_NEED_PROTO([
+#include <unistd.h>],
+mkstemp)
+fi
+
+if test "$ac_cv_func_inet_aton" = "yes"; then
+AC_NEED_PROTO([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+inet_aton)
+fi
+
+AC_CACHE_CHECK(if realloc is broken, ac_cv_func_realloc_broken, [
+ac_cv_func_realloc_broken=no
+AC_TRY_RUN([
+#include <stddef.h>
+#include <stdlib.h>
+
+int main()
+{
+	return realloc(NULL, 17) == NULL;
+}
+],:, ac_cv_func_realloc_broken=yes, :)
+])
+if test "$ac_cv_func_realloc_broken" = yes ; then
+	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL, X) doesn't work.])
+fi
 
 AC_KRB_FUNC_GETCWD_BROKEN
 
@@ -560,7 +722,7 @@ if test "$ac_cv_header_siad_h" = yes; then
 	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
 fi
 
-if test "$ac_cv_header_security_pam_modules_h" = yes; then
+if test "$ac_cv_header_security_pam_modules_h" = yes -a "$enable_shared" = yes; then
 	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
 fi
 
@@ -594,6 +756,70 @@ dnl
 dnl Checks for prototypes and declarations
 dnl
 
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyname, struct hostent *gethostbyname(const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+getservbyname, struct servent *getservbyname(const char *, const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+],
+openlog, void openlog(const char *, int, int))
+
 AC_NEED_PROTO([
 #ifdef HAVE_CRYPT_H
 #include <crypt.h>
@@ -605,10 +831,32 @@ AC_NEED_PROTO([
 crypt)
 
 AC_NEED_PROTO([
+#include <stdio.h>
+],
+fclose)
+
+AC_NEED_PROTO([
 #include <string.h>
 ],
 strtok_r)
 
+AC_NEED_PROTO([
+#include <string.h>
+],
+strsep)
+
+AC_NEED_PROTO([
+#include <unistd.h>
+],
+getusershell)
+
+AC_NEED_PROTO([
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
+],
+utime)
+
 AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -636,6 +884,8 @@ AC_CHECK_DECLARATION([#include <stdlib.h>], optind)
 AC_CHECK_DECLARATION([#include <stdlib.h>], opterr)
 AC_CHECK_DECLARATION([#include <stdlib.h>], optopt)
 
+AC_CHECK_DECLARATION([#include <stdlib.h>], environ)
+
 dnl
 dnl According to ANSI you are explicitly allowed to cast to void,
 dnl but the standard fails to say what should happen. Some compilers
@@ -650,19 +900,39 @@ dnl Thus explicitly test for void
 dnl
 AC_TYPE_SIGNAL
 if test "$ac_cv_type_signal" = "void" ; then
-	AC_DEFINE(VOID_RETSIGTYPE, 1)
+	AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if RETSIGTYPE == void.])
 fi
 
 dnl
 dnl Check for fields in struct utmp
 dnl
-AC_EGREP_HEADER(ut_user, utmp.h, AC_DEFINE(HAVE_UT_USER))
-AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UT_HOST))
-AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UT_ADDR))
-AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UT_TYPE))
-AC_EGREP_HEADER(ut_pid, utmp.h, AC_DEFINE(HAVE_UT_PID))
-AC_EGREP_HEADER(ut_id, utmp.h, AC_DEFINE(HAVE_UT_ID))
-AC_EGREP_HEADER(ut_syslen, utmpx.h, AC_DEFINE(HAVE_UT_SYSLEN))
+
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_host,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_id,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_type,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_user,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit,
+[#include <sys/types.h>
+ #include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen,
+[#include <sys/types.h>
+ #include <utmp.h>])
+
+AC_KRB_STRUCT_SPWD
 
 AC_STRUCT_ST_BLKSIZE
 
@@ -681,50 +951,49 @@ AC_TYPE_UID_T
 AC_TYPE_OFF_T
 AC_TYPE_SIZE_T
 
+AC_CHECK_TYPE_EXTRA(ssize_t, int, [
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif])
+
 dnl
-dnl Check for sa_len in sys/socket.h
+dnl Check for broken ultrix sys/socket.h
 dnl
 
-AC_MSG_CHECKING(for sa_len in struct sockaddr)
-AC_CACHE_VAL(krb_cv_struct_sockaddr_sa_len, [
+AC_MSG_CHECKING(for broken sys/socket.h)
+AC_CACHE_VAL(krb_cv_header_sys_socket_h_broken, [
 AC_TRY_COMPILE(
 [#include <sys/types.h>
-#include <sys/socket.h>],
-[struct sockaddr sa;
-int foo = sa.sa_len;],
-krb_cv_struct_sockaddr_sa_len=yes,
-krb_cv_struct_sockaddr_sa_len=no)
-])
-AC_MSG_RESULT($krb_cv_struct_sockaddr_sa_len)
-if test "$krb_cv_struct_sockaddr_sa_len" = yes; then
-	AC_DEFINE(SOCKADDR_HAS_SA_LEN)
-fi
+#include <sys/socket.h>
+#include <sys/socket.h>],[],
+krb_cv_header_sys_socket_h_broken=no,
+krb_cv_header_sys_socket_h_broken=yes)])
+AC_MSG_RESULT($krb_cv_header_sys_socket_h_broken)
+AC_SUBST(krb_cv_header_sys_socket_h_broken)
+
+dnl
+dnl Check for sa_len in sys/socket.h
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
+#include <sys/socket.h>])
 
 dnl
 dnl Check for ouid in sys/siad.h
 dnl
 
 if test "$ac_cv_header_siad_h" = yes; then
-AC_MSG_CHECKING(for ouid in struct siaentity)
-AC_CACHE_VAL(krb_cv_struct_siaentity_ouid, [
-AC_TRY_COMPILE(
-[#include <siad.h>
-],
-[SIAENTITY e;
-int foo = e.ouid;],
-krb_cv_struct_siaentity_ouid=yes,
-krb_cv_struct_siaentity_ouid=no)
-])
-AC_MSG_RESULT($krb_cv_struct_siaentity_ouid)
-if test "$krb_cv_struct_siaentity_ouid" = yes; then
-	AC_DEFINE(SIAENTITY_HAS_OUID)
-fi
+AC_HAVE_STRUCT_FIELD(SIAENTITY, ouid, [#include <siad.h>])
 fi
 
 dnl
 dnl you can link with getmsg on AIX 3.2 but you cannot run the program
 dnl
 
+AC_CHECK_FUNCS(getmsg)
+
+if test "$ac_cf_func_getmsg" = "yes"; then
+
 AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg,
 AC_TRY_RUN(
 [
@@ -737,68 +1006,53 @@ int main()
 }
 ], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no))
 test "$ac_cv_func_getmsg" = "yes" &&
-AC_DEFINE(HAVE_GETMSG)
-
-dnl
-dnl Test if we are using berkeley db
-dnl
+AC_DEFINE(HAVE_GETMSG, 1, [Define if you have a working getmsg.])
 
-save_LIBS="$LIBS"
-LIBS="$LIB_DBM $LIBS"
-AC_CACHE_CHECK(for berkeley db, krb_cv_lib_berkeleydb,
-AC_TRY_RUN(
-[
-#include <unistd.h>
-#include <fcntl.h>
-#include <ndbm.h>
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if(d == NULL)
-    return 1;
-  dbm_close(d);
-  return access("conftest.db", F_OK) != 0;
-}], krb_cv_lib_berkeleydb=yes, krb_cv_lib_berkeleydb=no,
-krb_cv_lib_berkeleydb=no))
-test "$krb_cv_lib_berkeleydb" = "yes" &&
-AC_DEFINE(HAVE_NEW_DB)
-LIBS="$save_LIBS"
+fi
 
 dnl
 dnl Tests for editline
 dnl
 
-AC_FIND_FUNC_NO_LIBS(el_init, edit)
-AC_FIND_FUNC_NO_LIBS(readline, readline)
+dnl el_init
 
-if test "$with_readline"; then
-	AC_DEFINE(HAVE_READLINE, 1)
-	editline_OBJS=
-	LIB_readline="$READLINELIB "'$(LIB_tgetent)'
-	INCLUDE_readline="$READLINEINCLUDE"
-elif test "$ac_cv_func_el_init" = yes; then
-	AC_DEFINE(HAVE_READLINE, 1)
+AC_FIND_FUNC_NO_LIBS(el_init, edit)
+if test "$ac_cv_func_el_init" = yes ; then
+	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
+		AC_TRY_COMPILE([#include <stdio.h>
+			#include <histedit.h>],
+			[el_init("", NULL, NULL, NULL);],
+			ac_cv_func_el_init_four=yes,
+			ac_cv_func_el_init_four=no)])
+	if test "$ac_cv_func_el_init_four" = yes; then
+		AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
+	fi
+fi
 
-	editline_OBJS=edit_compat.o
-	LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)'
+dnl readline
 
-	INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+save_LIBS="$LIBS"
+LIBS="$LIB_tgetent $LIBS"
+AC_FIND_FUNC_NO_LIBS(readline, edit readline)
+LIBS="$save_LIBS"
+el_yes="# "
+if test "$with_readline" -a "$with_readline" != "no"; then
+	:
 elif test "$ac_cv_func_readline" = yes; then
-	AC_DEFINE(HAVE_READLINE, 1)
-	editline_OBJS=
-	LIB_readline='-lreadline $(LIB_tgetent)'
 	INCLUDE_readline=
+elif test "$ac_cv_func_el_init" = yes; then
+	el_yes=
+	LIB_readline="-L\$(top_builddir)/lib/editline -lel_compat $LIB_el_init"
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
 else
-	AC_DEFINE(HAVE_READLINE, 1)
-	editline_OBJS="editline.o complete.o sysunix.o"
-	LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)'
-	INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline'
+	LIB_readline='-L$(top_builddir)/lib/editline -leditline'
+	INCLUDE_readline='-I$(top_srcdir)/lib/editline'
 fi
+LIB_readline="$LIB_readline \$(LIB_tgetent)"
+AC_DEFINE(HAVE_READLINE, 1, [Define if you have a readline function.])dnl XXX
 AC_SUBST(LIB_readline)
 AC_SUBST(INCLUDE_readline)
-AC_SUBST(editline_OBJS)
+AC_SUBST(el_yes)
 
 dnl telnet muck --------------------------------------------------
 
@@ -832,14 +1086,14 @@ AIX*)
 	;;
 esac
 if test "$krb_cv_sys_streamspty" = yes; then
-	AC_DEFINE(STREAMSPTY)
+	AC_DEFINE(STREAMSPTY, 1, [Define if you have working stream ptys.])
 fi
 dnl AC_SUBST(STREAMSPTY)
 AC_MSG_RESULT($krb_cv_sys_streamspty)
 
 AC_MSG_CHECKING([if /bin/ls takes -A])
 if /bin/ls -A > /dev/null 2>&1 ;then
-	AC_DEFINE(HAVE_LS_A)
+	AC_DEFINE(HAVE_LS_A, 1, [Define if /bin/ls has a \`-A' flag.])
 	krb_ls_a=yes
 else
 	krb_ls_a=no
@@ -862,10 +1116,7 @@ AC_SUBST(CATSUFFIX)
 
 dnl ------------------------------------------------------------
 
-KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs'
-if test "$krb_cv_sys_aix" = yes; then
-	KRB_KAFS_LIB="$KRB_KAFS_LIB -lld"
-fi
+KRB_KAFS_LIB="-L\$(top_builddir)/lib/kafs -lkafs $AIX_EXTRA_KAFS"
 AC_SUBST(KRB_KAFS_LIB)dnl
 
 dnl ------------------------------------------------------------
@@ -896,12 +1147,10 @@ Makefile 					\
 include/Makefile				\
 include/sys/Makefile				\
 						\
-util/Makefile					\
-util/et/Makefile				\
-						\
 man/Makefile					\
 						\
 lib/Makefile					\
+lib/com_err/Makefile				\
 lib/des/Makefile				\
 lib/krb/Makefile				\
 lib/kdb/Makefile				\
@@ -912,6 +1161,7 @@ lib/roken/Makefile				\
 lib/otp/Makefile				\
 lib/sl/Makefile					\
 lib/editline/Makefile				\
+lib/rxkad/Makefile				\
 lib/auth/Makefile				\
 lib/auth/pam/Makefile				\
 lib/auth/sia/Makefile				\
@@ -936,8 +1186,9 @@ appl/telnet/telnet/Makefile			\
 appl/telnet/telnetd/Makefile			\
 appl/bsd/Makefile 				\
 appl/kauth/Makefile				\
-appl/kpopper/Makefile				\
+appl/popper/Makefile				\
 appl/movemail/Makefile				\
+appl/push/Makefile				\
 appl/sample/Makefile				\
 appl/xnlock/Makefile				\
 appl/kx/Makefile				\
@@ -946,25 +1197,4 @@ appl/otp/Makefile				\
 doc/Makefile					\
 ) dnl end of AC_OUTPUT
 
-dnl
-dnl This is the release version name-number[beta]
-dnl Update before making a new release
-dnl
-KRB4VERSION="$PACKAGE-$VERSION"
-
-cat > include/newversion.h.in <<EOF
-char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$";
-char *krb4_version = "$KRB4VERSION";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
+AC_KRB_VERSION
diff --git a/crypto/kerberosIV/doc/Makefile.in b/crypto/kerberosIV/doc/Makefile.in
index 5071e8e..8241c5d 100644
--- a/crypto/kerberosIV/doc/Makefile.in
+++ b/crypto/kerberosIV/doc/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.10 1997/05/06 03:05:55 joda Exp $
+# $Id: Makefile.in,v 1.18 1998/04/19 08:37:12 assar Exp $
 
 SHELL = /bin/sh
 
@@ -6,7 +6,7 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 INSTALL = @INSTALL@
-INSTALL_DATA = $(INSTALL)
+INSTALL_DATA = @INSTALL_DATA@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 MAKEINFO = @MAKEINFO@
 TEXI2DVI = texi2dvi
@@ -19,26 +19,29 @@ all: info
 
 install: all installdirs
 	if test -f kth-krb.info; then \
-	  $(INSTALL_DATA) kth-krb.info $(infodir)/kth-krb.info; \
+	  $(INSTALL_DATA) kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \
 	else \
-	  $(INSTALL_DATA) $(srcdir)/kth-krb.info $(infodir)/kth-krb.info; \
+	  $(INSTALL_DATA) $(srcdir)/kth-krb.info $(DESTDIR)$(infodir)/kth-krb.info; \
 	fi
-	if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \
-	  install-info --dir-file=$(infodir)/dir $(infodir)/kth-krb.info; \
+	if test -f $(DESTDIR)$(infodir)/dir ; then :; else \
+		$(INSTALL_DATA) $(srcdir)/dir $(DESTDIR)$(infodir)/dir; \
+	fi
+	-if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \
+	  install-info --dir-file=$(DESTDIR)$(infodir)/dir $(DESTDIR)$(infodir)/kth-krb.info; \
 	else \
 	  true; \
 	fi
 
 uninstall:
-	rm -f $(infodir)/kth-krb.info
+	rm -f $(DESTDIR)$(infodir)/kth-krb.info
 
 installdirs:
-	$(MKINSTALLDIRS) $(infodir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(infodir)
 
 info: kth-krb.info
 
 kth-krb.info: kth-krb.texi
-	$(MAKEINFO) -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi
+	$(MAKEINFO) --no-split -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi
 
 dvi: kth-krb.dvi
 
@@ -58,8 +61,8 @@ distclean: clean
 mostlyclean: clean
 
 maintainer-clean: clean
-	rm -f kth-krb.info
+	rm -f *.info*
 
 check:
 
-.PHONY: install all installdirs uninstall info dvi html clean check distclean mostlyclean maintainer-clean
+.PHONY: all install uninstall installdirs info dvi html clean distclean mostlyclean maintainer-clean check
diff --git a/crypto/kerberosIV/doc/ack.texi b/crypto/kerberosIV/doc/ack.texi
index 388f644..e5830d0 100644
--- a/crypto/kerberosIV/doc/ack.texi
+++ b/crypto/kerberosIV/doc/ack.texi
@@ -56,11 +56,35 @@ Bugfixes and code has been contributed by:
 @item Robert Malmgren
 @code{<rom@@incolumitas.se>}
 @item Fredrik Ljungberg
-@code{<flag@@it.kth.se>}
+@code{<flag@@astrogator.se>}
+@item Joakim Fallsjö
+@code{jfa@@pobox.se}
 @item Lars Malinowsky
 @code{<lama@@pdc.kth.se>}
 @item Fabien Coelho
 @code{<coelho@@cri.ensmp.fr>}
+@item Chris Chiappa
+@code{<griffon+@@cmu.edu>}
+@item Gregory S. Stark
+@code{<gsstark@@mit.edu>}
+@item Love Hörnquist-Åstrand
+@code{<lha@@stacken.kth.se>}
+@item Daniel Staaf
+@code{<d96-dst@@nada.kth.se>}
+@item Magnus Ahltorp
+@code{<map@@stacken.kth.se>}
+@item Robert Burgess
+@code{<rb@@stacken.kth.se>}
+@item Lars Arvestad
+@code{<arve@@nada.kth.se>}
+@item Jörgen Wahlsten
+@code{<wahlsten@@pathfinder.com>}
+@item Daniel Staaf
+@code{<d96-dst@@nada.kth.se>}
+@item R Lindsay Todd
+@code{<toddr@@rpi.edu>}
+@item Åke Sandgren
+@code{<ake@@cs.umu.se>}
 @item and we hope that those not mentioned here will forgive us.
 @end table
 
diff --git a/crypto/kerberosIV/doc/dir b/crypto/kerberosIV/doc/dir
new file mode 100644
index 0000000..911f622
--- /dev/null
+++ b/crypto/kerberosIV/doc/dir
@@ -0,0 +1,17 @@
+$Id: dir,v 1.1 1997/06/12 16:15:21 joda Exp $
+This is the file .../info/dir, which contains the topmost node of the
+Info hierarchy.  The first time you invoke Info you start off
+looking at that node, which is (dir)Top.
+
+File: dir	Node: Top	This is the top of the INFO tree
+
+  This (the Directory node) gives a menu of major topics. 
+  Typing "q" exits, "?" lists all Info commands, "d" returns here,
+  "h" gives a primer for first-timers,
+  "mEmacs<Return>" visits the Emacs topic, etc.
+
+  In Emacs, you can click mouse button 2 on a menu item or cross reference
+  to select it.
+
+* Menu: 
+
diff --git a/crypto/kerberosIV/doc/install.texi b/crypto/kerberosIV/doc/install.texi
index 240c04e..b893ae1 100644
--- a/crypto/kerberosIV/doc/install.texi
+++ b/crypto/kerberosIV/doc/install.texi
@@ -44,10 +44,15 @@ If you need to change the default behavior, configure understands the
 following options:
 
 @table @asis
-@item @kbd{--with-shared}
+@item @kbd{--enable-shared}
 Create shared versions of the Kerberos libraries. Not really
 recommended and might not work on all systems.
 
+@item @kbd{--with-ld-flags=}@var{flags}
+This allows you to specify which extra flags to pass to @code{ld}. Since
+this @emph{overrides} any choices made by configure, you should only use
+this if you know what you are doing.
+
 @item @kbd{--with-cracklib=}@var{dir}
 Use cracklib for password quality control in 
 @pindex kadmind
@@ -65,7 +70,7 @@ This is the dictionary that cracklib should use.
 If you have to traverse a firewall and it uses the SocksV5 protocol
 (@cite{RFC 1928}), you can build with socks-support.  Point @var{dir} to
 the directory where you have socks5 installed.  For more information
-about socks see @kbd{http://www.socks.nec.com/}.
+about socks see @url{http://www.socks.nec.com/}.
 
 @item @kbd{--with-readline=}@var{dir}
 @cindex readline
@@ -102,6 +107,21 @@ dbm. If you already are running Kerberos this option might be useful,
 since there currently isn't an easy way to convert a dbm database to a
 db one (you have to dump the old database and then load it with the new
 binaries).
+
+@item @kbd{--disable-shared-afs}
+The AFS support in AIX consists of a shared library that is loaded at
+runtime. This option disables this, and links with static system
+calls. Doing this will make the built binaries crash on a machine that
+doesn't have AFS in the kernel (for instance if the AFS module fails to
+load at boot).
+
+@item @kbd{--with-mips-api=api}
+This option enables creation of different types of binaries on Irix.
+The allowed values are @kbd{32}, @kbd{n32}, and @kbd{64}.
+
+@item @kbd{--enable-legacy-kdestroy}
+This compile-time option creates a @code{kdestroy} that does not destroy
+any AFS tokens.
 @end table
 
 @node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs
@@ -181,7 +201,7 @@ the kerberised @code{login}.  However some systems assume that login
 performs some serious amount of magic that our login might not do (although
 we've tried to do our best). So before replacing it on every machine,
 try and see what happens.  Another thing to try is to use one of the
-authentication modules (@xref{Authentication modules}) supplied.
+authentication modules (@pxref{Authentication modules}) supplied.
 
 The @code{login} program that we use was in an earlier life the standard
 login program from NetBSD. In order to use it with a lot of weird
@@ -249,7 +269,10 @@ Make sure @file{libsia_krb4.so} is available in
 might want to put it in @file{/usr/shlib} or someplace else. If you do,
 you'll have to edit @file{krb4_matrix.conf} to reflect the new location
 (you will also have to do this if you installed in some other directory
-than @file{/usr/athena}).
+than @file{/usr/athena}). If you built with shared libraries, you will
+have to copy the shared @file{libkrb.so}, @file{libdes.so},
+@file{libkadm.so}, and @file{libkafs.so} to a place where the loader can
+find them (such as @file{/usr/shlib}).
 @item
 Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}.
 @item
@@ -260,7 +283,8 @@ Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and
 @item
 Digital thinks you should reboot your machine, but that really shouldn't
 be necessary.  It's usually sufficient just to run
-@kbd{/sbin/init.d/security start}.
+@kbd{/sbin/init.d/security start} (and restart any applications that use
+SIA, like @code{xdm}.)
 @end itemize
 
 Users with local passwords (like @samp{root}) should be able to login
@@ -273,9 +297,13 @@ have to set @samp{KRBTKFILE} to the correct value in
 @example
 KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE
 @end example
-
-There is currently no support for changing passwords. Use @file{kpasswd}
-instead.
+If you use CDE, @code{dtlogin} allows you to specify which additional
+environment variables it should export. To add @samp{KRBTKFILE} to this
+list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of
+@samp{exportList}. You want to add something like:
+@example
+Dtlogin.exportList:     KRBTKFILE
+@end example
 
 @subsubheading Notes to users with Enhanced security
 
@@ -300,16 +328,19 @@ default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a
 @item
 For each user that does @emph{not} have a local C2 password, you should
 set the password expiration field to zero. You can do this for each
-user, or in the @samp{default} table. To to this use @samp{edauth} to
+user, or in the @samp{default} table. To do this use @samp{edauth} to
 set (or change) the @samp{u_exp} capability to @samp{u_exp#0}.
 @item
-You should make sure that you use Digital's login rather than the one
-distributed by us. The easiest way to do this is to replace
-@file{/usr/athena/bin/login} with @file{/bin/login}.
+You also need to be aware that the shipped @file{login}, @file{rcp}, and
+@file{rshd}, doesn't do any particular C2 magic (such as checking to
+various forms of disabled accounts), so if you rely on those features,
+you shouldn't use those programs. If you configure with
+@samp{--enable-osfc2}, these programs will, however, set the login
+UID. Still: use at your own risk.
 @end itemize
 
 At present @samp{su} does not accept the vouching flag, so it will not
-work as expected. 
+work as expected.
 
 Also, kerberised ftp will not work with C2 passwords. You can solve this
 by using both Digital's ftpd and our on different ports.
@@ -337,6 +368,13 @@ The @file{afskauthlib.so} itself is able to reside in
 @file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory
 (wherever that is).
 
+IRIX 6.4 and newer seems to have all programs (including @file{xdm} and
+@file{login}) in the N32 object format, whereas in older versions they
+were O32. For it to work, the @file{afskauthlib.so} library has to be in
+the same object format as the program that tries to load it. This might
+require that you have to configure and build for O32 in addition to the
+default N32.
+
 Appart from this it should ``just work'', there are no configuration
 files.
 
diff --git a/crypto/kerberosIV/doc/intro.texi b/crypto/kerberosIV/doc/intro.texi
index 830ca1a..7a28533 100644
--- a/crypto/kerberosIV/doc/intro.texi
+++ b/crypto/kerberosIV/doc/intro.texi
@@ -4,40 +4,12 @@
 
 This is an attempt at documenting the Kerberos 4 distribution from
 Kungliga Tekniska Högskolan (the Royal Institute of Technology in
-Stockholm, Sweden).  This distribution is based on eBones, but has been
+Stockholm, Sweden). This distribution is based on eBones, but has been
 improved in many ways. It is more portable, and several new features
-have been added. It currently runs on the following systems:
+have been added. It should run on any reasonably modern unix-like
+system.
 
-@itemize @bullet
-@item
-AIX 4.1, 4.2
-@item
-BSD/OS 2.0, 2.1
-@item
-Digital UNIX 3.2, 4.0
-@item
-HP-UX 9, 10
-@item
-IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4
-@item
-Linux 1.3, 2.0
-@item
-NetBSD 1.2
-@item
-FreeBSD 2.2
-@item
-SunOS 4.1
-@item
-SunOS 5.4/5.5 (aka Solaris 2.4/2.5)
-@item
-Ultrix 4.4
-@item
-Cray UNICOS 9.
-@item
-Fujitsu UXP/V 4.1.
-@end itemize
-
-Some part compile and work on:
+In addition, some part compile and work on:
 
 @itemize @bullet
 @item
@@ -50,13 +22,13 @@ libraries should compile with Microsoft C as well)
 It should work on anything that is almost POSIX, has an ANSI C
 compiler, a dbm library (for the server side), and BSD Sockets.
 
-A web-page is available at @kbd{http://www.pdc.kth.se/kth-krb/}.
+A web-page is available at @url{http://www.pdc.kth.se/kth-krb/}.
 
 @heading Bug reports
 
 If you cannot build the programs or they do not behave as you think they
 should, please send us a bug report.  The bug report should be sent to
-@code{<kth-krb-bugs@@nada.kth.se>}.  Please include information on what
+@code{<kth-krb-bugs@@pdc.kth.se>}.  Please include information on what
 machine and operating system (including version) you are running, what
 you are trying to do, what happens, what you think should have happened,
 an example for us to repeat, the output you get when trying the example,
@@ -65,5 +37,5 @@ with @code{diff -u} or @code{diff -c}.  The more detailed the bug report
 is, the easier it will be for us to reproduce, understand, and fix it.
 
 Suggestions, comments and other non bug reports are welcome.  Send them
-to @code{<kth-krb@@nada.kth.se>}.
+to @code{<kth-krb@@pdc.kth.se>}.
 
diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi
index 8b26349..248b626 100644
--- a/crypto/kerberosIV/doc/kth-krb.texi
+++ b/crypto/kerberosIV/doc/kth-krb.texi
@@ -1,6 +1,6 @@
 \input texinfo @c -*- texinfo -*-
 @c %**start of header
-@c $Id: kth-krb.texi,v 1.71 1997/05/25 21:31:00 assar Exp $
+@c $Id: kth-krb.texi,v 1.77.2.1 1999/08/18 21:11:25 joda Exp $
 @setfilename kth-krb.info
 @settitle KTH-KRB
 @iftex
@@ -14,27 +14,29 @@
 @syncodeindex pg cp
 @c %**end of header
 
+@ifinfo
 @dircategory Kerberos
 @direntry
 * Kth-krb: (kth-krb).           The Kerberos IV distribution from KTH
 @end direntry
+@end ifinfo
 
 @c title page
 @titlepage
 @title KTH-KRB
 @subtitle Kerberos 4 from KTH
-@subtitle Edition -1.0, for version 0.9.5
-@subtitle 1997
+@subtitle For release 0.10.
+@subtitle 1999
 @author Johan Danielsson
 @author Assar Westerlund
-@author last updated $Date: 1997/05/25 21:31:00 $
+@author last updated $Date: 1999/08/18 21:11:25 $
 
 @def@copynext{@vskip 20pt plus 1fil@penalty-1000}
 @def@copyrightstart{}
 @def@copyrightend{}
 @page
 @copyrightstart
-Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan 
+Copyright (c) 1995-1999 Kungliga Tekniska Högskolan 
 (Royal Institute of Technology, Stockholm, Sweden).
 All rights reserved.
 
@@ -230,6 +232,7 @@ to the following restrictions:
 * Acknowledgments::             
 * Index::                       
 
+@detailmenu
  --- The Detailed Node Listing ---
 
 Installing programs
@@ -282,7 +285,11 @@ One-Time Passwords
 Resolving frequent problems
 
 * Problems compiling Kerberos::  
+* Problems with firewalls::     
 * Common error messages::       
+* Is Kerberos year 2000 safe?::  
+
+@end detailmenu
 @end menu
 
 @include intro.texi
diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi
index 9e3630e..7713d45 100644
--- a/crypto/kerberosIV/doc/problems.texi
+++ b/crypto/kerberosIV/doc/problems.texi
@@ -3,13 +3,15 @@
 
 @menu
 * Problems compiling Kerberos::  
+* Problems with firewalls::     
 * Common error messages::       
+* Is Kerberos year 2000 safe?::  
 @end menu
 
-@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems
+@node Problems compiling Kerberos, Problems with firewalls, Resolving frequent problems, Resolving frequent problems
 @section Problems compiling Kerberos
 
-Many compilers require a switch to become ANSI compliant. Since kth-krb
+Many compilers require a switch to become ANSI compliant. Since krb4
 is written in ANSI C it is necessary to specify the name of the compiler
 to be used and the required switch to make it ANSI compliant. This is
 most easily done when running configure using the @kbd{env} command. For
@@ -41,8 +43,17 @@ verified to successfully compile the distribution:
 
 @subheading Linux problems
 
+The libc functions gethostby*() under RedHat4.2 can sometimes cause
+core dumps. If you experience these problems make sure that the file
+@file{/etc/nsswitch.conf} contains a hosts entry no more complex than
+the line
+
+@cartouche
+hosts: files dns
+@end cartouche
+
 Some systems have lost @file{/usr/include/ndbm.h} which is necessary to
-build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to
+build krb4 correctly. There is a @file{ndbm.h.Linux} right next to
 the source distribution.
 
 There has been reports of non-working @file{libdb} on some Linux
@@ -64,10 +75,37 @@ ported, in the mean time use @kbd{telnetd}.
 
 @subheading AIX problems
 
-@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile
+@kbd{gcc} version 2.7.2.* has a bug which makes it miscompile
 @file{appl/telnet/telnetd/sys_term.c} (and possibily
 @file{appl/bsd/forkpty.c}), if used with too much optimization.
 
+Some versions of the @kbd{xlc} preprocessor doesn't recognise the
+(undocumented) @samp{-qnolm} option. If this option is passed to the
+preprocessor (like via the configuration file @file{/etc/ibmcxx.cfg},
+configure will fail.
+
+The solution is to remove this option from the configuration file,
+either globally, or for just the preprocessor:
+
+@example
+$ cp /etc/ibmcxx.cfg /tmp
+$ed /tmp/ibmcxx.cfg
+8328
+/nolm
+        options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
+s/,-qnolm//p 
+        options   = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
+w
+8321
+q
+$ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
+@end example
+
+There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
+kernel to panic in some cases. There is a hack for this in @kbd{login},
+but other programs could be affected also. This seems to be fixed in
+version 5.55.
+
 @subheading C2 problems
 
 @cindex C2
@@ -78,7 +116,66 @@ place. If you want to use Kerberos with C2 security you will have to
 think about what kind of changes are necessary. See also the discussion
 about Digital's SIA and C2 security, see @ref{Digital SIA}.
 
-@node Common error messages,  , Problems compiling Kerberos, Resolving frequent problems
+@node Problems with firewalls, Common error messages, Problems compiling Kerberos, Resolving frequent problems
+@section Problems with firewalls
+
+@cindex firewall
+A firewall is a network device that filters out certain types of packets
+going from one side of the firewall to the other. A firewall is supposed
+to solve the same kinds of problems as Kerberos (basically hindering
+unauthorised network use). The difference is that Kerberos tries to
+authenticate users, while firewall splits the network in a `secure'
+inside, and an `insecure' outside. 
+
+Firewall people usually think that UDP is insecure, partly because many
+`insecure' protocols use UDP. Since Kerberos by default uses UDP to send
+and recieve packets, Kerberos and firewalls doesn't work very well
+together.
+
+The symptoms of trying to use Kerberos behind a firewall is that you
+can't get any tickets (@code{kinit} exits with the infamous @samp{Can't
+send request} error message).
+
+There are a few ways to solve these problems:
+
+@itemize @bullet
+@item 
+Convince your firewall administrator to open UDP port 750 or 88 for
+incoming packets. This usually turns out to be difficult.
+@item 
+Convince your firewall administrator to open TCP port 750 or 88 for
+outgoing connections. This can be a lot easier, and might already be
+enabled.
+@item 
+Use TCP connections over some non-standard port. This requires that you
+have to convince the administrator of the kerberos server to allow
+connections on this port.
+@item 
+@cindex HTTP
+Use HTTP to get tickets. Since web-stuff has become almost infinitely
+popular, many firewalls either has the HTTP port open, or has a HTTP
+proxy.
+@end itemize
+
+The last two methods might be considered to be offensive (since you are
+not sending the `right' type of data in each port). You probably do best
+in discussuing this with firewall administrator.
+
+For information on how to use other protocols when communication with
+KDC, see @ref{Install the configuration files}.
+
+It is often the case that the firewall hides addresses on the `inside',
+so it looks like all packets are coming from the firewall. Since address
+of the client host is encoded in the ticket, this can cause trouble. If
+you get errors like @samp{Incorrect network address}, when trying to use
+the ticket, the problem is usually becuase the server you are trying to
+talk to sees a different address than the KDC did. If you experience
+this kind of trouble, the easiest way to solve them is probably to try
+some other mechanism to fetch tickets. You might also be able to
+convince the administrator of the server that the two different
+addresses should be added to the @file{/etc/krb.equiv} file.
+
+@node Common error messages, Is Kerberos year 2000 safe?, Problems with firewalls, Resolving frequent problems
 @section Common error messages
 
 These are some of the more obscure error messages you might encounter:
@@ -149,8 +246,48 @@ is down, or it is using the wrong port (compare the entries for
 failed to guess what kerberos server to talk to (check
 @file{/etc/krb.conf} and @file{/etc/krb.realms}).
 
+One reason you can't contact the kerberos server might be because you're
+behind a firewall that doesn't allow kerberos packets to pass. For
+possible solutions to this see the firewall section above.
+
+@item @samp{kerberos: socket: Unable to open socket...}
+
+The kerberos server has to open four sockets for each interface.  If you
+have a machine with lots of virtual interfaces, you run the risk of
+running out of file descriptors.  If that happens you will get this
+error message.
+
+@item @samp{ftp: User foo access denied}
+
+This usually happens because the user's shell is not listed in
+@file{/etc/shells}.  Note that @kbd{ftpd} checks this file even on
+systems where the system version does not and there is no
+@file{/etc/shells}.
+
 @item @samp{Generic kerberos error}
 This is a generic catch-all error message.
 
 @end table
 
+@node Is Kerberos year 2000 safe?,  , Common error messages, Resolving frequent problems
+@section Is Kerberos year 2000 safe?
+
+@cindex Year 2000
+
+Yes.
+
+A somewhat longer answer is that we can't think of anything that can
+break. The protocol itself doesn't use time stamps in textual form, the
+two-digit year problems in the original MIT code has been fixed (this
+was a problem mostly with log files). The FTP client had a bug in the
+command `newer' (which fetches a file if it's newer than what you
+already got).
+
+Another thing to look out for, but that isn't a Y2K problem per se, is
+the expiration date of old principals. The MIT code set the default
+expiration date for some new principals to 1999-12-31, so you might want
+to check your database for things like this.
+
+Now, the Y2038 problem is something completely different (but the
+authors should have retired by then, presumably growing rowanberrys in
+some nice and warm place).
diff --git a/crypto/kerberosIV/doc/setup.texi b/crypto/kerberosIV/doc/setup.texi
index 1b4b395..4d2d0ff 100644
--- a/crypto/kerberosIV/doc/setup.texi
+++ b/crypto/kerberosIV/doc/setup.texi
@@ -64,7 +64,7 @@ only allow logins on the console.
 
 This machine has also to be reliable.  If it is down, you will not be
 able to use any kerberised services unless you have also configured a
-slave server (@xref{Install a slave kerberos server}).
+slave server (@pxref{Install a slave kerberos server}).
 
 Running the kerberos server requires very little CPU power and a small
 amount of disk. An old PC with some hundreds of megabytes of free disk
@@ -84,16 +84,19 @@ different realms.  The format of this file is:
 
 @example
 THIS.REALM
+SUPP.LOCAL.REALM
 THIS.REALM              kerberos.this.realm admin server
 THIS.REALM              kerberos-1.this.realm
+SUPP.LOCAL.REALM        kerberos.supp.local.realm admin server
 ANOTHER.REALM           kerberos.another.realm
 @end example
 
-The first line defines the name of the local realm. Line two defines the
-name of the master kerberos server and the database administration
-server for this realm.  You can define any number of kerberos slave
-servers similar to the one defined in line three.  The clients will try
-to contact the servers in the order they are defined in @file{krb.conf}.
+The first line defines the name of the local realm. The next few lines
+optionally defines supplementary local realms. The rest of the file
+defines the names of the kerberos servers and the database
+administration servers for all known realms. You can define any number
+of kerberos slave servers similar to the one defined on line
+four. Clients will try to contact servers in listed order.
 
 The @samp{admin server} clause at the first entry states that this is
 the master server
@@ -109,10 +112,11 @@ protocols other than UDP.
 
 The formal syntax for an entry is now
 @samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either
-@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default
-value for @var{proto} is @samp{udp} and for @var{port} whatever
-@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if
-undefined.
+@samp{UDP}, @samp{TCP}, or @samp{HTTP}, and @var{port} is the port to
+talk to. Default value for @var{proto} is @samp{UDP} and for @var{port}
+whatever @samp{kerberos-iv} is defined to be in @file{/etc/services} or
+750 if undefined. If @var{proto} is @samp{HTTP}, the default port is
+80. An @samp{http} entry may also be specified in URL format.
 
 If the information about a realm is missing from the @file{krb.conf}
 file, or if the information is wrong, the following methods will be
@@ -123,8 +127,9 @@ tried in order.
 If you have an SRV-record (@cite{RFC 2052}) for your realm it will be
 used. This record should be of the form
 @samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is
-either @samp{udp} or @samp{tcp}. (Note: the current implementation does
-not look at priority or weight when deciding which server to talk to.)
+either @samp{UDP}, @samp{TCP}, or @samp{HTTP}. (Note: the current
+implementation does not look at priority or weight when deciding which
+server to talk to.)
 @item
 If there isn't any SRV-record, it tries to find a TXT-record for the
 same domain. The contents of the record should have the same format as the
@@ -133,7 +138,7 @@ solution if your name server doesn't support SRV records. The clients
 should work fine with SRV records, so if your name server supports them,
 they are very much preferred.)
 @item
-If no valid kerberos server is found, it will try to talk udp to the
+If no valid kerberos server is found, it will try to talk UDP to the
 service @samp{kerberos-iv} with fall-back to port 750 with
 @samp{kerberos.@var{REALM}} (which is also assumed to be the master
 server), and then @samp{kerberos-1.@var{REALM}},
@@ -176,6 +181,42 @@ The plain vanilla version of Kerberos doesn't have any fancy methods of
 getting realms and servers so it is generally a good idea to keep
 @file{krb.conf} and @file{krb.realms} up to date.
 
+In addition to these commonly used files, @file{/etc/krb.extra}
+@pindex krb.extra
+holds some things that are not normally used. It consists of a number of
+@samp{@var{variable} = @var{value}} pairs, blank lines and lines
+beginning with a hash (#) are ignored.
+
+The currently defined variables are:
+
+@table @samp
+@item krb4_proxy
+@cindex krb4_proxy
+When getting tickets via HTTP, this specifies the proxy to use. The
+default is to speak directly to the KDC.
+@item kdc_time_sync
+@cindex kdc_time_sync
+This flag enables storing of the time differential to the KDC when
+getting an initial ticket. This differential is used later on to compute
+the correct time. This can help if your machine doesn't have a working
+clock.
+@item kdc_timeout
+@cindex kdc_timeout
+This allows you to change the default (4 seconds) timeout when talking
+to the KDC.
+@item reverse_lsb_test
+@cindex reverse_lsb_test
+Reverses the test used by @code{krb_mk_safe}, @code{krb_rd_safe},
+@code{krb_mk_priv}, and @code{krb_rd_priv} to compute the ordering of
+the communicating hosts. This test can cause truble when using
+firewalls.
+@item firewall_address
+@cindex firewall_address
+The IP address that hosts outside the firewall see when connecting from
+within the firewall. If this is specified, the code will try to compute
+the value for @samp{reverse_lsb_test}.
+@end table
+
 @node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server
 @subsection Updating /etc/services
 
@@ -193,7 +234,7 @@ have them there anyway.
 
 You should have already chosen the machine where you want to run the
 kerberos server and the realm name.  The machine should also be as
-secure as possible (@xref{Choose a kerberos server}) before installing
+secure as possible (@pxref{Choose a kerberos server}) before installing
 the kerberos server.  In this example, we will install a kerberos server
 for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}.
 
@@ -285,7 +326,7 @@ to edit the kerberos database directly on the server.
 
 @code{kdb_edit} is intended as a bootstrapping and fall-back mechanism
 for editing the database.  For normal purposes, use the @code{kadmin}
-program (@xref{Add users to the database}).
+program (@pxref{Add users to the database}).
 
 The following example shows the adding of the principal
 @samp{nisse.admin} into the kerberos database.  This principal is used
@@ -393,10 +434,10 @@ the contents.
 
 @example
 @cartouche
-hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.add
-hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.get
-hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.mod
-hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.del
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.add
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.get
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.mod
+hemlig# echo "nisse.admin@@FOO.SE" >> /var/kerberos/admin_acl.del
 @end cartouche
 @end example
 
@@ -470,7 +511,7 @@ admin server to your startup scripts (@file{/etc/rc} or similar).
 
 Making a machine a kerberos client only requires a few steps.  First you
 might need to change the configuration files as with the kerberos
-server.  (@xref{Install the configuration files} and @ref{Install the
+server.  (@pxref{Install the configuration files} and @pxref{Install the
 /etc/services}.) Also you need to make the programs in
 @file{/usr/athena/bin} available.  This can be done by adding the
 @file{/usr/athena/bin} directory to the users' paths, by making symbolic
@@ -482,7 +523,7 @@ time difference between the participating servers and a client is 5
 minutes.
 @cindex NTP.
 One good way to synchronize the time is NTP (Network Time Protocol), see
-@code{http://www.eecis.udel.edu/~ntp/}.
+@url{http://www.eecis.udel.edu/~ntp/}.
 
 If you need to run the client programs on a machine where you do not
 have root-access, you can hopefully just use the binaries and no
@@ -563,7 +604,7 @@ authentication method should be used.  The @code{telnetd} program has
 an option ``-a user'' that only allows kerberised and authenticated
 connections.  If this is not included, it falls back to using clear text
 passwords.  For obvious reasons, we recommend that you enable this
-option.  If you want to use one-time passwords (@xref{One-Time
+option.  If you want to use one-time passwords (@pxref{One-Time
 Passwords}) you can use the ``-a otp'' option which will allow OTPs or
 kerberised connections.
 
@@ -576,7 +617,7 @@ specify additional levels that are thus allowed with these options:
 
 @table @asis
 @item @kbd{-a otp}
-Allow one-time passwords (@xref{One-Time Passwords}).
+Allow one-time passwords (@pxref{One-Time Passwords}).
 @item @kbd{-a ftp}
 Allow anonymous login (as user ``ftp'' or ``anonymous'').
 @item @kbd{-a safe}
@@ -691,17 +732,28 @@ It is desirable to have at least one backup (slave) server in case the
 master server fails. It is possible to have any number of such slave
 servers but more than three usually doesn't buy much more redundancy.
 
-First select a good server machine.  @xref{Choose a kerberos
-server}. Since the master and slave servers will use copies of the same
-database, they need to use the same master key.
+First select a good server machine.  (@pxref{Choose a kerberos
+server}). Since the master and slave servers will use copies of the same
+database, they need to use the same master key.  Add the master key on
+the slave with @code{kstash}. (@pxref{Set up the server})
 
-On the master, add a @samp{rcmd.kerberos} principal (using
-@samp{ksrvutil get}). The
+On the master, add a @samp{rcmd.kerberos} (note, it should be literally
+``kerberos'') principal (using @samp{ksrvutil get}). The
 @pindex kprop
 @code{kprop} program, running on the master, will use this when
 authenticating to the
 @pindex kpropd
-@code{kpropd} daemons running on the slave servers.
+@code{kpropd} daemons running on the slave servers.  The @code{kpropd}
+on the slave will use its @samp{rcmd.hostname} key for authenticating
+the connection from the master.  Therefore, the slave needs to have this
+key in its srvtab, and it of course also needs to have enough of the
+configuration files to act as a server.  See @ref{Install the kerberised
+services} for information on how to do this.
+
+To summarize, the master should have a key for @samp{rcmd.kerberos} and
+the slave one for @samp{rcmd.hostname}.
+
+The slave will need the same master key as you used at the master.
 
 On your master server, create a file, e.g. @file{/var/kerberos/slaves},
 that contains the hostnames of your kerberos slave servers.
diff --git a/crypto/kerberosIV/doc/whatis.texi b/crypto/kerberosIV/doc/whatis.texi
index 16989bb..6721c23 100644
--- a/crypto/kerberosIV/doc/whatis.texi
+++ b/crypto/kerberosIV/doc/whatis.texi
@@ -96,7 +96,7 @@ attack.
 
 @subheading Impersonating B
 
-@var{C} can hijack @var{B}'s network address, and when @var{A} sends
+@var{C} can masquerade @var{B}'s network address, and when @var{A} sends
 her credentials, @var{C} just pretend to verify them. @var{C} can't
 be sure that she is talking to @var{A}.
 
diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes
index a9721a0..c0a88ca 100644
--- a/crypto/kerberosIV/etc/inetd.conf.changes
+++ b/crypto/kerberosIV/etc/inetd.conf.changes
@@ -1,5 +1,5 @@
 #
-# $Id: inetd.conf.changes,v 1.12 1996/10/27 11:58:02 bg Exp $
+# $Id: inetd.conf.changes,v 1.13 1997/09/03 15:48:23 bg Exp $
 #
 # Turn off vanilla rshd and rlogind with an informational message.
 # If you really want this security problem remove the '-v' option!
@@ -18,7 +18,7 @@ eklogin	stream	tcp nowait root	/usr/athena/libexec/rlogind rlogind -k -x
 # Kerberized telnet and ftp, consider adding '-a user' to
 # disallow cleartext passwords to both telnetd and ftpd.
 telnet	stream	tcp nowait root /usr/athena/libexec/telnetd telnetd -a none
-ftp	stream	tcp nowait root	/usr/athena/libexec/ftpd ftpd -a none
+ftp	stream	tcp nowait root	/usr/athena/libexec/ftpd ftpd -l -a none
 #
 # Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname!
 #kpop	stream	tcp nowait root	/usr/athena/libexec/popper popper -k
diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf
index 6114c85..9c694b5 100644
--- a/crypto/kerberosIV/etc/krb.conf
+++ b/crypto/kerberosIV/etc/krb.conf
@@ -10,19 +10,18 @@ ADMIN.KTH.SE	montano.admin.kth.se
 BION.KTH.SE     chaplin.bion.kth.se admin server
 DSV.SU.SE	ssi.dsv.su.se admin server
 DSV.SU.SE	vall.dsv.su.se
-E.KTH.SE	heimdal.e.kth.se admin server
-E.KTH.SE        elixir.e.kth.se
-E.KTH.SE        malt.e.kth.se
-IT.KTH.SE	gaia.it.kth.se
-IT.KTH.SE	isolde.it.kth.se
-IT.KTH.SE	tristan.it.kth.se
+E.KTH.SE	kerberos.e.kth.se admin server
+E.KTH.SE        kerberos-1.e.kth.se
+E.KTH.SE        kerberos-2.e.kth.se
+IT.KTH.SE	kerberos.it.kth.se
+IT.KTH.SE	kerberos-1.it.kth.se
+IT.KTH.SE	kerberos-2.it.kth.se
+MECH.KTH.SE	kerberos.mech.kth.se admin server
 KTH.SE		kth.se admin server
 ML.KVA.SE	gustava.ml.kva.se admin server
 PI.SE		liszt.adm.pi.se admin server
-STACKEN.KTH.SE	linnea.stacken.kth.se admin server
-STACKEN.KTH.SE	marcel.stacken.kth.se
-STACKEN.KTH.SE	sune.stacken.kth.se
-SUNET.SE	bar.pilsnet.sunet.se admin server
+STACKEN.KTH.SE	kerberos.stacken.kth.se admin server
+SUNET.SE	kerberos.sunet.se admin server
 CYGNUS.COM kerberos.cygnus.com admin server
 CYGNUS.COM kerberos-1.cygnus.com
 CYGNUS.COM dumb.cygnus.com
diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms
index 85e955a..7498bf0 100644
--- a/crypto/kerberosIV/etc/krb.realms
+++ b/crypto/kerberosIV/etc/krb.realms
@@ -4,14 +4,17 @@ sics.se		SICS.SE
 nada.kth.se	NADA.KTH.SE
 pdc.kth.se	NADA.KTH.SE
 .hydro.kth.se	NADA.KTH.SE
-.math.kth.se	NADA.KTH.SE
-.mech.kth.se	NADA.KTH.SE
+.mech.kth.se	MECH.KTH.SE
 .nada.kth.se	NADA.KTH.SE
 .pdc.kth.se	NADA.KTH.SE
 .sans.kth.se	NADA.KTH.SE
 .admin.kth.se	ADMIN.KTH.SE
 .e.kth.se	E.KTH.SE
+.s3.kth.se	E.KTH.SE
+.radio.kth.se	E.KTH.SE
+.ttt.kth.se	E.KTH.SE
 .electrum.kth.se	IT.KTH.SE
+.math.kth.se	MATH.KTH.SE
 .it.kth.se	IT.KTH.SE
 .sth.sunet.se	SUNET.SE
 .pilsnet.sunet.se	SUNET.SE
diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append
index 8101e72..3b3ec61 100644
--- a/crypto/kerberosIV/etc/services.append
+++ b/crypto/kerberosIV/etc/services.append
@@ -1,19 +1,23 @@
 #
-# Kerberos
+# $Id: services.append,v 1.13 1999/07/06 13:08:02 assar Exp $
 #
-# $Id: services.append,v 1.11 1996/10/18 15:25:17 bg Exp $
+# Kerberos services
 #
 kerberos-sec	88/udp				# Kerberos secondary port UDP
 kerberos-sec	88/tcp				# Kerberos secondary port TCP
+kpasswd		464/udp				# password changing
+kpasswd		464/tdp				# password changing
 klogin		543/tcp				# Kerberos authenticated rlogin
 kshell		544/tcp		krcmd		# and remote shell
 ekshell		545/tcp		      # Kerberos encrypted remote shell -kfall
 ekshell2	2106/tcp	      # What U of Colorado @ Boulder uses?
+kerberos-adm	749/udp				# v5 kadmin
+kerberos-adm	749/tcp				# v5 kadmin
 kerberos-iv	750/udp		kerberos kdc	# Kerberos authentication--udp
 kerberos-iv	750/tcp		kerberos kdc	# Kerberos authentication--tcp
-kerberos_master 751/udp				# Kerberos authentication
-kerberos_master 751/tcp				# Kerberos authentication
-krb_prop	754/tcp				# Kerberos slave propagation
+kerberos_master 751/udp				# v4 kadmin
+kerberos_master 751/tcp				# v4 kadmin
+krb_prop	754/tcp		hprop		# Kerberos slave propagation
 kpop		1109/tcp			# Pop with Kerberos
 eklogin		2105/tcp			# Kerberos encrypted rlogin
 rkinit		2108/tcp			# Kerberos remote kinit
diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in
index 5061c08..b2b0547 100644
--- a/crypto/kerberosIV/include/Makefile.in
+++ b/crypto/kerberosIV/include/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.36 1997/05/20 18:58:39 bg Exp $
+# $Id: Makefile.in,v 1.58 1999/03/10 19:01:13 joda Exp $
 
 srcdir		= @srcdir@
 VPATH		= @srcdir@
@@ -6,8 +6,10 @@ VPATH		= @srcdir@
 SHELL		= /bin/sh
 
 CC		= @CC@
-DEFS		= @DEFS@
-CFLAGS		= @CFLAGS@
+LINK = @LINK@
+DEFS		= @DEFS@ -DHOST=\"@CANONICAL_HOST@\"
+CFLAGS		= @CFLAGS@ $(WFLAGS)
+WFLAGS		= @WFLAGS@
 LD_FLAGS	= @LD_FLAGS@
 
 INSTALL		= @INSTALL@
@@ -21,23 +23,25 @@ exec_prefix	= @exec_prefix@
 includedir	= @includedir@
 libdir		= @libdir@
 
-HAVE_ERR_H	= @ac_cv_header_err_h@
-
 @SET_MAKE@
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
-HEADERS = krb_err.h kadm_err.h acl.h com_err.h des.h kadm.h kafs.h \
-	  kdc.h klog.h krb.h krb_db.h prot.h otp.h sl.h ktypes.h
+HEADERS = \
+	acl.h com_err.h com_right.h des.h kadm.h kafs.h kdc.h \
+	klog.h krb.h krb-protos.h krb-archaeology.h krb_db.h \
+	ktypes.h otp.h prot.h sl.h parse_time.h @EXTRA_HEADERS@
 
-KTYPES_OBJECTS = ktypes.o
+LOCL_HEADERS = \
+	     base64.h roken-common.h protos.h resolve.h xdbm.h	\
+	     krb_log.h getarg.h parse_time.h @EXTRA_LOCL_HEADERS@
 
-SOURCES = ktypes.c
+CLEAN_FILES = roken.h krb_err.h kadm_err.h
 
-LOCL_HEADERS = roken.h protos.h resolve.h xdbm.h
+BITS_OBJECTS = bits.o
 
-MAYBE_HEADERS = err.h
+SOURCES = bits.c
 
 SUBDIRS		= sys
 
@@ -48,37 +52,31 @@ all: stamp-headers
 Wall:
 	$(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
-ALL_INC =  com_err.h des.h kadm.h kafs.h kdc.h klog.h krb.h krb_db.h otp.h
-
-install:
-	$(MKINSTALLDIRS) $(includedir)
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
 	for x in $(HEADERS); \
-		do $(INSTALL_DATA) $$x $(includedir)/$$x; done
-	-if test "$(HAVE_ERR_H)" != yes; then \
-	  $(INSTALL_DATA) err.h $(includedir)/err.h; \
-	fi
+		do $(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$x; done
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) install); done
 
 uninstall:
 	for x in $(HEADERS); do \
-	  rm -f $(includedir)/$$x; \
+	  rm -f $(DESTDIR)$(includedir)/$$x; \
 	done
-	-if test "$(HAVE_ERR_H)" != yes; then \
-	  rm -f $(includedir)/err.h; \
-	fi
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
 
 clean:
-	rm -f $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) *.o ktypes stamp-headers
+	rm -f $(HEADERS) $(LOCL_HEADERS) \
+		$(CLEAN_FILES) *.o bits stamp-headers
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) clean); done
 
 mostlyclean:	clean
 
 distclean:
-	$(MAKE) clean		
+	$(MAKE) clean
+	rm -f config.h version.h version.h.in
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
 	rm -f Makefile config.status *~
@@ -87,61 +85,80 @@ realclean:
 	for i in $(SUBDIRS); \
 	do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
 
-err.h:
-	if test "$(HAVE_ERR_H)" != yes; then \
-	  $(LN_S) $(srcdir)/../lib/roken/err.h err.h; \
-	fi || true
-
-krb_err.h:
-	cd ../lib/krb && $(MAKE) krb_err.h
-	$(LN_S) ../lib/krb/krb_err.h .
-kadm_err.h:
-	cd ../lib/kadm && $(MAKE) kadm_err.h
-	$(LN_S) ../lib/kadm/kadm_err.h .
 acl.h:
 	$(LN_S) $(srcdir)/../lib/acl/acl.h .
+
 com_err.h:
-	$(LN_S) $(srcdir)/../util/et/com_err.h .
+	$(LN_S) $(srcdir)/../lib/com_err/com_err.h .
+com_right.h:
+	$(LN_S) $(srcdir)/../lib/com_err/com_right.h .
+
 des.h:
 	$(LN_S) $(srcdir)/../lib/des/des.h .
+
 kadm.h:
 	$(LN_S) $(srcdir)/../lib/kadm/kadm.h .
+
 kafs.h:
 	$(LN_S) $(srcdir)/../lib/kafs/kafs.h .
+
 kdc.h:
 	$(LN_S) $(srcdir)/../lib/kdb/kdc.h .
+
 klog.h:
 	$(LN_S) $(srcdir)/../lib/krb/klog.h .
+krb-archaeology.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb-archaeology.h .
+krb-protos.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb-protos.h .
 krb.h:
 	$(LN_S) $(srcdir)/../lib/krb/krb.h .
-resolve.h:
-	$(LN_S) $(srcdir)/../lib/krb/resolve.h .
-krb_db.h:
-	$(LN_S) $(srcdir)/../lib/kdb/krb_db.h .
 prot.h:
 	$(LN_S) $(srcdir)/../lib/krb/prot.h .
 
-protos.h:
-	$(LN_S) $(srcdir)/protos.H protos.h
-roken.h:
-	$(LN_S) $(srcdir)/../lib/roken/roken.h .
-xdbm.h:
-	$(LN_S) $(srcdir)/../lib/roken/xdbm.h .
+krb_db.h:
+	$(LN_S) $(srcdir)/../lib/kdb/krb_db.h .
+krb_log.h:
+	$(LN_S) $(srcdir)/../lib/krb/krb_log.h .
 
 otp.h:
 	$(LN_S) $(srcdir)/../lib/otp/otp.h .
 
+base64.h:
+	$(LN_S) $(srcdir)/../lib/roken/base64.h .
+err.h:
+	$(LN_S) $(srcdir)/../lib/roken/err.h .
+fnmatch.h:
+	$(LN_S) $(srcdir)/../lib/roken/fnmatch.h .
+getarg.h:
+	$(LN_S) $(srcdir)/../lib/roken/getarg.h .
+glob.h:
+	$(LN_S) $(srcdir)/../lib/roken/glob.h .
+parse_time.h:
+	$(LN_S) $(srcdir)/../lib/roken/parse_time.h .
+resolve.h:
+	$(LN_S) $(srcdir)/../lib/roken/resolve.h .
+roken-common.h:
+	$(LN_S) $(srcdir)/../lib/roken/roken-common.h .
+xdbm.h:
+	$(LN_S) $(srcdir)/../lib/roken/xdbm.h .
+
 sl.h:
 	$(LN_S) $(srcdir)/../lib/sl/sl.h .
 
-ktypes$(EXECSUFFIX):	$(KTYPES_OBJECTS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KTYPES_OBJECTS)
+protos.h:
+	$(LN_S) $(srcdir)/protos.H protos.h
+
+bits$(EXECSUFFIX):	$(BITS_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(BITS_OBJECTS)
 
-ktypes.o: ktypes.c
+bits.o: bits.c
 
-ktypes.h:	ktypes$(EXECSUFFIX)
-	./ktypes$(EXECSUFFIX) > $@
+ktypes.h: bits$(EXECSUFFIX)
+	./bits$(EXECSUFFIX) $@
 
 stamp-headers: Makefile
-	$(MAKE) $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS)
+	$(MAKE) $(HEADERS) $(LOCL_HEADERS)
 	touch stamp-headers
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/include/bits.c b/crypto/kerberosIV/include/bits.c
new file mode 100644
index 0000000..81c0051
--- /dev/null
+++ b/crypto/kerberosIV/include/bits.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: bits.c,v 1.5 1999/07/06 04:19:26 assar Exp $");
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#ifndef HAVE_STRUPR
+static void
+strupr(char *s)
+{
+    unsigned char *p = (unsigned char *)s;
+    while(*p){
+	if(islower(*p))
+	    *p = toupper(*p);
+	p++;
+    }
+}
+#endif /* HAVE_STRUPR */
+
+#define BITSIZE(TYPE)						\
+{								\
+    int b = 0; TYPE x = 1, zero = 0; char *pre = "u_";		\
+    char tmp[128], tmp2[128];					\
+    while(x){ x <<= 1; b++; if(x < zero) pre=""; }		\
+    if(b >= len){						\
+        int tabs;						\
+	sprintf(tmp, "%sint%d_t" , pre, len);			\
+	sprintf(tmp2, "typedef %s %s;", #TYPE, tmp);		\
+	strupr(tmp);						\
+	tabs = 5 - strlen(tmp2) / 8;				\
+        fprintf(f, "%s", tmp2);					\
+	while(tabs-- > 0) fprintf(f, "\t");			\
+	fprintf(f, "/* %2d bits */\n", b);			\
+        return;                                                 \
+    }								\
+}
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+static void
+try_signed(FILE *f, int len)  __attribute__ ((unused));
+
+static void
+try_unsigned(FILE *f, int len) __attribute__ ((unused));
+
+static void
+try_signed(FILE *f, int len)
+{
+    BITSIZE(signed char);
+    BITSIZE(short);
+    BITSIZE(int);
+    BITSIZE(long);
+#ifdef HAVE_LONG_LONG
+    BITSIZE(long long);
+#endif
+    fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static void
+try_unsigned(FILE *f, int len)
+{
+    BITSIZE(unsigned char);
+    BITSIZE(unsigned short);
+    BITSIZE(unsigned int);
+    BITSIZE(unsigned long);
+#ifdef HAVE_LONG_LONG
+    BITSIZE(unsigned long long);
+#endif
+    fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static int
+print_bt(FILE *f, int flag)
+{
+    if(flag == 0){
+	fprintf(f, "/* For compatibility with various type definitions */\n");
+	fprintf(f, "#ifndef __BIT_TYPES_DEFINED__\n");
+	fprintf(f, "#define __BIT_TYPES_DEFINED__\n");
+	fprintf(f, "\n");
+    }
+    return 1;
+}
+
+int main(int argc, char **argv)
+{
+    FILE *f;
+    int flag;
+    char *fn, *hb;
+    
+    if(argc < 2){
+	fn = "bits.h";
+	hb = "__BITS_H__";
+	f = stdout;
+    } else {
+	char *p;
+	fn = argv[1];
+	hb = malloc(strlen(fn) + 5);
+	sprintf(hb, "__%s__", fn);
+	for(p = hb; *p; p++){
+	    if(!isalnum((unsigned char)*p))
+		*p = '_';
+	}
+	f = fopen(argv[1], "w");
+    }
+    fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST);
+    fprintf(f, "   %*s    %s */\n\n", (int)strlen(fn), "", 
+	    "$Id: bits.c,v 1.5 1999/07/06 04:19:26 assar Exp $");
+    fprintf(f, "#ifndef %s\n", hb);
+    fprintf(f, "#define %s\n", hb);
+    fprintf(f, "\n");
+#ifdef HAVE_SYS_TYPES_H
+    fprintf(f, "#include <sys/types.h>\n");
+#endif
+#ifdef HAVE_INTTYPES_H
+    fprintf(f, "#include <inttypes.h>\n");
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+    fprintf(f, "#include <sys/bitypes.h>\n");
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+    fprintf(f, "#include <netinet/in6_machtypes.h>\n");
+#endif
+    fprintf(f, "\n");
+
+    flag = 0;
+#ifndef HAVE_INT8_T
+    flag = print_bt(f, flag);
+    try_signed (f, 8);
+#endif /* HAVE_INT8_T */
+#ifndef HAVE_INT16_T
+    flag = print_bt(f, flag);
+    try_signed (f, 16);
+#endif /* HAVE_INT16_T */
+#ifndef HAVE_INT32_T
+    flag = print_bt(f, flag);
+    try_signed (f, 32);
+#endif /* HAVE_INT32_T */
+#if 0
+#ifndef HAVE_INT64_T
+    flag = print_bt(f, flag);
+    try_signed (f, 64);
+#endif /* HAVE_INT64_T */
+#endif
+
+#ifndef HAVE_U_INT8_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 8);
+#endif /* HAVE_INT8_T */
+#ifndef HAVE_U_INT16_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 16);
+#endif /* HAVE_U_INT16_T */
+#ifndef HAVE_U_INT32_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 32);
+#endif /* HAVE_U_INT32_T */
+#if 0
+#ifndef HAVE_U_INT64_T
+    flag = print_bt(f, flag);
+    try_unsigned (f, 64);
+#endif /* HAVE_U_INT64_T */
+#endif
+
+    if(flag){
+	fprintf(f, "\n");
+	fprintf(f, "#endif /* __BIT_TYPES_DEFINED__ */\n\n");
+    }
+    fprintf(f, "#endif /* %s */\n", hb);
+    return 0;
+}
diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in
index 826dc76..3108078 100644
--- a/crypto/kerberosIV/include/config.h.in
+++ b/crypto/kerberosIV/include/config.h.in
@@ -25,6 +25,9 @@
 /* Define if your struct stat has st_blksize.  */
 #undef HAVE_ST_BLKSIZE
 
+/* Define as __inline if that's what the C compiler calls it.  */
+#undef inline
+
 /* Define to `long' if <sys/types.h> doesn't define.  */
 #undef off_t
 
@@ -68,112 +71,6 @@
 /* Define if the X Window System is missing or not being used.  */
 #undef X_DISPLAY_MISSING
 
-/*  Define this if RETSIGTYPE == void  */
-#undef VOID_RETSIGTYPE
-
-/*  Define this if struct utmp have ut_user  */
-#undef HAVE_UT_USER
-
-/*  Define this if struct utmp have ut_host  */
-#undef HAVE_UT_HOST
-
-/*  Define this if struct utmp have ut_addr  */
-#undef HAVE_UT_ADDR
-
-/*  Define this if struct utmp have ut_type  */
-#undef HAVE_UT_TYPE
-
-/*  Define this if struct utmp have ut_pid  */
-#undef HAVE_UT_PID
-
-/*  Define this if struct utmp have ut_id  */
-#undef HAVE_UT_ID
-
-/*  Define this if struct utmpx have ut_syslen  */
-#undef HAVE_UT_SYSLEN
-
-/*  Define this if struct winsize is declared in sys/termios.h */
-#undef HAVE_STRUCT_WINSIZE
-
-/*  Define this if struct winsize have ws_xpixel */
-#undef HAVE_WS_XPIXEL
-
-/*  Define this if struct winsize have ws_ypixel */
-#undef HAVE_WS_YPIXEL
-
-/*  Define this to be the directory where the dictionary for cracklib */
-/*  resides */
-#undef DICTPATH
-
-/* Define this if you want to use SOCKS v5 */
-#undef SOCKS
-
-/* Define this to the path of the mail spool directory */
-#undef KRB4_MAILDIR
-
-/* Define this if `struct sockaddr' includes sa_len */
-#undef SOCKADDR_HAS_SA_LEN
-
-/* Define this if `struct siaentity' includes ouid */
-#undef SIAENTITY_HAS_OUID
-
-/* Define if getlogin has POSIX flavour, as opposed to BSD */
-#undef POSIX_GETLOGIN
-
-/* Define if getpwnam_r has POSIX flavour */
-#undef POSIX_GETPWNAM_R
-
-/* define if getcwd() is broken (such as in SunOS) */
-#undef BROKEN_GETCWD
-
-/* define if the system is missing a prototype for crypt() */
-#undef NEED_CRYPT_PROTO
-
-/* define if the system is missing a prototype for strtok_r() */
-#undef NEED_STRTOK_R_PROTO
-
-/* define if /bin/ls takes -A */
-#undef HAVE_LS_A
-
-/* define if you have h_errno */
-#undef HAVE_H_ERRNO
-
-/* define if you have h_errlist but not hstrerror */
-#undef HAVE_H_ERRLIST
-
-/* define if you have h_nerr but not hstrerror */
-#undef HAVE_H_NERR
-
-/* define if your system doesn't declare h_errlist */
-#undef HAVE_H_ERRLIST_DECLARATION
-
-/* define if your system doesn't declare h_nerr */
-#undef HAVE_H_NERR_DECLARATION
-
-/* define this if you need a declaration for h_errno */
-#undef HAVE_H_ERRNO_DECLARATION
-
-/* define if you need a declaration for optarg */
-#undef HAVE_OPTARG_DECLARATION
-
-/* define if you need a declaration for optind */
-#undef HAVE_OPTIND_DECLARATION
-
-/* define if you need a declaration for opterr */
-#undef HAVE_OPTERR_DECLARATION
-
-/* define if you need a declaration for optopt */
-#undef HAVE_OPTOPT_DECLARATION
-
-/* define if you need a declaration for __progname */
-#undef HAVE___PROGNAME_DECLARATION
-
-/* Define if you have the XauReadAuth function.  */
-#undef HAVE_XAUREADAUTH
-
-/* Define if you have the XauWriteAuth function.  */
-#undef HAVE_XAUWRITEAUTH
-
 /* Define if you have the _getpty function.  */
 #undef HAVE__GETPTY
 
@@ -192,17 +89,26 @@
 /* Define if you have the asprintf function.  */
 #undef HAVE_ASPRINTF
 
+/* Define if you have the atexit function.  */
+#undef HAVE_ATEXIT
+
+/* Define if you have the cap_set_proc function.  */
+#undef HAVE_CAP_SET_PROC
+
 /* Define if you have the chown function.  */
 #undef HAVE_CHOWN
 
+/* Define if you have the chroot function.  */
+#undef HAVE_CHROOT
+
+/* Define if you have the crypt function.  */
+#undef HAVE_CRYPT
+
 /* Define if you have the daemon function.  */
 #undef HAVE_DAEMON
 
-/* Define if you have the dbm_firstkey function.  */
-#undef HAVE_DBM_FIRSTKEY
-
-/* Define if you have the dbopen function.  */
-#undef HAVE_DBOPEN
+/* Define if you have the dlopen function.  */
+#undef HAVE_DLOPEN
 
 /* Define if you have the dn_expand function.  */
 #undef HAVE_DN_EXPAND
@@ -216,6 +122,9 @@
 /* Define if you have the errx function.  */
 #undef HAVE_ERRX
 
+/* Define if you have the fattach function.  */
+#undef HAVE_FATTACH
+
 /* Define if you have the fchmod function.  */
 #undef HAVE_FCHMOD
 
@@ -228,6 +137,9 @@
 /* Define if you have the flock function.  */
 #undef HAVE_FLOCK
 
+/* Define if you have the fnmatch function.  */
+#undef HAVE_FNMATCH
+
 /* Define if you have the forkpty function.  */
 #undef HAVE_FORKPTY
 
@@ -243,6 +155,15 @@
 /* Define if you have the getdtablesize function.  */
 #undef HAVE_GETDTABLESIZE
 
+/* Define if you have the getegid function.  */
+#undef HAVE_GETEGID
+
+/* Define if you have the geteuid function.  */
+#undef HAVE_GETEUID
+
+/* Define if you have the getgid function.  */
+#undef HAVE_GETGID
+
 /* Define if you have the gethostbyname function.  */
 #undef HAVE_GETHOSTBYNAME
 
@@ -252,6 +173,9 @@
 /* Define if you have the getlogin function.  */
 #undef HAVE_GETLOGIN
 
+/* Define if you have the getmsg function.  */
+#undef HAVE_GETMSG
+
 /* Define if you have the getopt function.  */
 #undef HAVE_GETOPT
 
@@ -264,6 +188,9 @@
 /* Define if you have the getpwnam_r function.  */
 #undef HAVE_GETPWNAM_R
 
+/* Define if you have the getrlimit function.  */
+#undef HAVE_GETRLIMIT
+
 /* Define if you have the getservbyname function.  */
 #undef HAVE_GETSERVBYNAME
 
@@ -279,6 +206,9 @@
 /* Define if you have the gettimeofday function.  */
 #undef HAVE_GETTIMEOFDAY
 
+/* Define if you have the gettosbyname function.  */
+#undef HAVE_GETTOSBYNAME
+
 /* Define if you have the getudbnam function.  */
 #undef HAVE_GETUDBNAM
 
@@ -327,6 +257,12 @@
 /* Define if you have the odm_initialize function.  */
 #undef HAVE_ODM_INITIALIZE
 
+/* Define if you have the on_exit function.  */
+#undef HAVE_ON_EXIT
+
+/* Define if you have the parsetos function.  */
+#undef HAVE_PARSETOS
+
 /* Define if you have the ptsname function.  */
 #undef HAVE_PTSNAME
 
@@ -345,6 +281,9 @@
 /* Define if you have the readline function.  */
 #undef HAVE_READLINE
 
+/* Define if you have the readv function.  */
+#undef HAVE_READV
+
 /* Define if you have the res_search function.  */
 #undef HAVE_RES_SEARCH
 
@@ -402,8 +341,11 @@
 /* Define if you have the setutent function.  */
 #undef HAVE_SETUTENT
 
-/* Define if you have the snprintf function.  */
-#undef HAVE_SNPRINTF
+/* Define if you have the sgi_getcapabilitybyname function.  */
+#undef HAVE_SGI_GETCAPABILITYBYNAME
+
+/* Define if you have the sigaction function.  */
+#undef HAVE_SIGACTION
 
 /* Define if you have the socket function.  */
 #undef HAVE_SOCKET
@@ -423,9 +365,18 @@
 /* Define if you have the strlwr function.  */
 #undef HAVE_STRLWR
 
+/* Define if you have the strncasecmp function.  */
+#undef HAVE_STRNCASECMP
+
+/* Define if you have the strndup function.  */
+#undef HAVE_STRNDUP
+
 /* Define if you have the strnlen function.  */
 #undef HAVE_STRNLEN
 
+/* Define if you have the strsep function.  */
+#undef HAVE_STRSEP
+
 /* Define if you have the strtok_r function.  */
 #undef HAVE_STRTOK_R
 
@@ -435,6 +386,12 @@
 /* Define if you have the swab function.  */
 #undef HAVE_SWAB
 
+/* Define if you have the sysconf function.  */
+#undef HAVE_SYSCONF
+
+/* Define if you have the sysctl function.  */
+#undef HAVE_SYSCTL
+
 /* Define if you have the syslog function.  */
 #undef HAVE_SYSLOG
 
@@ -477,6 +434,9 @@
 /* Define if you have the vsnprintf function.  */
 #undef HAVE_VSNPRINTF
 
+/* Define if you have the vsyslog function.  */
+#undef HAVE_VSYSLOG
+
 /* Define if you have the vwarn function.  */
 #undef HAVE_VWARN
 
@@ -489,6 +449,18 @@
 /* Define if you have the warnx function.  */
 #undef HAVE_WARNX
 
+/* Define if you have the writev function.  */
+#undef HAVE_WRITEV
+
+/* Define if you have the XauFileName function.  */
+#undef HAVE_XAUFILENAME
+
+/* Define if you have the XauReadAuth function.  */
+#undef HAVE_XAUREADAUTH
+
+/* Define if you have the XauWriteAuth function.  */
+#undef HAVE_XAUWRITEAUTH
+
 /* Define if you have the yp_get_default_domain function.  */
 #undef HAVE_YP_GET_DEFAULT_DOMAIN
 
@@ -504,18 +476,24 @@
 /* Define if you have the <arpa/telnet.h> header file.  */
 #undef HAVE_ARPA_TELNET_H
 
-/* Define if you have the <bind/bitypes.h> header file.  */
-#undef HAVE_BIND_BITYPES_H
-
 /* Define if you have the <bsd/bsd.h> header file.  */
 #undef HAVE_BSD_BSD_H
 
 /* Define if you have the <bsdsetjmp.h> header file.  */
 #undef HAVE_BSDSETJMP_H
 
+/* Define if you have the <capability.h> header file.  */
+#undef HAVE_CAPABILITY_H
+
 /* Define if you have the <crypt.h> header file.  */
 #undef HAVE_CRYPT_H
 
+/* Define if you have the <curses.h> header file.  */
+#undef HAVE_CURSES_H
+
+/* Define if you have the <db.h> header file.  */
+#undef HAVE_DB_H
+
 /* Define if you have the <dbm.h> header file.  */
 #undef HAVE_DBM_H
 
@@ -525,18 +503,33 @@
 /* Define if you have the <err.h> header file.  */
 #undef HAVE_ERR_H
 
+/* Define if you have the <errno.h> header file.  */
+#undef HAVE_ERRNO_H
+
 /* Define if you have the <fcntl.h> header file.  */
 #undef HAVE_FCNTL_H
 
+/* Define if you have the <fnmatch.h> header file.  */
+#undef HAVE_FNMATCH_H
+
 /* Define if you have the <grp.h> header file.  */
 #undef HAVE_GRP_H
 
+/* Define if you have the <inttypes.h> header file.  */
+#undef HAVE_INTTYPES_H
+
 /* Define if you have the <io.h> header file.  */
 #undef HAVE_IO_H
 
 /* Define if you have the <lastlog.h> header file.  */
 #undef HAVE_LASTLOG_H
 
+/* Define if you have the <libutil.h> header file.  */
+#undef HAVE_LIBUTIL_H
+
+/* Define if you have the <limits.h> header file.  */
+#undef HAVE_LIMITS_H
+
 /* Define if you have the <login.h> header file.  */
 #undef HAVE_LOGIN_H
 
@@ -588,6 +581,9 @@
 /* Define if you have the <rpcsvc/dbm.h> header file.  */
 #undef HAVE_RPCSVC_DBM_H
 
+/* Define if you have the <rpcsvc/ypclnt.h> header file.  */
+#undef HAVE_RPCSVC_YPCLNT_H
+
 /* Define if you have the <sac.h> header file.  */
 #undef HAVE_SAC_H
 
@@ -603,18 +599,21 @@
 /* Define if you have the <signal.h> header file.  */
 #undef HAVE_SIGNAL_H
 
+/* Define if you have the <standards.h> header file.  */
+#undef HAVE_STANDARDS_H
+
 /* Define if you have the <stropts.h> header file.  */
 #undef HAVE_STROPTS_H
 
 /* Define if you have the <sys/bitypes.h> header file.  */
 #undef HAVE_SYS_BITYPES_H
 
+/* Define if you have the <sys/capability.h> header file.  */
+#undef HAVE_SYS_CAPABILITY_H
+
 /* Define if you have the <sys/category.h> header file.  */
 #undef HAVE_SYS_CATEGORY_H
 
-/* Define if you have the <sys/cdefs.h> header file.  */
-#undef HAVE_SYS_CDEFS_H
-
 /* Define if you have the <sys/file.h> header file.  */
 #undef HAVE_SYS_FILE_H
 
@@ -639,6 +638,9 @@
 /* Define if you have the <sys/proc.h> header file.  */
 #undef HAVE_SYS_PROC_H
 
+/* Define if you have the <sys/pty.h> header file.  */
+#undef HAVE_SYS_PTY_H
+
 /* Define if you have the <sys/ptyio.h> header file.  */
 #undef HAVE_SYS_PTYIO_H
 
@@ -711,6 +713,12 @@
 /* Define if you have the <syslog.h> header file.  */
 #undef HAVE_SYSLOG_H
 
+/* Define if you have the <term.h> header file.  */
+#undef HAVE_TERM_H
+
+/* Define if you have the <termcap.h> header file.  */
+#undef HAVE_TERMCAP_H
+
 /* Define if you have the <termio.h> header file.  */
 #undef HAVE_TERMIO_H
 
@@ -753,29 +761,26 @@
 /* Define if you have the <wait.h> header file.  */
 #undef HAVE_WAIT_H
 
-/* Define if you have the <winsock.h> header file.  */
-#undef HAVE_WINSOCK_H
-
-/* Define if you have the X11 library (-lX11).  */
-#undef HAVE_LIBX11
-
-/* Define if you have the Xau library (-lXau).  */
-#undef HAVE_LIBXAU
-
 /* Define if you have the c_r library (-lc_r).  */
 #undef HAVE_LIBC_R
 
 /* Define if you have the cfg library (-lcfg).  */
 #undef HAVE_LIBCFG
 
+/* Define if you have the crypt library (-lcrypt).  */
+#undef HAVE_LIBCRYPT
+
+/* Define if you have the curses library (-lcurses).  */
+#undef HAVE_LIBCURSES
+
+/* Define if you have the dl library (-ldl).  */
+#undef HAVE_LIBDL
+
 /* Define if you have the edit library (-ledit).  */
 #undef HAVE_LIBEDIT
 
-/* Define if you have the gdbm library (-lgdbm).  */
-#undef HAVE_LIBGDBM
-
-/* Define if you have the ndbm library (-lndbm).  */
-#undef HAVE_LIBNDBM
+/* Define if you have the ncurses library (-lncurses).  */
+#undef HAVE_LIBNCURSES
 
 /* Define if you have the nsl library (-lnsl).  */
 #undef HAVE_LIBNSL
@@ -804,6 +809,250 @@
 /* Define if you have the util library (-lutil).  */
 #undef HAVE_LIBUTIL
 
+/* Define if you have the X11 library (-lX11).  */
+#undef HAVE_LIBX11
+
+/* Define if you have the Xau library (-lXau).  */
+#undef HAVE_LIBXAU
+
+/* Name of package */
+#undef PACKAGE
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to what version of SunOS you are running. */
+#undef SunOS
+
+/* Define if you have the socks package. */
+#undef SOCKS
+
+/* Define to enable old kdestroy behavior. */
+#undef LEGACY_KDESTROY
+
+/* Define if you want to match subdomains. */
+#undef MATCH_SUBDOMAINS
+
+/* Define this to be the directory where the 
+	dictionary for cracklib resides. */
+#undef DICTPATH
+
+/* Define this to the path of the mail spool directory. */
+#undef KRB4_MAILDIR
+
+/* Define this to the kerberos database directory. */
+#undef DB_DIR
+
+/* Define to enable new master key code. */
+#undef RANDOM_MKEY
+
+/* Define this to the location of the master key. */
+#undef MKEYFILE
+
+/* Define to enable basic OSF C2 support. */
+#undef HAVE_OSFC2
+
+/* Define if you don't want to use mmap. */
+#undef NO_MMAP
+
+/* Define if you don't wan't support for AFS. */
+#undef NO_AFS
+
+/* Set this to the type of des-quad-cheksum to use. */
+#undef DES_QUAD_DEFAULT
+
+/* Define if you have the readline package. */
+#undef READLINE
+
+/* Define if you have the hesiod package. */
+#undef HESIOD
+
+/* define if your compiler has __attribute__ */
+#undef HAVE___ATTRIBUTE__
+
+/* Huh? */
+#undef HAVE_STRANGE_INT8_T
+
+/* Define if NDBM really is DB (creates files ending in .db). */
+#undef HAVE_NEW_DB
+
+/* Define if you have NDBM (and not DBM) */
+#undef NDBM
+
+/* define if you have a working snprintf */
+#undef HAVE_SNPRINTF
+
+/* define if the system is missing a prototype for snprintf() */
+#undef NEED_SNPRINTF_PROTO
+
+/* define if you have a glob() that groks 
+	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE */
+#undef HAVE_GLOB
+
+/* define if the system is missing a prototype for glob() */
+#undef NEED_GLOB_PROTO
+
+/* Define if getpwnam_r has POSIX flavour. */
+#undef POSIX_GETPWNAM_R
+
+/* Define if getlogin has POSIX flavour (and not BSD). */
+#undef POSIX_GETLOGIN
+
+/* define if the system is missing a prototype for hstrerror() */
+#undef NEED_HSTRERROR_PROTO
+
+/* define if the system is missing a prototype for gethostname() */
+#undef NEED_GETHOSTNAME_PROTO
+
+/* define if the system is missing a prototype for mkstemp() */
+#undef NEED_MKSTEMP_PROTO
+
+/* define if the system is missing a prototype for inet_aton() */
+#undef NEED_INET_ATON_PROTO
+
+/* Define if realloc(NULL, X) doesn't work. */
+#undef BROKEN_REALLOC
+
+/* Define if getcwd is broken (like in SunOS 4). */
+#undef BROKEN_GETCWD
+
+/* define if prototype of gethostbyname is compatible with
+	struct hostent *gethostbyname(const char *) */
+#undef GETHOSTBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of gethostbyaddr is compatible with
+	struct hostent *gethostbyaddr(const void *, size_t, int) */
+#undef GETHOSTBYADDR_PROTO_COMPATIBLE
+
+/* define if prototype of getservbyname is compatible with
+	struct servent *getservbyname(const char *, const char *) */
+#undef GETSERVBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of openlog is compatible with
+	void openlog(const char *, int, int) */
+#undef OPENLOG_PROTO_COMPATIBLE
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for fclose() */
+#undef NEED_FCLOSE_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if the system is missing a prototype for strsep() */
+#undef NEED_STRSEP_PROTO
+
+/* define if the system is missing a prototype for getusershell() */
+#undef NEED_GETUSERSHELL_PROTO
+
+/* define if the system is missing a prototype for utime() */
+#undef NEED_UTIME_PROTO
+
+/* define if you have h_errno */
+#undef HAVE_H_ERRNO
+
+/* define if your system declares h_errno */
+#undef HAVE_H_ERRNO_DECLARATION
+
+/* define if you have h_errlist */
+#undef HAVE_H_ERRLIST
+
+/* define if your system declares h_errlist */
+#undef HAVE_H_ERRLIST_DECLARATION
+
+/* define if you have h_nerr */
+#undef HAVE_H_NERR
+
+/* define if your system declares h_nerr */
+#undef HAVE_H_NERR_DECLARATION
+
+/* define if you have __progname */
+#undef HAVE___PROGNAME
+
+/* define if your system declares __progname */
+#undef HAVE___PROGNAME_DECLARATION
+
+/* define if your system declares optarg */
+#undef HAVE_OPTARG_DECLARATION
+
+/* define if your system declares optind */
+#undef HAVE_OPTIND_DECLARATION
+
+/* define if your system declares opterr */
+#undef HAVE_OPTERR_DECLARATION
+
+/* define if your system declares optopt */
+#undef HAVE_OPTOPT_DECLARATION
+
+/* define if your system declares environ */
+#undef HAVE_ENVIRON_DECLARATION
+
+/* Define if RETSIGTYPE == void. */
+#undef VOID_RETSIGTYPE
+
+/* Define if struct utmp has field ut_addr. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR
+
+/* Define if struct utmp has field ut_host. */
+#undef HAVE_STRUCT_UTMP_UT_HOST
+
+/* Define if struct utmp has field ut_id. */
+#undef HAVE_STRUCT_UTMP_UT_ID
+
+/* Define if struct utmp has field ut_pid. */
+#undef HAVE_STRUCT_UTMP_UT_PID
+
+/* Define if struct utmp has field ut_type. */
+#undef HAVE_STRUCT_UTMP_UT_TYPE
+
+/* Define if struct utmp has field ut_user. */
+#undef HAVE_STRUCT_UTMP_UT_USER
+
+/* Define if struct utmpx has field ut_exit. */
+#undef HAVE_STRUCT_UTMPX_UT_EXIT
+
+/* Define if struct utmpx has field ut_syslen. */
+#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
+
+/* define if you have struct spwd */
+#undef HAVE_STRUCT_SPWD
+
+/* define if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* define if struct winsize has ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* define if struct winsize has ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define this to what the type ssize_t should be. */
+#undef ssize_t
+
+/* Define if struct sockaddr has field sa_len. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Define if SIAENTITY has field ouid. */
+#undef HAVE_SIAENTITY_OUID
+
+/* Define if you have a working getmsg. */
+#undef HAVE_GETMSG
+
+/* Define if el_init takes four arguments. */
+#undef HAVE_FOUR_VALUED_EL_INIT
+
+/* Define if you have a readline function. */
+#undef HAVE_READLINE
+
+/* Define if you have working stream ptys. */
+#undef STREAMSPTY
+
+/* Define if /bin/ls has a `-A' flag. */
+#undef HAVE_LS_A
+
+
 #undef HAVE_INT8_T
 #undef HAVE_INT16_T
 #undef HAVE_INT32_T
@@ -813,6 +1062,13 @@
 #undef HAVE_U_INT32_T
 #undef HAVE_U_INT64_T
 
+/* This for compat with heimdal (or something) */
+#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
+
+#define HAVE_KRB_ENABLE_DEBUG 1
+
+#define HAVE_KRB_DISABLE_DEBUG 1
+
 #define RCSID(msg) \
 static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 
@@ -850,20 +1106,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #define MaxHostNameLen (64+4)
 #define MaxPathLen (1024+4)
 
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc).  If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
 /* ftp stuff -------------------------------------------------- */
 
 #define KERBEROS
 
 /* telnet stuff ----------------------------------------------- */
 
+/* define this for OTP support */
+#undef OTP
+
 /* define this if you have kerberos 4 */
 #undef KRB4
 
@@ -898,9 +1149,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 /* Used with login -p */
 #undef LOGIN_ARGS
 
-/* Define if there are working stream ptys */
-#undef STREAMSPTY
-
 /* set this to a sensible login */
 #ifndef LOGIN_PATH
 #define LOGIN_PATH BINDIR "/login"
@@ -909,27 +1157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 
 /* ------------------------------------------------------------ */
 
-/*
- * Define this if your ndbm-library really is berkeley db and creates
- * files that ends in .db.
- */
-#undef HAVE_NEW_DB
-
-/* Define this if you have a working getmsg */
-#undef HAVE_GETMSG
-
-/* Define to enable new master key code */
-#undef RANDOM_MKEY
-
-/* Location of the master key file, default value lives in <kdc.h> */
-#undef MKEYFILE
-
-/* Define if you don't want support for afs, might be a good idea on
-   AIX if you don't have afs */
-#undef NO_AFS
-
-/* Define if you have a readline compatible library */
-#undef HAVE_READLINE
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) isoc_realloc((X), (Y))
+#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
+#endif
 
 #ifdef VOID_RETSIGTYPE
 #define SIGRETURN(x) return
@@ -937,37 +1168,25 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #define SIGRETURN(x) return (RETSIGTYPE)(x)
 #endif
 
-/* Define this if your compiler supports '#pragma weak' */
-#undef HAVE_PRAGMA_WEAK
-
 /* Temporary fixes for krb_{rd,mk}_safe */
 #define DES_QUAD_GUESS 0
 #define DES_QUAD_NEW 1
 #define DES_QUAD_OLD 2
 
-/* Set this to one of the constants above to specify default checksum
-   type to emit */
-#undef DES_QUAD_DEFAULT
+/*
+ * All these are system-specific defines that I would rather not have at all.
+ */
 
 /*
  * AIX braindamage!
  */
 #if _AIX
 #define _ALL_SOURCE
-#define _POSIX_SOURCE
-/* this is left for hysteric reasons :-) */
-#define unix /* well, ok... */
-#endif
-
-/*
- * SunOS braindamage! (Sun include files are generally braindead)
- */
-#if (defined(sun) || defined(__sun))
-#if defined(__svr4__) || defined(__SVR4)
-#define SunOS 5
-#else
-#define SunOS 4
-#endif
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
 #endif
 
 #if defined(__sgi) || defined(sgi)
@@ -982,3 +1201,21 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #if IRIX == 4 && !defined(__STDC__)
 #define __STDC__ 0
 #endif
+
+/*
+ * Defining this enables lots of useful (and used) extensions on
+ * glibc-based systems such as Linux
+ */
+
+#define _GNU_SOURCE
+
+/* some strange OS/2 stuff.  From <d96-mst@nada.kth.se> */
+
+#ifdef __EMX__
+#define _EMX_TCPIP
+#define MAIL_USE_SYSTEM_LOCK
+#endif
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
diff --git a/crypto/kerberosIV/include/protos.H b/crypto/kerberosIV/include/protos.H
new file mode 100644
index 0000000..c72575d
--- /dev/null
+++ b/crypto/kerberosIV/include/protos.H
@@ -0,0 +1,282 @@
+/* -*- C -*-
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Add here functions that don't have a prototype on your system.
+ *
+ * $Id: protos.H,v 1.45 1998/09/26 21:01:27 joda Exp $
+ */
+
+#ifdef NEED_CRYPT_PROTO
+char *crypt(const char*, const char*);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r (char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTOPT_DECLARATION
+extern int optopt;
+#endif
+
+#if defined(__GNUC__) && SunOS == 4
+
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+/* To get struct sockaddr, struct in_addr and struct hostent */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+/* To get struct stat */
+#include <sys/stat.h>
+
+/* To get struct utimbuf */
+#include <utime.h>
+
+#if !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT)
+#define atexit(X) on_exit(X, NULL)
+#define HAVE_ATEXIT 1
+#endif
+#ifdef NEED_UTIME_PROTO
+int utime(const char *, const struct utimbuf *);
+#endif
+int syscall(int, ...);
+pid_t getpid(void);
+int ftruncate(int, off_t);
+int fchmod(int, mode_t);
+int fchown(int fd, int owner, int group);
+int fsync(int);
+int seteuid(uid_t);
+int setreuid(int, int);
+int flock(int, int);
+int gettimeofday(struct timeval *tp, struct timezone *tzp);
+int lstat(const char *, struct stat *);
+int ioctl(int, int, void *); 
+int getpriority(int which, int who);
+int setpriority(int which, int who, int priority);
+int getdtablesize(void);
+int initgroups(const char *name, int basegid);
+long ulimit(int cmd, long newlimit);
+int vhangup(void);
+
+int sigblock(int);
+int sigsetmask(int);
+int setitimer(int which, struct itimerval *value, struct itimerval *ovalue);
+
+int munmap(caddr_t addr, int len);
+
+int socket(int, int, int);
+int setsockopt(int, int, int, void *, int);
+int bind(int, void *, int);
+int getsockname(int, struct sockaddr *, int *);
+int accept(int, struct sockaddr *, int *);
+int connect(int, struct sockaddr *, int);
+int listen(int, int);
+int recv(int s, void *buf, int len, int flags);
+int recvfrom(int, char *, int, int, void *, int *);
+int sendto(int, const char *, int, int, void *, int);
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int shutdown(int, int);
+int getpeername(int, struct sockaddr *, int *);
+int getsockopt(int, int, int, void *, int *);
+int send(int s, const void *msg, int len, int flags);
+struct strbuf;
+int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags);
+
+char *inet_ntoa(struct in_addr in);
+unsigned long inet_addr(const char *cp);
+int gethostname(char *, int);
+struct hostent *gethostbyname(const char *);
+int dn_expand(const u_char *msg,
+	      const u_char *eomorig,
+	      const u_char *comp_dn,
+	      char *exp_dn,
+	      int length);
+int res_search(const char *dname,
+	       int class,
+	       int type,
+	       u_char *answer,
+	       int anslen);
+
+int yp_get_default_domain (char **outdomain);
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+char *getwd(char *pathname);
+
+void bzero(char *b, int length);
+int strcasecmp(const char *, const char *);
+void swab(const char *, char *, int);
+int atoi(const char *str);
+char *mktemp(char *);
+void srandom(int seed);
+int random(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport(int *);
+int openlog(const char *ident, int logopt, int facility);
+int syslog(int priority, const char *message, ...);
+int ttyslot(void);
+
+char *getpass(const char *);
+
+char *getusershell(void);
+void setpwent();
+void endpwent();
+
+#include <stdio.h>
+int fclose(FILE *);
+
+#endif /* SunOS4 */
+
+#if SunOS == 5
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+char *getusershell(void);
+char *strtok_r(char *, const char *, char **);
+int getpriority (int which, id_t who);
+int setpriority (int which, id_t who, int prio);
+int getdtablesize (void);
+char *getusershell(void);
+void setusershell(void);
+void endusershell(void);
+
+#if defined(__GNUC__)
+
+int syscall(int, ...);
+int gethostname(char *, int);
+
+struct timeval;
+int gettimeofday(struct timeval *tp, void *);
+
+#endif
+#endif
+
+#if defined(__osf__) /* OSF/1 */
+
+#if 0
+/* To get type fd_set */
+#include <sys/types.h>
+#include <sys/time.h>
+
+int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+int fsync(int fildes);
+int gethostname(char *address, int address_len);
+int setreuid(int ruid, int euid);
+int ioctl(int d, unsigned long request, void * arg);
+#endif
+int flock(int fildes, int operation);
+int syscall(int, ...);
+
+unsigned short htons(unsigned short hostshort);
+unsigned int   htonl(unsigned int hostint);
+unsigned short ntohs(unsigned short netshort);
+unsigned int   ntohl(unsigned int netint);
+
+char *mktemp(char *template);
+char *getusershell(void);
+
+int rcmd(char **, unsigned short, char *, char *, char *, int *);
+int rresvport (int *port);
+
+#endif /* OSF/1 */
+
+#if defined(__sgi)
+#include <sys/types.h>
+
+char *ptsname(int fd);
+struct spwd *getspuid(uid_t);
+#endif /* IRIX */
+
+#if defined(__GNUC__) && defined(_AIX) /* AIX */
+
+struct timeval;
+struct timezone;
+int gettimeofday (struct timeval *Tp, void *Tzp);
+
+#endif /* AIX */
+
+#if defined(__GNUC__) && defined(__hpux) /* HP-UX */
+
+int syscall(int, ...);
+
+int vhangup(void);
+
+char *ptsname(int fildes);
+
+void utmpname(const char *file);
+
+int innetgr(const char *netgroup, const char *machine,
+	    const char *user, const char *domain);
+
+int dn_comp(char *exp_dn, char *comp_dn, int length,
+	    char **dnptrs, char **lastdnptr);
+
+int res_query(char *dname, int class, int type,
+	      unsigned char *answer, int anslen);
+
+int dn_expand(char *msg, char *eomorig, char *comp_dn,
+	      char *exp_dn, int length);
+
+int res_search(char *dname, int class, int type,
+	       unsigned char *answer, int anslen);
+
+#endif /* HP-UX */
+
+#if defined(WIN32)	/* Visual C++ 4.0 (Windows95/NT) */
+
+int open(const char *, int, ...);
+int close(int);
+int	read(int, void *, unsigned int);
+int write(int, const void *, unsigned int);
+
+#endif /* WIN32 */
diff --git a/crypto/kerberosIV/include/sys/Makefile.in b/crypto/kerberosIV/include/sys/Makefile.in
index d6a58e0..cee60af 100644
--- a/crypto/kerberosIV/include/sys/Makefile.in
+++ b/crypto/kerberosIV/include/sys/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.18 1997/05/11 04:29:47 assar Exp $
+# $Id: Makefile.in,v 1.22 1998/03/15 05:57:53 assar Exp $
 
 srcdir		= @srcdir@
 VPATH		= @srcdir@
@@ -12,11 +12,11 @@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 
 prefix		= @prefix@
 includedir	= @includedir@
-HAVE_CDEFS	= @ac_cv_header_sys_cdefs_h@
+BROKEN_SOCKET_H	= @krb_cv_header_sys_socket_h_broken@
 
 @SET_MAKE@
 
-HEADERS = cdefs.h
+HEADERS = socket.h
 
 all: stamp-headers
 
@@ -24,15 +24,8 @@ Wall:
 	$(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 install: all
-	$(MKINSTALLDIRS) $(includedir)/sys
-	-if test "$(HAVE_CDEFS)" != yes; then \
-	  $(INSTALL_DATA) cdefs.h $(includedir)/sys/cdefs.h ; \
-	fi
 
 uninstall:
-	-if test "$(HAVE_CDEFS)" != yes; then \
-	  rm -f $(includedir)/sys/cdefs.h ; \
-	fi
 
 clean:
 	rm -f $(HEADERS) stamp-headers
@@ -43,11 +36,13 @@ distclean:	clean
 
 realclean:	clean
 
-cdefs.h:
-	if test "$(HAVE_CDEFS)" != yes; then \
-	  $(LN_S) ${srcdir}/cdefs.H cdefs.h; \
+socket.h:
+	if test "$(BROKEN_SOCKET_H)" = yes; then \
+	  $(LN_S) $(srcdir)/socket.x socket.h; \
 	fi || true
 
 stamp-headers:
 	$(MAKE) $(HEADERS)
 	touch stamp-headers
+
+.PHONY: all Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/include/sys/socket.x b/crypto/kerberosIV/include/sys/socket.x
new file mode 100644
index 0000000..d5678c8
--- /dev/null
+++ b/crypto/kerberosIV/include/sys/socket.x
@@ -0,0 +1,7 @@
+/* fix for broken ultrix sys/socket.h. */
+#ifndef __SOCKET_H__
+#define __SOCKET_H__
+
+#include "/usr/include/sys/socket.h"
+
+#endif /* __SOCKET_H__ */
diff --git a/crypto/kerberosIV/kadmin/Makefile.in b/crypto/kerberosIV/kadmin/Makefile.in
index 947248e..0227ad6 100644
--- a/crypto/kerberosIV/kadmin/Makefile.in
+++ b/crypto/kerberosIV/kadmin/Makefile.in
@@ -1,18 +1,20 @@
-# $Id: Makefile.in,v 1.37 1997/05/02 17:50:35 assar Exp $
+# $Id: Makefile.in,v 1.47 1999/03/10 19:01:13 joda Exp $
 
 SHELL = /bin/sh
 
 srcdir = @srcdir@
 VPATH = @srcdir@
 
-topdir=..
+top_builddir=..
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 LN_S = @LN_S@
 DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 
 LIB_tgetent = @LIB_tgetent@
@@ -43,11 +45,11 @@ PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC)
 
 SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \
           admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \
-	  new_pwd.c
+	  new_pwd.c random_password.c
 
 OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \
           admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \
-	  new_pwd.o
+	  new_pwd.o random_password.o
 
 all: $(PROGS)
 
@@ -55,32 +57,32 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(bindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
 	for x in $(PROG_BIN); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
-	$(MKINSTALLDIRS) $(sbindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
 	for x in $(PROG_SBIN); do \
-	  $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \
 	done
-	$(MKINSTALLDIRS) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
 	for x in $(PROG_LIBEXEC); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 	@rm -f $(prefix)/sbin/kadmin
 
 uninstall:
 	for x in $(PROG_BIN); do \
-	  rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 	for x in $(PROG_SBIN); do \
-	  rm -f $(sbindir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(sbindir)/`echo $$x | sed '$(transform)'`; \
 	done
 	for x in $(PROG_LIBEXEC); do \
-	  rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -99,27 +101,25 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
-KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../util/et -lcom_err
+KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/com_err -lcom_err
 LIBROKEN=-L../lib/roken -lroken
 
 kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
-kadmin$(EXECSUFFIX): kadmin.o new_pwd.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ new_pwd.o kadmin.o -L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/sl -lsl -L../util/et -lcom_err $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN)
+kadmin_OBJECTS = kadmin.o new_pwd.o random_password.o
+
+kadmin$(EXECSUFFIX): $(kadmin_OBJECTS)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(kadmin_OBJECTS) $(KLIB) -L../lib/sl -lsl $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN)
 
 KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o
 
 kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS)
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS)
 
 ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS)
 
 $(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c
index 2654c77..6421ac6 100644
--- a/crypto/kerberosIV/kadmin/admin_server.c
+++ b/crypto/kerberosIV/kadmin/admin_server.c
@@ -1,4 +1,4 @@
-/* 
+/*
   Copyright (C) 1989 by the Massachusetts Institute of Technology
 
    Export of this software from the United States of America is assumed
@@ -30,7 +30,7 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: admin_server.c,v 1.41 1997/05/27 15:52:53 bg Exp $");
+RCSID("$Id: admin_server.c,v 1.47 1999/07/07 12:41:07 assar Exp $");
 
 /* Almost all procs and such need this, so it is global */
 admin_params prm;		/* The command line parameters struct */
@@ -40,7 +40,7 @@ char *acldir = DEFAULT_ACL_DIR;
 static char krbrlm[REALM_SZ];
 
 static unsigned pidarraysize = 0;
-static int *pidarray = (int *)0;
+static int *pidarray = NULL;
 
 static int exit_now = 0;
 
@@ -138,15 +138,19 @@ process_client(int fd, struct sockaddr_in *who)
     int dat_len;
     u_short dlen;
     int retval;
-    int on = 1;
     Principal service;
     des_cblock skey;
     int more;
     int status;
 
 #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0)
-	krb_log("setsockopt keepalive: %d",errno);
+    {
+	int on = 1;
+	    
+	if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
+		       (void *)&on, sizeof(on)) < 0)
+	    krb_log("setsockopt keepalive: %d",errno);
+    }
 #endif
 
     server_parm.recv_addr = *who;
@@ -158,18 +162,20 @@ process_client(int fd, struct sockaddr_in *who)
     /* need to set service key to changepw.KRB_MASTER */
 
     status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service,
-			    1, &more);
+				1, &more);
     if (status == -1) {
       /* db locked */
-      int32_t retcode = KADM_DB_INUSE;
       char *pdat;
       
-      dat_len = KADM_VERSIZE + sizeof(retcode);
-      dat = (u_char *) malloc((unsigned)dat_len);
+      dat_len = KADM_VERSIZE + 4;
+      dat = (u_char *) malloc(dat_len);
+      if (dat == NULL) {
+	  krb_log("malloc failed");
+	  cleanexit(4);
+      }
       pdat = (char *) dat;
-      retcode = htonl((u_int32_t) KADM_DB_INUSE);
-      strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
-      memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode));
+      memcpy(pdat, KADM_ULOSE, KADM_VERSIZE);
+      krb_put_int (KADM_DB_INUSE, pdat + KADM_VERSIZE, 4, 4);
       goto out;
     } else if (!status) {
       krb_log("no service %s.%s",server_parm.sname, server_parm.sinst);
@@ -185,6 +191,15 @@ process_client(int fd, struct sockaddr_in *who)
     memset(skey, 0, sizeof(skey));
 
     while (1) {
+	void *errpkt;
+
+	errpkt = malloc(KADM_VERSIZE + 4);
+	if (errpkt == NULL) {
+	    krb_log("malloc: no memory");
+	    close(fd);
+	    cleanexit(4);
+	}
+
 	if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) !=
 	    sizeof(u_short)) {
 	    if (retval < 0)
@@ -199,7 +214,7 @@ process_client(int fd, struct sockaddr_in *who)
 	}
 	dat_len = ntohs(dlen);
 	dat = (u_char *) malloc(dat_len);
-	if (!dat) {
+	if (dat == NULL) {
 	    krb_log("malloc: No memory");
 	    close(fd);
 	    cleanexit(4);
@@ -215,7 +230,7 @@ process_client(int fd, struct sockaddr_in *who)
     	if (exit_now) {
 	    cleanexit(0);
 	}
-	if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS)
+	if ((retval = kadm_ser_in(&dat, &dat_len, errpkt)) != KADM_SUCCESS)
 	    krb_log("processing request: %s", error_message(retval));
     
 	/* kadm_ser_in did the processing and returned stuff in
@@ -307,6 +322,8 @@ kadm_listen(void)
 #ifndef DEBUG
 	    /* if you want a sep daemon for each server */
 	    if ((pid = fork())) {
+		void *tmp;
+
 		/* parent */
 		if (pid < 0) {
 		    krb_log("fork: %s",error_message(errno));
@@ -315,12 +332,14 @@ kadm_listen(void)
 		}
 		/* fork succeded: keep tabs on child */
 		close(peer_fd);
-		if (pidarray) {
-		    pidarray = (int *)realloc(pidarray, ++pidarraysize);
-		    pidarray[pidarraysize-1] = pid;
+		tmp = realloc(pidarray,
+			      (pidarraysize + 1) * sizeof(*pidarray));
+		if(tmp == NULL) {
+		    krb_log ("malloc: no memory. pid %u on its own",
+			     (unsigned)pid);
 		} else {
-		    pidarray = (int *)malloc(pidarraysize = 1);
-		    pidarray[0] = pid;
+		    pidarray = tmp;
+		    pidarray[pidarraysize++] = pid;
 		}
 	    } else {
 		/* child */
@@ -356,18 +375,20 @@ main(int argc, char **argv)		/* admin_server main routine */
 {
     int errval;
     int c;
+    struct in_addr i_addr;
 
     set_progname (argv[0]);
 
     umask(077);		/* Create protected files */
 
+    i_addr.s_addr = INADDR_ANY;
     /* initialize the admin_params structure */
     prm.sysfile = KADM_SYSLOG;		/* default file name */
     prm.inter = 0;
 
     memset(krbrlm, 0, sizeof(krbrlm));
 
-    while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != EOF)
+    while ((c = getopt(argc, argv, "f:hmnd:a:r:i:")) != EOF)
 	switch(c) {
 	case 'f':			/* Syslog file name change */
 	    prm.sysfile = optarg;
@@ -388,15 +409,22 @@ main(int argc, char **argv)		/* admin_server main routine */
 		      optarg, error_message(errval));
 	    break;
 	case 'r':
-	    strncpy(krbrlm, optarg, sizeof(krbrlm) - 1);
+	    strcpy_truncate (krbrlm, optarg, sizeof(krbrlm));
+	    break;
+	case 'i':
+	    /* Only listen on this address */
+	    if(inet_aton (optarg, &i_addr) == 0) {
+		fprintf (stderr, "Bad address: %s\n", optarg);
+		exit (1);
+	    }
 	    break;
 	case 'h':			/* get help on using admin_server */
 	default:
-	    errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]");
+	    errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on]");
 	}
 
     if (krbrlm[0] == 0)
-	if (krb_get_lrealm(krbrlm, 0) != KSUCCESS)
+	if (krb_get_lrealm(krbrlm, 1) != KSUCCESS)
 	    errx (1, "Unable to get local realm.  Fix krb.conf or use -r.");
 
     printf("KADM Server %s initializing\n",KADM_VERSTR);
@@ -414,7 +442,7 @@ main(int argc, char **argv)		/* admin_server main routine */
 	byebye();
     }
     /* set up the server_parm struct */
-    if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) {
+    if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr))==KADM_SUCCESS) {
 	kerb_fini();			/* Close the Kerberos database--
 					   will re-open later */
 	errval = kadm_listen();		/* listen for calls to server from
diff --git a/crypto/kerberosIV/kadmin/kadm_funcs.c b/crypto/kerberosIV/kadmin/kadm_funcs.c
index 34a34b0..378d0d7 100644
--- a/crypto/kerberosIV/kadmin/kadm_funcs.c
+++ b/crypto/kerberosIV/kadmin/kadm_funcs.c
@@ -30,7 +30,7 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $");
+RCSID("$Id: kadm_funcs.c,v 1.17 1998/06/09 19:24:53 joda Exp $");
 
 static int
 check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype)
@@ -94,8 +94,14 @@ kadm_add_entry (char *rname, char *rinstance, char *rrealm,
   
     char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
 
-    strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
-    strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+    strcpy_truncate(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strcpy_truncate(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
 
     krb_log("ADD: %s by %s", victim, admin);
 
@@ -118,8 +124,8 @@ kadm_add_entry (char *rname, char *rinstance, char *rrealm,
     }
 
     kadm_vals_to_prin(valsin->fields, &data_i, valsin);
-    strncpy(data_i.name, valsin->name, ANAME_SZ);
-    strncpy(data_i.instance, valsin->instance, INST_SZ);
+    strcpy_truncate(data_i.name, valsin->name, ANAME_SZ);
+    strcpy_truncate(data_i.instance, valsin->instance, INST_SZ);
 
     if (!IS_FIELD(KADM_EXPDATE,valsin->fields))
 	data_i.exp_date = default_princ.exp_date;
@@ -153,9 +159,9 @@ kadm_add_entry (char *rname, char *rinstance, char *rrealm,
     } else {
 	data_i.key_version++;
 	data_i.kdc_key_ver = server_parm.master_key_version;
-	strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1);
-	strncpy(data_i.mod_instance, rinstance,
-		sizeof(data_i.mod_instance)-1);
+	strcpy_truncate(data_i.mod_name, rname, sizeof(data_i.mod_name));
+	strcpy_truncate(data_i.mod_instance, rinstance,
+			sizeof(data_i.mod_instance));
 
 	numfound = kerb_put_principal(&data_i, 1);
 	if (numfound == -1) {
@@ -189,8 +195,14 @@ kadm_delete_entry (char *rname, char *rinstance, char *rrealm,
 
     char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
     
-    strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
-    strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+    strcpy_truncate(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strcpy_truncate(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
 
     krb_log("DELETE: %s by %s", victim, admin);
 
@@ -232,8 +244,14 @@ kadm_get_entry (char *rname, char *rinstance, char *rrealm,
     
     char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
     
-    strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
-    strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+    strcpy_truncate(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strcpy_truncate(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
     
     krb_log("GET: %s by %s", victim, admin);
 
@@ -272,8 +290,14 @@ kadm_mod_entry (char *rname, char *rinstance, char *rrealm,
 
     char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ];
     
-    strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
-    strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL));
+    strcpy_truncate(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
+    strcpy_truncate(victim,
+		    krb_unparse_name_long(valsin->name,
+					  valsin->instance,
+					  NULL),
+		    sizeof(victim));
     
     krb_log("MOD: %s by %s", victim, admin);
 
@@ -292,8 +316,8 @@ kadm_mod_entry (char *rname, char *rinstance, char *rrealm,
 	failmod(KADM_DB_INUSE);
     } else if (numfound) {
 	kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2);
-	strncpy(data_o.name, valsin->name, ANAME_SZ);
-	strncpy(data_o.instance, valsin->instance, INST_SZ);
+	strcpy_truncate(data_o.name, valsin->name, ANAME_SZ);
+	strcpy_truncate(data_o.instance, valsin->instance, INST_SZ);
 	if (IS_FIELD(KADM_EXPDATE,valsin2->fields))
 	    data_o.exp_date = temp_key.exp_date;
 	if (IS_FIELD(KADM_ATTR,valsin2->fields))
@@ -320,9 +344,9 @@ kadm_mod_entry (char *rname, char *rinstance, char *rrealm,
 	}
 	memset(&temp_key, 0, sizeof(temp_key));
 
-	strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
-	strncpy(data_o.mod_instance, rinstance,
-		sizeof(data_o.mod_instance)-1);
+	strcpy_truncate(data_o.mod_name, rname, sizeof(data_o.mod_name));
+	strcpy_truncate(data_o.mod_instance, rinstance,
+			sizeof(data_o.mod_instance));
 	more = kerb_put_principal(&data_o, 1);
 
 	memset(&data_o, 0, sizeof(data_o));
@@ -363,7 +387,9 @@ kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw)
 
     char admin[MAX_K_NAME_SZ];
     
-    strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm));
+    strcpy_truncate(admin,
+		    krb_unparse_name_long(rname, rinstance, rrealm),
+		    sizeof(admin));
     
     krb_log("CHANGE: %s", admin);
 
@@ -390,9 +416,9 @@ kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw)
 	copy_from_key(local_pw, &data_o.key_low, &data_o.key_high);
 	data_o.key_version++;
 	data_o.kdc_key_ver = server_parm.master_key_version;
-	strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1);
-	strncpy(data_o.mod_instance, rinstance,
-		sizeof(data_o.mod_instance)-1);
+	strcpy_truncate(data_o.mod_name, rname, sizeof(data_o.mod_name));
+	strcpy_truncate(data_o.mod_instance, rinstance,
+			sizeof(data_o.mod_instance));
 	more = kerb_put_principal(&data_o, 1);
 	memset(local_pw, 0, sizeof(local_pw));
 	memset(&data_o, 0, sizeof(data_o));
diff --git a/crypto/kerberosIV/kadmin/kadm_locl.h b/crypto/kerberosIV/kadmin/kadm_locl.h
index 07f9093..44708d9 100644
--- a/crypto/kerberosIV/kadmin/kadm_locl.h
+++ b/crypto/kerberosIV/kadmin/kadm_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kadm_locl.h,v 1.25 1997/05/20 18:40:43 bg Exp $ */
+/* $Id: kadm_locl.h,v 1.30 1998/11/18 19:44:05 assar Exp $ */
 
 #include "config.h"
 #include "protos.h"
@@ -94,6 +94,9 @@
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
 
 #ifdef HAVE_SYSLOG_H
 #include <syslog.h>
@@ -103,6 +106,9 @@
 
 #ifdef SOCKS
 #include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
 #endif
 
 #include <roken.h>
@@ -118,6 +124,8 @@
 #include <kadm_err.h>
 #include <acl.h>
 
+#include <krb_log.h>
+
 #include "kadm_server.h"
 #include "pw_check.h"
 
@@ -129,20 +137,23 @@ extern char *acldir;
 extern Kadm_Server server_parm;
 
 /* Utils */
-int kadm_change __P((char *, char *, char *, des_cblock));
-int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *));
-int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *));
-int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *));
-int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *));
-int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *));
-int kadm_ser_init __P((int inter, char realm[]));
-int kadm_ser_in __P((u_char **, int *));
-
-int get_pw_new_pwd  __P((char *pword, int pwlen, krb_principal *pr, int print_realm));
+int kadm_change (char *, char *, char *, des_cblock);
+int kadm_add_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *);
+int kadm_mod_entry (char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *);
+int kadm_get_entry (char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *);
+int kadm_delete_entry (char *, char *, char *, Kadm_vals *);
+int kadm_ser_cpw (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_add (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_mod (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_get (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_delete (u_char *, int, AUTH_DAT *, u_char **, int *);
+int kadm_ser_init (int inter, char realm[], struct in_addr);
+int kadm_ser_in (u_char **, int *, u_char *);
+
+int get_pw_new_pwd  (char *pword, int pwlen, krb_principal *pr, int print_realm);
 
 /* cracklib */
-char *FascistCheck __P((char *password, char *path, char **strings));
+char *FascistCheck (char *password, char *path, char **strings);
+
+void
+random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high);
diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
index 6909a9f..c95af04 100644
--- a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
+++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
@@ -30,7 +30,7 @@ unwraps wrapped packets and calls the appropriate server subroutine
 
 #include "kadm_locl.h"
 
-RCSID("$Id: kadm_ser_wrap.c,v 1.20 1997/05/02 10:29:14 joda Exp $");
+RCSID("$Id: kadm_ser_wrap.c,v 1.24 1998/06/13 00:45:52 assar Exp $");
 
 /* GLOBAL */
 Kadm_Server server_parm;
@@ -40,21 +40,27 @@ kadm_ser_init
 set up the server_parm structure
 */
 int
-kadm_ser_init(int inter, char *realm)
-          			/* interactive or from file */
-             
+kadm_ser_init(int inter,	/* interactive or from file */
+	      char *realm,
+	      struct in_addr addr)
 {
   struct hostent *hp;
   char hostname[MaxHostNameLen];
 
   init_kadm_err_tbl();
   init_krb_err_tbl();
-  if (k_gethostname(hostname, sizeof(hostname)))
+  if (gethostname(hostname, sizeof(hostname)))
       return KADM_NO_HOSTNAME;
 
-  strcpy(server_parm.sname, PWSERV_NAME);
-  strcpy(server_parm.sinst, KRB_MASTER);
-  strcpy(server_parm.krbrlm, realm);
+  strcpy_truncate(server_parm.sname,
+		  PWSERV_NAME,
+		  sizeof(server_parm.sname));
+  strcpy_truncate(server_parm.sinst,
+		  KRB_MASTER,
+		  sizeof(server_parm.sinst));
+  strcpy_truncate(server_parm.krbrlm,
+		  realm,
+		  sizeof(server_parm.krbrlm));
 
   server_parm.admin_fd = -1;
   /* setting up the addrs */
@@ -66,7 +72,7 @@ kadm_ser_init(int inter, char *realm)
   server_parm.admin_addr.sin_family = AF_INET;
   if ((hp = gethostbyname(hostname)) == NULL)
       return KADM_NO_HOSTNAME;
-  server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY;
+  server_parm.admin_addr.sin_addr = addr;
 				/* setting up the database */
   if (kdb_get_master_key((inter==1), &server_parm.master_key,
 			 server_parm.master_key_schedule) != 0)
@@ -78,19 +84,18 @@ kadm_ser_init(int inter, char *realm)
   return KADM_SUCCESS;
 }
 
-static void errpkt(u_char **dat, int *dat_len, int code)
-{
-    u_int32_t retcode;
-    char *pdat;
+/*
+ *
+ */
 
+static void
+errpkt(u_char *errdat, u_char **dat, int *dat_len, int code)
+{
     free(*dat);			/* free up req */
-    *dat_len = KADM_VERSIZE + sizeof(u_int32_t);
-    *dat = (u_char *) malloc((unsigned)*dat_len);
-    pdat = (char *) *dat;
-    retcode = htonl((u_int32_t) code);
-    strncpy(pdat, KADM_ULOSE, KADM_VERSIZE);
-    memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t));
-    return;
+    *dat_len = KADM_VERSIZE + 4;
+    memcpy(errdat, KADM_ULOSE, KADM_VERSIZE);
+    krb_put_int (code, errdat + KADM_VERSIZE, 4, 4);
+    *dat = errdat;
 }
 
 /*
@@ -98,7 +103,7 @@ kadm_ser_in
 unwrap the data stored in dat, process, and return it.
 */
 int
-kadm_ser_in(u_char **dat, int *dat_len)
+kadm_ser_in(u_char **dat, int *dat_len, u_char *errdat)
 {
     u_char *in_st;			/* pointer into the sent packet */
     int in_len,retc;			/* where in packet we are, for
@@ -113,7 +118,7 @@ kadm_ser_in(u_char **dat, int *dat_len)
     int retval, retlen;
 
     if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
-	errpkt(dat, dat_len, KADM_BAD_VER);
+	errpkt(errdat, dat, dat_len, KADM_BAD_VER);
 	return KADM_BAD_VER;
     }
     in_len = KADM_VERSIZE;
@@ -128,7 +133,7 @@ kadm_ser_in(u_char **dat, int *dat_len)
     if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst,
 			  server_parm.recv_addr.sin_addr.s_addr, &ad, NULL)))
     {
-	errpkt(dat, dat_len,retc + krb_err_base);
+	errpkt(errdat, dat, dat_len, retc + krb_err_base);
 	return retc + krb_err_base;
     }
 
@@ -142,7 +147,7 @@ kadm_ser_in(u_char **dat, int *dat_len)
 #endif
     if (ncksum!=ad.checksum) {		/* yow, are we correct yet */
 	clr_cli_secrets();
-	errpkt(dat, dat_len,KADM_BAD_CHK);
+	errpkt(errdat, dat, dat_len, KADM_BAD_CHK);
 	return KADM_BAD_CHK;
     }
 #ifdef NOENCRYPTION
@@ -154,7 +159,7 @@ kadm_ser_in(u_char **dat, int *dat_len)
 				 &server_parm.recv_addr,
 				 &server_parm.admin_addr, &msg_st))) {
 	clr_cli_secrets();
-	errpkt(dat, dat_len,retc + krb_err_base);
+	errpkt(errdat, dat, dat_len, retc + krb_err_base);
 	return retc + krb_err_base;
     }
     switch (msg_st.app_data[0]) {
@@ -180,24 +185,31 @@ kadm_ser_in(u_char **dat, int *dat_len)
 	break;
     default:
 	clr_cli_secrets();
-	errpkt(dat, dat_len, KADM_NO_OPCODE);
+	errpkt(errdat, dat, dat_len, KADM_NO_OPCODE);
 	return KADM_NO_OPCODE;
     }
     /* Now seal the response back into a priv msg */
+    tmpdat = (u_char *) malloc(retlen + KADM_VERSIZE + 4);
+    if (tmpdat == NULL) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NOMEM);
+	return KADM_NOMEM;
+    }
     free(*dat);
-    tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE +
-					  sizeof(u_int32_t)));
-    strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE);
-    retval = htonl((u_int32_t)retval);
-    memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t));
+    memcpy(tmpdat, KADM_VERSTR, KADM_VERSIZE);
+    krb_put_int(retval, tmpdat + KADM_VERSIZE, 4, 4);
     if (retlen) {
-        memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat,
-	       retlen);
+        memcpy(tmpdat + KADM_VERSIZE + 4, retdat, retlen);
 	free(retdat);
     }
     /* slop for mk_priv stuff */
-    *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE +
-					 sizeof(u_int32_t) + 200));
+    *dat = (u_char *) malloc(retlen + KADM_VERSIZE +
+			     sizeof(u_int32_t) + 200);
+    if (*dat == NULL) {
+	clr_cli_secrets();
+	errpkt(errdat, dat, dat_len, KADM_NOMEM);
+	return KADM_NOMEM;
+    }
     if ((*dat_len = krb_mk_priv(tmpdat, *dat,
 				(u_int32_t) (retlen + KADM_VERSIZE +
 					  sizeof(u_int32_t)),
@@ -205,7 +217,7 @@ kadm_ser_in(u_char **dat, int *dat_len)
 				&ad.session, &server_parm.admin_addr,
 				&server_parm.recv_addr)) < 0) {
 	clr_cli_secrets();
-	errpkt(dat, dat_len, KADM_NO_ENCRYPT);
+	errpkt(errdat, dat, dat_len, KADM_NO_ENCRYPT);
 	return KADM_NO_ENCRYPT;
     }
     clr_cli_secrets();
diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c
index f117b6b..340a914 100644
--- a/crypto/kerberosIV/kadmin/kadmin.c
+++ b/crypto/kerberosIV/kadmin/kadmin.c
@@ -28,19 +28,24 @@ or implied warranty.
  */
 
 #include "kadm_locl.h"
+#include "getarg.h"
+#include "parse_time.h"
 
-RCSID("$Id: kadmin.c,v 1.48 1997/05/13 09:43:06 bg Exp $");
+RCSID("$Id: kadmin.c,v 1.59.2.1 1999/09/02 08:51:59 joda Exp $");
 
-static void change_password(int argc, char **argv);
-static void change_key(int argc, char **argv);
-static void change_admin_password(int argc, char **argv);
-static void add_new_key(int argc, char **argv);
-static void del_entry(int argc, char **argv);
-static void get_entry(int argc, char **argv);
-static void mod_entry(int argc, char **argv);
-static void help(int argc, char **argv);
-static void clean_up_cmd(int argc, char **argv);
-static void quit_cmd(int argc, char **argv);
+static int change_password(int argc, char **argv);
+static int change_key(int argc, char **argv);
+static int change_admin_password(int argc, char **argv);
+static int add_new_key(int argc, char **argv);
+static int del_entry(int argc, char **argv);
+static int get_entry(int argc, char **argv);
+static int mod_entry(int argc, char **argv);
+static int help(int argc, char **argv);
+static int clean_up_cmd(int argc, char **argv);
+static int quit_cmd(int argc, char **argv);
+static int set_timeout_cmd(int argc, char **argv);
+
+static int set_timeout(const char *);
 
 static SL_cmd cmds[] = {
   {"change_password", change_password, "Change a user's password"},
@@ -59,6 +64,8 @@ static SL_cmd cmds[] = {
   {"get_entry", get_entry, "Get entry from kerberos database"},
   {"mod_entry", mod_entry, "Modify entry in kerberos database"},
   {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"},
+  {"set_timeout", set_timeout_cmd, "Set ticket timeout"},
+  {"timeout" },
   {"exit", quit_cmd, "Exit program"},
   {"quit"},
   {"help", help, "Help"},
@@ -81,7 +88,6 @@ static SL_cmd cmds[] = {
 static krb_principal pr;
 static char default_realm[REALM_SZ]; /* default kerberos realm */
 static char krbrlm[REALM_SZ];	/* current realm being administered */
-static int multiple = 0;	/* Allow multiple requests per ticket */
 
 #ifdef NOENCRYPTION
 #define read_long_pw_string placebo_read_pw_string
@@ -139,31 +145,41 @@ get_attr(Kadm_vals *vals)
     SET_FIELD(KADM_ATTR,vals->fields);
 }
 
+static time_t
+parse_expdate(const char *str)
+{
+    struct tm edate;
+
+    memset(&edate, 0, sizeof(edate));
+    if (sscanf(str, "%d-%d-%d",
+	       &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
+	edate.tm_mon--;     /* January is 0, not 1 */
+	edate.tm_hour = 23; /* nearly midnight at the end of the */
+	edate.tm_min = 59;  /* specified day */
+    }
+    if(krb_check_tm (edate))
+	return -1;
+    edate.tm_year -= 1900;
+    return tm2time (edate, 1);
+}
+
 static void
 get_expdate(Kadm_vals *vals)
 {
     char buff[BUFSIZ];
-    struct tm edate;
+    time_t t;
 
-    memset(&edate, 0, sizeof(edate));
     do {
-        printf("Expiration date (enter yyyy-mm-dd) ?  [%.24s]  ",
-             asctime(k_localtime(&vals->exp_date)));
+	strftime(buff, sizeof(buff), "%Y-%m-%d", k_localtime(&vals->exp_date));
+        printf("Expiration date (enter yyyy-mm-dd) ?  [%s]  ", buff);
         fflush(stdout);
         if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') {
             clearerr(stdin);
             return;
         }
-        if (sscanf(buff, "%d-%d-%d",
-                   &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) {
-            edate.tm_mon--;     /* January is 0, not 1 */
-            edate.tm_hour = 23; /* nearly midnight at the end of the */
-            edate.tm_min = 59;  /* specified day */
-        }
-    } while (krb_check_tm (edate));
-
-    edate.tm_year -= 1900;
-    vals->exp_date = tm2time (edate, 1);
+	t = parse_expdate(buff);
+    }while(t < 0);
+    vals->exp_date = t;
     SET_FIELD(KADM_EXPDATE,vals->fields);
 }
 
@@ -172,9 +188,11 @@ princ_exists(char *name, char *instance, char *realm)
 {
     int status;
 
+    int old = krb_use_admin_server(1);
     status = krb_get_pw_in_tkt(name, instance, realm,
 			       KRB_TICKET_GRANTING_TICKET,
 			       realm, 1, "");
+    krb_use_admin_server(old);
 
     if ((status == KSUCCESS) || (status == INTK_BADPW))
 	return(PE_YES);
@@ -184,15 +202,12 @@ princ_exists(char *name, char *instance, char *realm)
 	return(PE_UNSURE);
 }
 
-static int
-get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
+static void
+passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap)
 {
-    char new_passwd[MAX_KPW_LEN];	/* new password */
     des_cblock newkey;
 
-    if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
-    	return(BAD_PW);
-    if (strlen(new_passwd) == 0) {
+    if (strlen(password) == 0) {
     	printf("Using random password.\n");
 #ifdef NOENCRYPTION
 	memset(newkey, 0, sizeof(newkey));
@@ -203,9 +218,8 @@ get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
 #ifdef NOENCRYPTION
       memset(newkey, 0, sizeof(newkey));
 #else
-      des_string_to_key(new_passwd, &newkey);
+      des_string_to_key(password, &newkey);
 #endif
-      memset(new_passwd, 0, sizeof(new_passwd));
     }
 
     memcpy(low, newkey, 4);
@@ -221,6 +235,17 @@ get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
 	*low = htonl(*low);
 	*high = htonl(*high);
     }
+}
+
+static int
+get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap)
+{
+    char new_passwd[MAX_KPW_LEN];	/* new password */
+
+    if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1))
+    	return(BAD_PW);
+    passwd_to_lowhigh (low, high, new_passwd, byteswap);
+    memset (new_passwd, 0, sizeof(new_passwd));
     return(GOOD_PW);
 }
 
@@ -232,23 +257,23 @@ get_admin_password(void)
     int ticket_life = 1;	/* minimum ticket lifetime */
     CREDENTIALS c;
 
-    if (multiple) {
-	/* If admin tickets exist and are valid, just exit. */
-	memset(&c, 0, sizeof(c));
-	if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
-	    /* 
-	     * If time is less than lifetime - FUDGE_VALUE after issue date,
-	     * tickets will probably last long enough for the next 
-	     * transaction.
-	     */
-	    if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
-		return(KADM_SUCCESS);
-	ticket_life = DEFAULT_TKT_LIFE;
-    }
+    alarm(0);
+    /* If admin tickets exist and are valid, just exit. */
+    memset(&c, 0, sizeof(c));
+    if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS)
+	/* 
+	 * If time is less than lifetime - FUDGE_VALUE after issue date,
+	 * tickets will probably last long enough for the next 
+	 * transaction.
+	 */
+	if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE))
+	    return(KADM_SUCCESS);
+    ticket_life = DEFAULT_TKT_LIFE;
     
     if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) {
         char prompt[256];
-	snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
+	snprintf(prompt, sizeof(prompt), "%s's Password: ", 
+		 krb_unparse_name(&pr));
 	if (read_long_pw_string(admin_passwd,
 				sizeof(admin_passwd)-1,
 				prompt, 0)) {
@@ -259,7 +284,7 @@ get_admin_password(void)
 				   PWSERV_NAME, KADM_SINST,
 				   ticket_life, admin_passwd);
 	memset(admin_passwd, 0, sizeof(admin_passwd));
-
+	
 	/* Initialize non shared random sequence from session key. */
 	memset(&c, 0, sizeof(c));
 	krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c);
@@ -289,107 +314,144 @@ get_admin_password(void)
     return(BAD_PW);
 }
 
-static void
-usage(void)
-{
-    fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]"
-	     " [-m]\n"
-	     "   -m allows multiple admin requests to be "
-	     "serviced with one entry of admin\n"	     
-	     "   password.\n");
-    exit (1);
-}
+static char *principal;
+static char *username;
+static char *realm;
+static char *timeout;
+static int tflag; /* use existing tickets */
+static int mflag; /* compatibility */
+static int version_flag;
+static int help_flag;
+
+static time_t destroy_timeout = 5 * 60;
+
+struct getargs args[] = {
+    { NULL,	'p',	arg_string, &principal, 
+      "principal to authenticate as"},
+    { NULL,	'u',	arg_string, &username, 
+      "username, other than default" },
+    { NULL,	'r',	arg_string, &realm, "local realm" },
+    { NULL,	'm',	arg_flag, &mflag, "disable ticket timeout" },
+    { NULL,	'T',	arg_string, &timeout, "default ticket timeout" },
+    { NULL,	't',	arg_flag, &tflag, "use existing tickets" },
+    { "version",0,	arg_flag, &version_flag },
+    { "help",	'h',	arg_flag, &help_flag },
+};
 
-/* GLOBAL */
-static void
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static int
 clean_up()
 {
-    dest_tkt();
+    if(!tflag)
+	return dest_tkt() == KSUCCESS;
+    return 0; 
 }
 
-static void
+static int
 clean_up_cmd (int argc, char **argv)
 {
     clean_up();
+    return 0;
 }
 
-/* GLOBAL */
-static void 
-quit()
+static int
+quit_cmd (int argc, char **argv)
 {
-    printf("Cleaning up and exiting.\n");
-    clean_up();
-    exit(0);
+    return 1;
 }
 
-static void
-quit_cmd (int argc, char **argv)
+static void 
+usage(int code)
 {
-    quit();
+    arg_printusage(args, num_args, NULL, "[command]");
+    exit(code);
 }
 
-static void
+static int
 do_init(int argc, char **argv)
 {
-    int c;
-    int tflag = 0;
-    char tktstring[MaxPathLen];
-    int k_errno;
-    
+    int optind = 0;
+    int ret;
+
     set_progname (argv[0]);
+    
+    if(getarg(args, num_args, argc, argv, &optind) < 0)
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
 
     memset(&pr, 0, sizeof(pr));
-    if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0)
-	errx (1, "I could not even guess who you might be");
-    while ((c = getopt(argc, argv, "p:u:r:mt")) != EOF) 
-	switch (c) {
-	case 'p':
-	case 'u':
-	    if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS)
-		errx (1, "%s", krb_get_err_text(k_errno));
-	    break;
-	case 'r':
-	    memset(default_realm, 0, sizeof(default_realm));
-	    strncpy(default_realm, optarg, sizeof(default_realm) - 1);
-	    break;
-	case 'm':
-	    multiple++;
-	    break;
-	case 't':
-	    tflag++;
-	    break;
-	default:
-	    usage();
-	    break;
-	}
-    if (optind < argc)
-	usage();
-    strcpy(krbrlm, default_realm);
+    ret = krb_get_default_principal(pr.name, pr.instance, default_realm);
+    if(ret < 0)
+	errx(1, "Can't figure out default principal");
+    if(pr.instance[0] == '\0')
+	strcpy_truncate(pr.instance, "admin", sizeof(pr.instance));
+    if(principal) {
+	if(username)
+	    warnx("Ignoring username when principal is given");
+	ret = krb_parse_name(principal, &pr);
+	if(ret)
+	    errx(1, "%s: %s", principal, krb_get_err_text(ret));
+	if(pr.realm[0] != '\0')
+	    strcpy_truncate(default_realm, pr.realm, sizeof(default_realm));
+    } else if(username) {
+	strcpy_truncate(pr.name, username, sizeof(pr.name));
+	strcpy_truncate(pr.instance, "admin", sizeof(pr.instance));
+    } 
+    
+    if(realm)
+	strcpy_truncate(default_realm, realm, sizeof(default_realm));
+    
+    strcpy_truncate(krbrlm, default_realm, sizeof(krbrlm));
+
+    if(pr.realm[0] == '\0')
+	strcpy_truncate(pr.realm, krbrlm, sizeof(pr.realm));
 
     if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)
 	*krbrlm = '\0';
-    if (pr.realm[0] == '\0')
-	strcpy (pr.realm, krbrlm);
-    if (pr.instance[0] == '\0')
-	strcpy(pr.instance, "admin");
     
-    if (!tflag) {
-	snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid());
+    if(timeout) {
+	if(set_timeout(timeout) == -1)
+	    warnx("bad timespecification `%s'", timeout);
+    } else if(mflag)
+	destroy_timeout = 0;
+
+    if (tflag)
+	destroy_timeout = 0; /* disable timeout */
+    else{
+	char tktstring[128];
+	snprintf(tktstring, sizeof(tktstring),
+		 TKT_ROOT "_adm_%d",(int)getpid());
 	krb_set_tkt_string(tktstring);
     }
-    
+    return optind;
+}
+
+static void
+sigalrm(int sig)
+{
+    if(clean_up())
+	printf("\nTickets destroyed.\n");
 }
 
 int
 main(int argc, char **argv)
 {
-    do_init(argc, argv);
-
-    printf("Welcome to the Kerberos Administration Program, version 2\n");
-    printf("Type \"help\" if you need it.\n");
-    sl_loop (cmds, "kadmin: ");
-    printf("\n");
-    quit();
+    int optind = do_init(argc, argv);
+    if(argc > optind)
+	sl_command(cmds, argc - optind, argv + optind);
+    else {
+	void *data = NULL;
+	signal(SIGALRM, sigalrm);
+	while(sl_command_loop(cmds, "kadmin: ", &data) == 0)
+	    alarm(destroy_timeout);
+    }
+    clean_up();
     exit(0);
 }
 
@@ -409,9 +471,9 @@ setvals(Kadm_vals *vals, char *string)
 	return status;
     }
     if (!realm[0])
-	strcpy(realm, default_realm);
+	strcpy_truncate(realm, default_realm, sizeof(realm));
     if (strcmp(realm, krbrlm)) {
-	strcpy(krbrlm, realm);
+	strcpy_truncate(krbrlm, realm, sizeof(krbrlm));
 	if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) 
 	    != KADM_SUCCESS)
 	    printf("kadm error for realm %s: %s\n", 
@@ -423,20 +485,79 @@ setvals(Kadm_vals *vals, char *string)
 	return KADM_SUCCESS;
 }    
 
-static void 
+static int 
+set_timeout(const char *timespec)
+{
+    int t = parse_time(timespec, "s");
+    if(t == -1)
+	return -1;
+    destroy_timeout = t;
+    return 0;
+}
+
+static int
+set_timeout_cmd(int argc, char **argv)
+{
+    char ts[128];
+    if (argc > 2) {
+	printf("Usage: set_timeout [timeout]\n");
+	return 0;
+    }
+    if(argc == 2) {
+	if(set_timeout(argv[1]) == -1){
+	    printf("Bad time specification `%s'\n", argv[1]);
+	    return 0;
+	}
+    }
+    if(destroy_timeout == 0)
+	printf("Timeout disabled.\n");
+    else{
+	unparse_time(destroy_timeout, ts, sizeof(ts));
+	printf("Timeout after %s.\n", ts);
+    }
+    return 0;
+}
+
+static int 
 change_password(int argc, char **argv)
 {
     Kadm_vals old, new;
     int status;
     char pw_prompt[BUFSIZ];
 
-    if (argc != 2) {
-	printf("Usage: change_password loginname\n");
-	return;
+    char pw[32];
+    int generate_password = 0;
+    int i;
+    int optind = 0;
+    char *user = NULL;
+
+    struct getargs cpw_args[] = {
+	{ "random", 'r', arg_flag, NULL, "generate random password" },
+    };
+    i = 0;
+    cpw_args[i++].value = &generate_password;
+
+    if(getarg(cpw_args, sizeof(cpw_args) / sizeof(cpw_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(cpw_args, 
+		       sizeof(cpw_args) / sizeof(cpw_args[0]), 
+		       "cpw",
+		       "principal");
+	return 0;
     }
 
-    if (setvals(&old, argv[1]) != KADM_SUCCESS)
-	return;
+    argc -= optind;
+    argv += optind;
+
+    if (argc != 1) {
+	printf("Usage: change_password [options] principal\n");
+	return 0;
+    }
+
+    user = argv[0];
+
+    if (setvals(&old, user) != KADM_SUCCESS)
+	return 0;
 
     new = old;
 
@@ -445,30 +566,39 @@ change_password(int argc, char **argv)
     if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
 	/* get the admin's password */
         if (get_admin_password() != GOOD_PW)
-	    return;
+	    return 0;
 
-	/* get the new password */
-	snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]);
+
+	if (generate_password) {
+	    random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
+	} else {
+	    /* get the new password */
+	    snprintf(pw_prompt, sizeof(pw_prompt), 
+		     "New password for %s:", user);
 	
-	if (get_password(&new.key_low, &new.key_high,
-			 pw_prompt, SWAP) == GOOD_PW) {
-	    status = kadm_mod(&old, &new);
-	    if (status == KADM_SUCCESS) {
-		printf("Password changed for %s.\n", argv[1]);
-	    } else {
-		printf("kadmin: %s\nwhile changing password for %s",
-		       error_message(status), argv[1]);
+	    if (get_password(&new.key_low, &new.key_high,
+			     pw_prompt, SWAP) != GOOD_PW) {
+		printf("Error reading password; password unchanged\n");
+		return 0;
 	    }
-	} else
-	    printf("Error reading password; password unchanged\n");
+	}
+
+	status = kadm_mod(&old, &new);
+	if (status == KADM_SUCCESS) {
+	    printf("Password changed for %s.\n", user);
+	    if (generate_password)
+		printf("Password is: %s\n", pw);
+	} else {
+	    printf("kadmin: %s\nwhile changing password for %s",
+		   error_message(status), user);
+	}
+
+	memset(pw, 0, sizeof(pw));
 	memset(&new, 0, sizeof(new));
-	if (!multiple)
-	    clean_up();
-    }
-    else 
+    } else 
 	printf("kadmin: Principal %s does not exist.\n",
 	       krb_unparse_name_long (old.name, old.instance, krbrlm));
-    return;
+    return 0;
 }
 
 static int
@@ -511,7 +641,7 @@ printkey(unsigned char *tkey)
     printf("\n");
 }
 
-static void 
+static int 
 change_key(int argc, char **argv)
 {
     Kadm_vals old, new;
@@ -520,11 +650,11 @@ change_key(int argc, char **argv)
 
     if (argc != 2) {
 	printf("Usage: change_key principal-name\n");
-	return;
+	return 0;
     }
 
     if (setvals(&old, argv[1]) != KADM_SUCCESS)
-	return;
+	return 0;
 
     new = old;
 
@@ -533,7 +663,7 @@ change_key(int argc, char **argv)
     if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) {
 	/* get the admin's password */
         if (get_admin_password() != GOOD_PW)
-	    return;
+	    return 0;
 
 	/* get the new password */
 	printf("New DES key for %s: ", argv[1]);
@@ -555,16 +685,14 @@ change_key(int argc, char **argv)
 	} else
 	    printf("Error reading key; key unchanged\n");
 	memset(&new, 0, sizeof(new));
-	if (!multiple)
-	    clean_up();
     }
     else 
 	printf("kadmin: Principal %s does not exist.\n",
 	       krb_unparse_name_long (old.name, old.instance, krbrlm));
-    return;
+    return 0;
 }
 
-static void 
+static int 
 change_admin_password(int argc, char **argv)
 {
     des_cblock newkey;
@@ -572,9 +700,10 @@ change_admin_password(int argc, char **argv)
     char pword[MAX_KPW_LEN];
     char *pw_msg;
 
+    alarm(0);
     if (argc != 1) {
 	printf("Usage: change_admin_password\n");
-	return;
+	return 0;
     }
     if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) {
 	 des_string_to_key(pword, &newkey);
@@ -588,140 +717,241 @@ change_admin_password(int argc, char **argv)
 	 memset(newkey, 0, sizeof(newkey));
 	 memset(pword, 0, sizeof(pword));
     }
-    if (!multiple)
-	clean_up();
-    return;
+    return 0;
 }
 
-static void 
+void random_password(char*, size_t, u_int32_t*, u_int32_t*);
+
+static int 
 add_new_key(int argc, char **argv)
 {
-    Kadm_vals new;
+    int i;
     char pw_prompt[BUFSIZ];
     int status;
+    int generate_password = 0;
+    char *password = NULL;
+
+    char *expiration_string = NULL;
+    time_t default_expiration = 0;
+    int expiration_set = 0;
+
+    char *life_string = NULL;
+    time_t default_life = 0;
+    int life_set = 0;
+
+    int attributes = -1;
+    int default_attributes = 0;
+    int attributes_set = 0;
+
+    int optind = 0;
+
+    /* XXX remember to update value assignments below */
+    struct getargs add_args[] = {
+	{ "random", 'r', arg_flag, NULL, "generate random password" },
+	{ "password", 'p', arg_string, NULL },
+	{ "life", 'l', arg_string, NULL, "max ticket life" },
+	{ "expiration", 'e', arg_string, NULL, "principal expiration" },
+	{ "attributes", 'a', arg_integer, NULL }
+    };
+    i = 0;
+    add_args[i++].value = &generate_password;
+    add_args[i++].value = &password;
+    add_args[i++].value = &life_string;
+    add_args[i++].value = &expiration_string;
+    add_args[i++].value = &attributes;
+
+
+    if(getarg(add_args, sizeof(add_args) / sizeof(add_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(add_args, 
+		       sizeof(add_args) / sizeof(add_args[0]), 
+		       "add",
+		       "principal ...");
+	return 0;
+    }
 
-    if (argc != 2) {
-	printf("Usage: add_new_key user_name.\n");
-	return;
+    if(expiration_string) {
+	default_expiration = parse_expdate(expiration_string);
+	if(default_expiration < 0)
+	    warnx("Unknown expiration date `%s'", expiration_string);
+	else
+	    expiration_set = 1;
+    }
+    if(life_string) {
+	time_t t = parse_time(life_string, "hour");
+	if(t == -1) 
+	    warnx("Unknown lifetime `%s'", life_string);
+	else {
+	    default_life = krb_time_to_life(0, t);
+	    life_set = 1;
+	}
+    }
+    if(attributes != -1) {
+	default_attributes = attributes;
+	attributes_set = 1;
     }
-    if (setvals(&new, argv[1]) != KADM_SUCCESS)
-	return;
 
-    SET_FIELD(KADM_EXPDATE,new.fields);
-    SET_FIELD(KADM_ATTR,new.fields);
-    SET_FIELD(KADM_MAXLIFE,new.fields);
-    SET_FIELD(KADM_DESKEY,new.fields);
 
-    if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) {
-	Kadm_vals vals;
+    {
+	char default_name[ANAME_SZ + INST_SZ + 1];
+	char old_default[INST_SZ + 1] = "";
+	Kadm_vals new, default_vals;
+	char pw[32];
 	u_char fields[4];
-	char n[ANAME_SZ + INST_SZ + 1];
 
-	/* get the admin's password */
-	if (get_admin_password() != GOOD_PW)
-	    return;
+	for(i = optind; i < argc; i++) {
+	    if (setvals(&new, argv[i]) != KADM_SUCCESS)
+		return 0;
+	    SET_FIELD(KADM_EXPDATE, new.fields);
+	    SET_FIELD(KADM_ATTR, new.fields);
+	    SET_FIELD(KADM_MAXLIFE, new.fields);
+	    SET_FIELD(KADM_DESKEY, new.fields);
+
+	    if (princ_exists(new.name, new.instance, krbrlm) == PE_YES) {
+		printf("kadmin: Principal %s already exists.\n", argv[i]);
+		continue;
+	    }
+	    /* get the admin's password */
+	    if (get_admin_password() != GOOD_PW)
+		return 0;
 	
-	memset(fields, 0, sizeof(fields));
-	SET_FIELD(KADM_NAME,fields);
-	SET_FIELD(KADM_INST,fields);
-	SET_FIELD(KADM_EXPDATE,fields);
-	SET_FIELD(KADM_ATTR,fields);
-	SET_FIELD(KADM_MAXLIFE,fields);
-	snprintf (n, sizeof(n), "default.%s", new.instance);
-	if (setvals(&vals, n) != KADM_SUCCESS)
-	    return;
+	    snprintf (default_name, sizeof(default_name), 
+		      "default.%s", new.instance);
+	    if(strcmp(old_default, default_name) != 0) {
+		memset(fields, 0, sizeof(fields));
+		SET_FIELD(KADM_NAME, fields);
+		SET_FIELD(KADM_INST, fields);
+		SET_FIELD(KADM_EXPDATE, fields);
+		SET_FIELD(KADM_ATTR, fields);
+		SET_FIELD(KADM_MAXLIFE, fields);
+		if (setvals(&default_vals, default_name) != KADM_SUCCESS)
+		    return 0;
+	
+		if (kadm_get(&default_vals, fields) != KADM_SUCCESS) {
+		    /* no such entry, try just `default' */
+		    if (setvals(&default_vals, "default") != KADM_SUCCESS)
+			continue;
+		    if ((status = kadm_get(&default_vals, fields)) != KADM_SUCCESS) {
+			warnx ("kadm error: %s", error_message(status));
+			break; /* no point in continuing */
+		    }
+		}
 
-	if (kadm_get(&vals, fields) != KADM_SUCCESS) {
-	    if (setvals(&vals, "default") != KADM_SUCCESS)
-		return;
-	    if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) {
-		printf ("kadm error: %s\n", error_message(status));
-		return;
+		if (default_vals.max_life == 255) /* Defaults not set! */ {
+		    /* This is the default maximum lifetime for new principals. */
+		    if (strcmp(new.instance, "admin") == 0)
+			default_vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
+		    else if (strcmp(new.instance, "root") == 0)
+			default_vals.max_life = 96;    /* 8 hours */
+		    else if (krb_life_to_time(0, 162) >= 24*60*60)
+			default_vals.max_life = 162;     /* ca 100 hours */
+		    else
+			default_vals.max_life = 255;     /* ca 21 hours (maximum) */
+		
+		    /* Also fix expiration date. */
+		    {
+			time_t now;
+			struct tm tm;
+
+			now = time(0);
+			tm = *gmtime(&now);
+			if (strcmp(new.name, "rcmd") == 0 ||
+			    strcmp(new.name, "ftp")  == 0 ||
+			    strcmp(new.name, "pop")  == 0)
+			    tm.tm_year += 5;
+			else
+			    tm.tm_year += 2;
+			default_vals.exp_date = mktime(&tm);
+		    }		
+		    default_vals.attributes = default_vals.attributes;
+		}
+		if(!life_set)
+		    default_life = default_vals.max_life;
+		if(!expiration_set)
+		    default_expiration = default_vals.exp_date;
+		if(!attributes_set)
+		    default_attributes = default_vals.attributes;
 	    }
-	}
 
-	if (vals.max_life == 255) /* Defaults not set! */ {
-	      /* This is the default maximum lifetime for new principals. */
-	      if (strcmp(new.instance, "admin") == 0)
-		vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */
-	      else if (strcmp(new.instance, "root") == 0)
-		vals.max_life = 96;    /* 8 hours */
-	      else if (krb_life_to_time(0, 162) >= 24*60*60)
-		vals.max_life = 162;     /* ca 100 hours */
-	      else
-		vals.max_life = 255;     /* ca 21 hours (maximum) */
-
-	      /* Also fix expiration date. */
-	      if (strcmp(new.name, "rcmd") == 0)
-		vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */
-	      else
-		vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */
-	}
-
-	new.max_life = vals.max_life;
-	new.exp_date = vals.exp_date;
-	new.attributes = vals.attributes;
-	get_maxlife(&new);
-	get_attr(&new);
-	get_expdate(&new);
-
-	/* get the new password */
-	snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]);
+	    new.max_life = default_life;
+	    new.exp_date = default_expiration;
+	    new.attributes = default_attributes;
+	    if(!life_set)
+		get_maxlife(&new);
+	    if(!attributes_set)
+		get_attr(&new);
+	    if(!expiration_set)
+		get_expdate(&new);
+
+	    if(generate_password) {
+		random_password(pw, sizeof(pw), &new.key_low, &new.key_high);
+	    } else if (password == NULL) {
+		/* get the new password */
+		snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", 
+			 argv[i]);
 	
-	if (get_password(&new.key_low, &new.key_high,
-			 pw_prompt, SWAP) == GOOD_PW) {
+		if (get_password(&new.key_low, &new.key_high,
+				 pw_prompt, SWAP) != GOOD_PW) {
+		    printf("Error reading password: %s not added\n", argv[i]);
+		    memset(&new, 0, sizeof(new));
+		    return 0;
+		}
+	    } else {
+		passwd_to_lowhigh (&new.key_low, &new.key_high, password, SWAP);
+		memset (password, 0, strlen(password));
+	    }
+
 	    status = kadm_add(&new);
 	    if (status == KADM_SUCCESS) {
-		printf("%s added to database.\n", argv[1]);
-	    } else {
+		printf("%s added to database", argv[i]);
+		if (generate_password)
+		    printf (" with password `%s'", pw);
+		printf (".\n");
+	    } else 
 		printf("kadm error: %s\n",error_message(status));
-	    }
-	} else
-	    printf("Error reading password; %s not added\n",argv[1]);
-	memset(&new, 0, sizeof(new));
-	if (!multiple)
-	    clean_up();
+		
+	    memset(pw, 0, sizeof(pw));
+	    memset(&new, 0, sizeof(new));
+	}
     }
-    else
-	printf("kadmin: Principal already exists.\n");
-    return;
+    
+    return 0;
 }
 
-static void 
+static int 
 del_entry(int argc, char **argv)
 {
     int status;
     Kadm_vals vals;
+    int i;
 
-    if (argc != 2) {
-	printf("Usage: del_entry username\n");
-	return;
+    if (argc < 2) {
+	printf("Usage: delete principal...\n");
+	return 0;
     }
 
-    if (setvals(&vals, argv[1]) != KADM_SUCCESS)
-	return;
-
-    if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
-	/* get the admin's password */
-	if (get_admin_password() != GOOD_PW)
-	    return;
+    for(i = 1; i < argc; i++) {
+	if (setvals(&vals, argv[i]) != KADM_SUCCESS)
+	    return 0;
 	
-	if ((status = kadm_del(&vals)) == KADM_SUCCESS){
-	    printf("%s removed from database.\n", argv[1]);
-	} else {
-	    printf("kadm error: %s\n",error_message(status));
+	if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
+	    /* get the admin's password */
+	    if (get_admin_password() != GOOD_PW)
+		return 0;
+	    
+	    if ((status = kadm_del(&vals)) == KADM_SUCCESS)
+		printf("%s removed from database.\n", argv[i]);
+	    else 
+		printf("kadm error: %s\n",error_message(status));
 	}
-	
-	if (!multiple)
-	    clean_up();
+	else
+	    printf("kadmin: Principal %s does not exist.\n",
+		   krb_unparse_name_long (vals.name, vals.instance, krbrlm));
     }
-    else
-	printf("kadmin: Principal %s does not exist.\n",
-	       krb_unparse_name_long (vals.name, vals.instance, krbrlm));
-    return;
+    return 0;
 }
 
-static void 
+static int 
 get_entry(int argc, char **argv)
 {
     int status;
@@ -730,7 +960,7 @@ get_entry(int argc, char **argv)
 
     if (argc != 2) {
 	printf("Usage: get_entry username\n");
-	return;
+	return 0;
     }
 
     memset(fields, 0, sizeof(fields));
@@ -743,103 +973,173 @@ get_entry(int argc, char **argv)
 #if 0
     SET_FIELD(KADM_DESKEY,fields); 
 #endif
+#ifdef EXTENDED_KADM
+    SET_FIELD(KADM_MODDATE, fields);
+    SET_FIELD(KADM_MODNAME, fields);
+    SET_FIELD(KADM_MODINST, fields);
+    SET_FIELD(KADM_KVNO, fields);
+#endif
 
     if (setvals(&vals, argv[1]) != KADM_SUCCESS)
-	return;
+	return 0;
 
 
     if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) {
 	/* get the admin's password */
 	if (get_admin_password() != GOOD_PW)
-	    return;
+	    return 0;
 	
 	if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS)
 	    prin_vals(&vals);
 	else
 	    printf("kadm error: %s\n",error_message(status));
-	
-	if (!multiple)
-	    clean_up();
     }
     else
 	printf("kadmin: Principal %s does not exist.\n",
 	       krb_unparse_name_long (vals.name, vals.instance, krbrlm));
-    return;
+    return 0;
 }
 
-static void 
+static int 
 mod_entry(int argc, char **argv)
 {
     int status;
     u_char fields[4];
     Kadm_vals ovals, nvals;
+    int i;
+
+    char *expiration_string = NULL;
+    time_t default_expiration = 0;
+    int expiration_set = 0;
+
+    char *life_string = NULL;
+    time_t default_life = 0;
+    int life_set = 0;
+
+    int attributes = -1;
+    int default_attributes = 0;
+    int attributes_set = 0;
+
+    int optind = 0;
+
+    /* XXX remember to update value assignments below */
+    struct getargs mod_args[] = {
+	{ "life", 'l', arg_string, NULL, "max ticket life" },
+	{ "expiration", 'e', arg_string, NULL, "principal expiration" },
+	{ "attributes", 'a', arg_integer, NULL }
+    };
+    i = 0;
+    mod_args[i++].value = &life_string;
+    mod_args[i++].value = &expiration_string;
+    mod_args[i++].value = &attributes;
+
+
+    if(getarg(mod_args, sizeof(mod_args) / sizeof(mod_args[0]), 
+	      argc, argv, &optind)){
+	arg_printusage(mod_args, 
+		       sizeof(mod_args) / sizeof(mod_args[0]), 
+		       "mod",
+		       "principal ...");
+	return 0;
+    }
 
-    if (argc != 2) {
-	printf("Usage: mod_entry username\n");
-	return;
+    if(expiration_string) {
+	default_expiration = parse_expdate(expiration_string);
+	if(default_expiration < 0)
+	    warnx("Unknown expiration date `%s'", expiration_string);
+	else
+	    expiration_set = 1;
+    }
+    if(life_string) {
+	time_t t = parse_time(life_string, "hour");
+	if(t == -1) 
+	    warnx("Unknown lifetime `%s'", life_string);
+	else {
+	    default_life = krb_time_to_life(0, t);
+	    life_set = 1;
+	}
+    }
+    if(attributes != -1) {
+	default_attributes = attributes;
+	attributes_set = 1;
     }
 
-    memset(fields, 0, sizeof(fields));
 
-    SET_FIELD(KADM_NAME,fields);
-    SET_FIELD(KADM_INST,fields);
-    SET_FIELD(KADM_EXPDATE,fields);
-    SET_FIELD(KADM_ATTR,fields);
-    SET_FIELD(KADM_MAXLIFE,fields);
+    for(i = optind; i < argc; i++) {
+
+	memset(fields, 0, sizeof(fields));
+
+	SET_FIELD(KADM_NAME,fields);
+	SET_FIELD(KADM_INST,fields);
+	SET_FIELD(KADM_EXPDATE,fields);
+	SET_FIELD(KADM_ATTR,fields);
+	SET_FIELD(KADM_MAXLIFE,fields);
 
-    if (setvals(&ovals, argv[1]) != KADM_SUCCESS)
-	return;
+	if (setvals(&ovals, argv[i]) != KADM_SUCCESS)
+	    return 0;
 
-    nvals = ovals;
+	nvals = ovals;
 
-    if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
-	printf("kadmin: Principal %s does not exist.\n",
-	       krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
-	return;
-    }
+	if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) {
+	    printf("kadmin: Principal %s does not exist.\n",
+		   krb_unparse_name_long (ovals.name, ovals.instance, krbrlm));
+	    return 0;
+	}
 
-    /* get the admin's password */
-    if (get_admin_password() != GOOD_PW)
-	return;
+	/* get the admin's password */
+	if (get_admin_password() != GOOD_PW)
+	    return 0;
 	
-    if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
-	printf("[ unable to retrieve current settings: %s ]\n",
-	    error_message(status));
-	nvals.max_life = DEFAULT_TKT_LIFE;
-	nvals.exp_date = 0;
-	nvals.attributes = 0;
-    } else {
-	nvals.max_life = ovals.max_life;
-	nvals.exp_date = ovals.exp_date;
-	nvals.attributes = ovals.attributes;
+	if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+	    printf("[ unable to retrieve current settings: %s ]\n",
+		   error_message(status));
+	    nvals.max_life = DEFAULT_TKT_LIFE;
+	    nvals.exp_date = 0;
+	    nvals.attributes = 0;
+	} else {
+	    nvals.max_life = ovals.max_life;
+	    nvals.exp_date = ovals.exp_date;
+	    nvals.attributes = ovals.attributes;
     }
 
-    get_maxlife(&nvals);
-    get_attr(&nvals);
-    get_expdate(&nvals);
+	if(life_set) {
+	    nvals.max_life = default_life;
+	    SET_FIELD(KADM_MAXLIFE, nvals.fields);
+	} else
+	    get_maxlife(&nvals);
+	if(attributes_set) {
+	    nvals.attributes = default_attributes;
+	    SET_FIELD(KADM_ATTR, nvals.fields);
+	} else
+	    get_attr(&nvals);
+	if(expiration_set) {
+	    nvals.exp_date = default_expiration;
+	    SET_FIELD(KADM_EXPDATE, nvals.fields);
+	} else
+	    get_expdate(&nvals);
     
-    if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
-	IS_FIELD(KADM_ATTR, nvals.fields) ||
-	IS_FIELD(KADM_EXPDATE, nvals.fields)) {
-	if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
-	    printf("kadm error: %s\n",error_message(status));
-	    goto out;
-	}
-	if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
-	    printf("kadm error: %s\n",error_message(status));
-	    goto out;
+	if (IS_FIELD(KADM_MAXLIFE, nvals.fields) ||
+	    IS_FIELD(KADM_ATTR, nvals.fields) ||
+	    IS_FIELD(KADM_EXPDATE, nvals.fields)) {
+	    if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) {
+		printf("kadm error: %s\n",error_message(status));
+		goto out;
+	    }
+	    if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) {
+		printf("kadm error: %s\n",error_message(status));
+		goto out;
+	    }
 	}
+	prin_vals(&ovals);
     }
-    prin_vals(&ovals);
-
+    
 out:
-    if (!multiple)
-	clean_up();
-    return;
+    return 0;
 }
 
-static void
+static int
 help(int argc, char **argv)
 {
     sl_help (cmds, argc, argv);
+    return 0;
 }
diff --git a/crypto/kerberosIV/kadmin/kpasswd.c b/crypto/kerberosIV/kadmin/kpasswd.c
index f4c0cda..f32946b 100644
--- a/crypto/kerberosIV/kadmin/kpasswd.c
+++ b/crypto/kerberosIV/kadmin/kpasswd.c
@@ -25,7 +25,7 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $");
+RCSID("$Id: kpasswd.c,v 1.26 1998/06/09 19:24:54 joda Exp $");
 
 static void
 usage(int value)
@@ -70,7 +70,9 @@ main(int argc, char **argv)
 	    break;
 	case 'n':
 	    if (k_isname(optarg))
-		strncpy(principal.name, optarg, sizeof(principal.name) - 1);
+		strcpy_truncate(principal.name,
+				optarg,
+				sizeof(principal.name));
 	    else {
 		warnx("Bad name: %s", optarg);
 		usage(1);
@@ -78,9 +80,9 @@ main(int argc, char **argv)
 	    break;
 	case 'i':
 	    if (k_isinst(optarg))
-		strncpy(principal.instance,
-			optarg,
-			sizeof(principal.instance) - 1);
+		strcpy_truncate(principal.instance,
+				optarg,
+				sizeof(principal.instance));
 	    else {
 		warnx("Bad instance: %s", optarg);
 		usage(1);
@@ -88,7 +90,9 @@ main(int argc, char **argv)
 	    break;
 	case 'r':
 	    if (k_isrealm(optarg)) {
-		strncpy(principal.realm, optarg, sizeof(principal.realm) - 1);
+		strcpy_truncate(principal.realm,
+				optarg,
+				sizeof(principal.realm));
 		realm_given++; 
 	    } else {
 		warnx("Bad realm: %s", optarg);
@@ -112,14 +116,24 @@ main(int argc, char **argv)
     }
 
     if (use_default) {
-	strcpy(principal.name, default_principal.name);
-	strcpy(principal.instance, default_principal.instance);
-	strcpy(principal.realm, default_principal.realm);
+	strcpy_truncate(principal.name,
+			default_principal.name,
+			sizeof(principal.name));
+	strcpy_truncate(principal.instance,
+			default_principal.instance,
+			sizeof(principal.instance));
+	strcpy_truncate(principal.realm,
+			default_principal.realm,
+			sizeof(principal.realm));
     } else {
 	if (!principal.name[0])
-	    strcpy(principal.name, default_principal.name);
+	    strcpy_truncate(principal.name,
+			    default_principal.name,
+			    sizeof(principal.name));
 	if (!principal.realm[0])
-	    strcpy(principal.realm, default_principal.realm);
+	    strcpy_truncate(principal.realm,
+			    default_principal.realm,
+			    sizeof(principal.realm));
     }
 
     snprintf(tktstring, sizeof(tktstring),
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c
index 108481c..8f75d52 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil.c
@@ -30,7 +30,7 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $");
+RCSID("$Id: ksrvutil.c,v 1.47 1999/06/29 18:53:58 bg Exp $");
 
 #include "ksrvutil.h"
 
@@ -86,7 +86,7 @@ copy_keyfile(char *keyfile, char *backup_keyfile)
 	try_again = FALSE;
 	if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) {
 	    if (errno != ENOENT)
-	      err (1, "read %s", keyfile);
+	      err (1, "open %s", keyfile);
 	    else {
 		try_again = TRUE;
 		if ((keyfile_fd = 
@@ -105,7 +105,7 @@ copy_keyfile(char *keyfile, char *backup_keyfile)
     if ((backup_keyfile_fd = 
 	 open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, 
 	      keyfile_mode)) < 0)
-	err (1, "write %s", backup_keyfile);
+	err (1, "open %s", backup_keyfile);
     do {
 	if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0)
 	    err (1, "read %s", keyfile);
@@ -184,7 +184,8 @@ int ny(char *string)
 }
 
 static void
-append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key)
+append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm,
+	      unsigned char key_vno, unsigned char *key)
 {
   /* Add one to append null */
     safe_write(filename, fd, sname, strlen(sname) + 1);
@@ -259,13 +260,14 @@ static void
 usage(void)
 {
     fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] ");
-    fprintf(stderr, "[-p principal] [-r realm] ");
+    fprintf(stderr, "[-p principal] [-r realm] [-u]");
     fprintf(stderr, "[-c AFS cellname] ");
-    fprintf(stderr, "{list | change | add | get}\n");
-    fprintf(stderr, "   -i causes the program to ask for ");
-    fprintf(stderr, "confirmation before changing keys.\n");
-    fprintf(stderr, "   -k causes the key to printed for list or ");
-    fprintf(stderr, "change.\n");
+    fprintf(stderr, "{list | change | add | get | delete}\n");
+    fprintf(stderr, "   -i causes the program to ask for "
+	    "confirmation before changing keys.\n");
+    fprintf(stderr, "   -k causes the key to printed for list or change.\n");
+    fprintf(stderr, "   -u creates one keyfile for each principal "
+	    "(only used with `get')\n");
     exit(1);
 }
 
@@ -292,7 +294,9 @@ main(int argc, char **argv)
     int interactive = FALSE;
     int list = FALSE;
     int change = FALSE;
+    int unique_filename = FALSE;
     int add = FALSE;
+    int delete = FALSE;
     int get = FALSE;
     int key = FALSE;		/* do we show keys? */
     int arg_entered = FALSE;
@@ -318,101 +322,116 @@ main(int argc, char **argv)
 
     /* This is used only as a default for adding keys */
     if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
-	strcpy(local_realm, KRB_REALM);
+	strcpy_truncate(local_realm,
+			KRB_REALM,
+			sizeof(local_realm));
     
-    while((c = getopt(argc, argv, "ikc:f:p:r:")) != EOF) {
-	 switch (c) {
-	      case 'i':
-	      interactive++;
-	      break;
-	      case 'k':
-	      key++;
-	      break;
-	      case 'c':
-	      strcpy(cellname, optarg);
-	      break;
-	      case 'f':
-	      strcpy(keyfile, optarg);
-	      break;
-	      case 'p':
-	      if((status = kname_parse (u_name, u_inst, u_realm, optarg)) !=
-		 KSUCCESS)
-		  errx (1, "principal %s: %s", optarg,
-			krb_get_err_text(status));
-	      break;
-	      case 'r':
-	      strcpy(u_realm, optarg);
-	      break;
-	      case '?':
-	      usage();
-	 }
+    while((c = getopt(argc, argv, "ikc:f:p:r:u")) != EOF) {
+	switch (c) {
+	case 'i':
+	    interactive++;
+	    break;
+	case 'k':
+	    key++;
+	    break;
+	case 'c':
+	    strcpy_truncate(cellname, optarg, sizeof(cellname));
+	    break;
+	case 'f':
+	    strcpy_truncate(keyfile, optarg, sizeof(keyfile));
+	    break;
+	case 'p':
+	    if((status = kname_parse (u_name, u_inst, u_realm, optarg)) !=
+	       KSUCCESS)
+		errx (1, "principal %s: %s", optarg,
+		      krb_get_err_text(status));
+	    break;
+	case 'r':
+	    strcpy_truncate(u_realm, optarg, sizeof(u_realm));
+	    break;
+	case 'u':
+	    unique_filename = 1;
+	    break;
+	case '?':
+	    usage();
+	}
     }
     if (optind >= argc)
-	 usage();
+	usage();
     if (*u_realm == '\0')
-	 strcpy (u_realm, local_realm);
+	 strcpy_truncate (u_realm, local_realm, sizeof(u_realm));
     if (strcmp(argv[optind], "list") == 0) {
-	 if (arg_entered)
-	      usage();
-	 else {
-	      arg_entered++;
-	      list++;
-	 }
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    list++;
+	}
     }
     else if (strcmp(argv[optind], "change") == 0) {
-	 if (arg_entered)
-	      usage();
-	 else {
-	      arg_entered++;
-	      change++;
-	 }
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    change++;
+	}
     }
     else if (strcmp(argv[optind], "add") == 0) {
-	 if (arg_entered)
-	      usage();
-	 else {
-	      arg_entered++;
-	      add++;
-	 }
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    add++;
+	}
     }
     else if (strcmp(argv[optind], "get") == 0) {
-	 if (arg_entered)
-	      usage();
-	 else {
-	      arg_entered++;
-	      get++;
-	 }
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    get++;
+	}
+    }
+    else if (strcmp(argv[optind], "delete") == 0) {
+	if (arg_entered)
+	    usage();
+	else {
+	    arg_entered++;
+	    delete++;
+	}
     }
     else
-	 usage();
+	usage();
     ++optind;
     
     if (!arg_entered)
 	usage();
 
+    if(unique_filename && !get)
+	warnx("`-u' flag is only used with `get'");
+
     if (!keyfile[0])
-	strcpy(keyfile, KEYFILE);
-    
-    strcpy(work_keyfile, keyfile);
-    strcpy(backup_keyfile, keyfile);
+	strcpy_truncate(keyfile, KEYFILE, sizeof(keyfile));
+
+    strcpy_truncate(work_keyfile, keyfile, sizeof(work_keyfile));
+    strcpy_truncate(backup_keyfile, keyfile, sizeof(backup_keyfile));
     
-    if (change || add || get) {
-	strcat(work_keyfile, ".work");
-	strcat(backup_keyfile, ".old");
-	
+    if (change || add || (get && !unique_filename) || delete) {
+	snprintf(work_keyfile, sizeof(work_keyfile), "%s.work", keyfile);
+	snprintf(backup_keyfile, sizeof(backup_keyfile), "%s.old", keyfile);
 	copy_keyfile(keyfile, backup_keyfile);
     }
     
-    if (add || get)
+    if (add || (get && !unique_filename))
 	copy_keyfile(backup_keyfile, work_keyfile);
 
     keyfile_mode = get_mode(keyfile);
 
-    if (change || list)
+    if (change || list || delete)
 	if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0)
 	    err (1, "open %s", backup_keyfile);
 
-    if (change) {
+    if (change || delete) {
 	if ((work_keyfile_fd = 
 	     open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, 
 		  SRVTAB_MODE)) < 0)
@@ -423,13 +442,13 @@ main(int argc, char **argv)
 	     open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0)
 	    err (1, "open with append %s", work_keyfile );
     }
-    else if (get) {
+    else if (get && !unique_filename) {
 	if ((work_keyfile_fd =
 	     open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0)
 	    err (1, "open for writing %s", work_keyfile);
     }
     
-    if (change || list) {
+    if (change || list || delete) {
 	while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) &&
 	       (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) &&
 	       (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) &&
@@ -467,10 +486,8 @@ main(int argc, char **argv)
 		printf("; version %d\n", key_vno);
 		if (interactive)
 		    change_this_key = yn("Change this key?");
-		else if (change)
-		    change_this_key = 1;
 		else
-		    change_this_key = 0;
+		    change_this_key = 1;
 		
 		if (change_this_key)
 		    printf("Changing to version %d.\n", key_vno + 1);
@@ -539,6 +556,20 @@ main(int argc, char **argv)
 			}
 		    }
 		}
+	    } else if(delete) {
+		int delete_this_key;
+		printf("\nPrincipal: ");
+		print_name(sname, sinst, srealm);
+		printf("; version %d\n", key_vno);
+		delete_this_key = yn("Delete this key?");
+		
+		if (delete_this_key)
+		    printf("Deleting this key.\n");
+		
+		if (!delete_this_key) {
+		    append_srvtab(work_keyfile, work_keyfile_fd, 
+				  sname, sinst, srealm, key_vno, old_key);
+		}
 	    }
 	    memset(old_key, 0, sizeof(des_cblock));
 	    memset(new_key, 0, sizeof(des_cblock));
@@ -547,23 +578,30 @@ main(int argc, char **argv)
     else if (add) {
 	do {
 	    do {
+		char *p;
+
 		safe_read_stdin("Name: ", databuf, sizeof(databuf));
-		strncpy(sname, databuf, sizeof(sname) - 1);
-		if (strchr(sname, '.') != 0) {
-		  strcpy(sinst, strchr(sname, '.') + 1);
-		  *(strchr(sname, '.')) = 0;
+		p = strchr(databuf, '.');
+		if (p != NULL) {
+		    *p++ = '\0';
+		    strcpy_truncate (sname, databuf, sizeof(sname));
+		    strcpy_truncate (sinst, p, sizeof(sinst));
 		} else {
-		  safe_read_stdin("Instance: ", databuf, sizeof(databuf));
-		  strncpy(sinst, databuf, sizeof(sinst) - 1);
+		    strcpy_truncate (sname, databuf, sizeof(sname));
+		    safe_read_stdin("Instance: ", databuf, sizeof(databuf));
+		    strcpy_truncate (sinst, databuf, sizeof(databuf));
 		}
+
 		safe_read_stdin("Realm: ", databuf, sizeof(databuf));
-		strncpy(srealm, databuf, sizeof(srealm) - 1);
+		if (databuf[0] != '\0')
+		    strcpy_truncate (srealm, databuf, sizeof(srealm));
+		else
+		    strcpy_truncate (srealm, local_realm, sizeof(srealm));
+
 		safe_read_stdin("Version number: ", databuf, sizeof(databuf));
 		key_vno = atoi(databuf);
-		if (key_vno == 0)
-			key_vno = 1; /* Version numbers are never 0 */
 		if (!srealm[0])
-		    strcpy(srealm, local_realm);
+		    strcpy_truncate(srealm, local_realm, sizeof(srealm));
 		printf("New principal: ");
 		print_name(sname, sinst, srealm);
 		printf("; version %d\n", key_vno);
@@ -580,15 +618,15 @@ main(int argc, char **argv)
 	} while (yn("Would you like to add another key?"));
     }
     else if (get) {
-        ksrvutil_get(work_keyfile_fd, work_keyfile,
+        ksrvutil_get(unique_filename, work_keyfile_fd, work_keyfile,
 		     argc - optind, argv + optind);
     }
 
-    if (change || list) 
+    if (change || list || delete) 
 	if (close(backup_keyfile_fd) < 0)
 	    warn ("close %s", backup_keyfile);
     
-    if (change || add || get) {
+    if (change || add || (get && !unique_filename) || delete) {
 	if (close(work_keyfile_fd) < 0)
 	    err (1, "close %s", work_keyfile);
 	if (rename(work_keyfile, keyfile) < 0)
diff --git a/crypto/kerberosIV/kadmin/ksrvutil.h b/crypto/kerberosIV/kadmin/ksrvutil.h
index 64e2fe4..b548fc7 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil.h
+++ b/crypto/kerberosIV/kadmin/ksrvutil.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan 
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan 
  * (Royal Institute of Technology, Stockholm, Sweden).  
  * All rights reserved.
  * 
@@ -37,7 +37,7 @@
  */
 
 /*
- * $Id: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $
+ * $Id: ksrvutil.h,v 1.9 1998/01/16 19:01:31 joda Exp $
  *
  */
 
@@ -51,4 +51,5 @@ void safe_write(char *filename, int fd, void *buf, size_t len);
 int yn(char *string);
 int ny(char *string);
 
-void ksrvutil_get(int fd, char *filename, int argc, char **argv);
+void ksrvutil_get(int unique_filename, int fd, 
+		  char *filename, int argc, char **argv);
diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c
index 7b97d35..a9c0797 100644
--- a/crypto/kerberosIV/kadmin/ksrvutil_get.c
+++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -39,7 +39,7 @@
 #include "kadm_locl.h"
 #include "ksrvutil.h"
 
-RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $");
+RCSID("$Id: ksrvutil_get.c,v 1.38 1999/06/29 21:19:37 bg Exp $");
 
 #define BAD_PW 1
 #define GOOD_PW 0
@@ -48,7 +48,7 @@ RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $");
 #define PE_YES 1
 #define PE_UNSURE 2
 
-static char tktstring[128];
+static char tktstring[MaxPathLen];
 
 static int
 princ_exists(char *name, char *instance, char *realm)
@@ -92,8 +92,7 @@ get_admin_password(char *myname, char *myinst, char *myrealm)
     memset(&c, 0, sizeof(c));
     krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c);
     des_init_random_number_generator(&c.session);
-  }
-  else
+  } else
     status = KDC_PR_UNKNOWN;
   
   switch(status) {
@@ -122,8 +121,8 @@ static void
 srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm,
 		int8_t kvno, des_cblock key)
 {
-  char sname[ANAME_SZ];	/* name of service */
-  char sinst[INST_SZ];	/* instance of service */
+  char sname[ANAME_SZ];		/* name of service */
+  char sinst[INST_SZ];		/* instance of service */
   char srealm[REALM_SZ];	/* realm of service */
   int8_t skvno;
   des_cblock skey;
@@ -163,7 +162,10 @@ struct srv_ent{
 };
 
 static int
-key_to_key(char *user, char *instance, char *realm, void *arg,
+key_to_key(const char *user,
+	   char *instance,
+	   const char *realm,
+	   const void *arg,
 	   des_cblock *key)
 {
   memcpy(key, arg, sizeof(des_cblock));
@@ -171,92 +173,116 @@ key_to_key(char *user, char *instance, char *realm, void *arg,
 }
 
 static void
-get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm)
+get_srvtab_ent(int unique_filename, int fd, char *filename, 
+	       char *name, char *inst, char *realm)
 {
-  char chname[128];
-  des_cblock newkey;
-  char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen];
-  char garbage_name[ANAME_SZ];
-  char garbage_inst[ANAME_SZ];
-  CREDENTIALS c;
-  u_int8_t kvno;
-  Kadm_vals values;
-  int ret;
-
-  strncpy(chname, krb_get_phost(inst), sizeof(chname));
-  if(strcmp(inst, chname))
-    fprintf(stderr, 
-	    "Warning: Are you sure `%s' should not be `%s'?\n",
-	    inst, chname);
+    char chname[128];
+    des_cblock newkey;
+    char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen];
+    char garbage_name[ANAME_SZ];
+    char garbage_inst[ANAME_SZ];
+    CREDENTIALS c;
+    u_int8_t kvno;
+    Kadm_vals values;
+    int ret;
+
+    strcpy_truncate(chname, krb_get_phost(inst), sizeof(chname));
+    if(strcmp(inst, chname))
+	fprintf(stderr, 
+		"Warning: Are you sure `%s' should not be `%s'?\n",
+		inst, chname);
     
-  memset(&values, 0, sizeof(values));
-  strcpy(values.name, name);
-  strcpy(values.instance, inst);
-  des_new_random_key(&newkey);
-  values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
-    | (newkey[2] << 8) | (newkey[3] << 0);
-  values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
-    | (newkey[6] << 8) | (newkey[7] << 0);
-
-  SET_FIELD(KADM_NAME,values.fields);
-  SET_FIELD(KADM_INST,values.fields);
-  SET_FIELD(KADM_DESKEY,values.fields);
-
-  ret = kadm_mod(&values, &values);
-  if(ret == KADM_NOENTRY)
-    ret = kadm_add(&values);
-  if (ret != KSUCCESS) {
-    warnx ("Couldn't get srvtab entry for %s.%s: %s",
-	    name, inst, error_message(ret));
-    return;
-  }
+    memset(&values, 0, sizeof(values));
+    strcpy_truncate(values.name, name, sizeof(values.name));
+    strcpy_truncate(values.instance, inst, sizeof(values.instance));
+    des_new_random_key(&newkey);
+    values.key_low = (newkey[0] << 24) | (newkey[1] << 16)
+	| (newkey[2] << 8) | (newkey[3] << 0);
+    values.key_high = (newkey[4] << 24) | (newkey[5] << 16)
+	| (newkey[6] << 8) | (newkey[7] << 0);
+
+    SET_FIELD(KADM_NAME,values.fields);
+    SET_FIELD(KADM_INST,values.fields);
+    SET_FIELD(KADM_DESKEY,values.fields);
+
+    ret = kadm_mod(&values, &values);
+    if(ret == KADM_NOENTRY)
+	ret = kadm_add(&values);
+    if (ret != KSUCCESS) {
+	warnx ("Couldn't get srvtab entry for %s.%s: %s",
+	       name, inst, error_message(ret));
+	return;
+    }
   
-  values.key_low = values.key_high = 0;
-
-  /* get the key version number */
-
-  strcpy(old_tktfile, tkt_string());
-  snprintf(new_tktfile, sizeof(new_tktfile),
-	   TKT_ROOT "_ksrvutil-get.%u",
-	   (unsigned)getpid());
-  krb_set_tkt_string(new_tktfile);
-
-  ret = krb_get_in_tkt(name, inst, realm, name, inst,
-		       1, key_to_key, NULL, &newkey);
-
-  if (ret == KSUCCESS &&
-      (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
-      (ret = tf_get_pname(garbage_name)) == KSUCCESS &&
-      (ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
-      (ret = tf_get_cred(&c)) == KSUCCESS)
-    kvno = c.kvno;
-  else {
-    warnx ("Could not find the cred in the ticket file");
-    return;
-  }
+    values.key_low = values.key_high = 0;
+
+    /* get the key version number */
+    { 
+	int old = krb_use_admin_server(1);
+
+	strcpy_truncate(old_tktfile, tkt_string(), sizeof(old_tktfile));
+	snprintf(new_tktfile, sizeof(new_tktfile),
+		 TKT_ROOT "_ksrvutil-get.%u",
+		 (unsigned)getpid());
+	krb_set_tkt_string(new_tktfile);
+      
+	ret = krb_get_in_tkt(name, inst, realm, name, inst,
+			     1, key_to_key, NULL, &newkey);
+	krb_use_admin_server(old);
+    }
+      
+    if (ret == KSUCCESS &&
+	(ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS &&
+	(ret = tf_get_pname(garbage_name)) == KSUCCESS &&
+	(ret = tf_get_pinst(garbage_inst)) == KSUCCESS &&
+	(ret = tf_get_cred(&c)) == KSUCCESS)
+	kvno = c.kvno;
+    else {
+	warnx ("Could not find the cred in the ticket file");
+	return;
+    }
 
-  tf_close();
-  krb_set_tkt_string(old_tktfile);
-  unlink(new_tktfile);
+    tf_close();
+    krb_set_tkt_string(old_tktfile);
+    unlink(new_tktfile);
     
-  if(ret != KSUCCESS) {
-    memset(&newkey, 0, sizeof(newkey));
-    warnx ("Could not get a ticket for %s: %s\n",
-	   krb_unparse_name_long(name, inst, realm),
-	   krb_get_err_text(ret));
-    return;
-  }
-
-  /* Write the new key & c:o to the srvtab file */
-
-  srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
-  memset(&newkey, 0, sizeof(newkey));
+    if(ret != KSUCCESS) {
+	memset(&newkey, 0, sizeof(newkey));
+	warnx ("Could not get a ticket for %s: %s\n",
+	       krb_unparse_name_long(name, inst, realm),
+	       krb_get_err_text(ret));
+	return;
+    }
 
-  fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm));
+    /* Write the new key & c:o to the srvtab file */
+
+    if(unique_filename){
+	char *fn;
+	asprintf(&fn, "%s-%s", filename, 
+		 krb_unparse_name_long(name, inst, realm));
+	if(fn == NULL){
+	    warnx("Out of memory");
+	    leave(NULL, 1);
+	}
+	fd = open(fn, O_RDWR | O_CREAT | O_TRUNC, 0600); /* XXX flags, mode? */
+	if(fd < 0){
+	    warn("%s", fn);
+	    leave(NULL, 1);
+	}
+	srvtab_put_key (fd, fn, name, inst, realm, kvno, newkey);
+	close(fd);
+	fprintf (stderr, "Created %s\n", fn);
+	free(fn);
+    }else{
+	srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey);
+	fprintf (stderr, "Added %s\n", 
+		 krb_unparse_name_long (name, inst, realm));
+    }
+    memset(&newkey, 0, sizeof(newkey));
 }
 
 static void
-ksrvutil_kadm(int fd, char *filename, struct srv_ent *p)
+ksrvutil_kadm(int unique_filename, int fd, char *filename, struct srv_ent *p)
 {
   int ret;
   CREDENTIALS c;
@@ -276,7 +302,8 @@ ksrvutil_kadm(int fd, char *filename, struct srv_ent *p)
     /*
      *  create ticket file and get admin tickets
      */
-    snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid());
+    snprintf(tktstring, sizeof(tktstring),
+	     TKT_ROOT "_ksrvutil_%d", (int)getpid());
     krb_set_tkt_string(tktstring);
     destroyp = TRUE;
        
@@ -287,7 +314,7 @@ ksrvutil_kadm(int fd, char *filename, struct srv_ent *p)
     }
   }  
   for(;p;){
-    get_srvtab_ent(fd, filename, p->name, p->inst, p->realm);
+    get_srvtab_ent(unique_filename, fd, filename, p->name, p->inst, p->realm);
     p=p->next;
   }
   unlink(tktstring);
@@ -300,7 +327,7 @@ parseinput (char *result, size_t sz, char *val, char *def)
   int inq;
 
   if (val[0] == '\0') {
-    strncpy (result, def, sz-1);
+    strcpy_truncate (result, def, sz);
     return;
   }
   lim = result + sz - 1;
@@ -323,7 +350,7 @@ parseinput (char *result, size_t sz, char *val, char *def)
 }
 
 void
-ksrvutil_get(int fd, char *filename, int argc, char **argv)
+ksrvutil_get(int unique_filename, int fd, char *filename, int argc, char **argv)
 {
   char sname[ANAME_SZ];		/* name of service */
   char sinst[INST_SZ];		/* instance of service */
@@ -334,8 +361,10 @@ ksrvutil_get(int fd, char *filename, int argc, char **argv)
   struct srv_ent *head=NULL;
   int i;
 
-  k_gethostname(local_hostname, sizeof(local_hostname));
-  strcpy(local_hostname, krb_get_phost(local_hostname));
+  gethostname(local_hostname, sizeof(local_hostname));
+  strcpy_truncate(local_hostname,
+		  krb_get_phost(local_hostname),
+		  sizeof(local_hostname));
 
   if (argc)
     for(i=0; i < argc; ++i) {
@@ -346,7 +375,7 @@ ksrvutil_get(int fd, char *filename, int argc, char **argv)
 	leave(NULL,1);
       }
       p->next = head;
-      strcpy (p->realm, u_realm);
+      strcpy_truncate (p->realm, u_realm, sizeof(p->realm));
       if (kname_parse (p->name, p->inst, p->realm, argv[i]) !=
 	  KSUCCESS) {
 	warnx ("parse error on '%s'\n", argv[i]);
@@ -354,11 +383,11 @@ ksrvutil_get(int fd, char *filename, int argc, char **argv)
 	continue;
       }
       if (p->name[0] == '\0')
-	strcpy(p->name, "rcmd");
+	strcpy_truncate(p->name, "rcmd", sizeof(p->name));
       if (p->inst[0] == '\0')
-	strcpy(p->inst, local_hostname);
+	strcpy_truncate(p->inst, local_hostname, sizeof(p->inst));
       if (p->realm[0] == '\0')
-	strcpy(p->realm, u_realm);
+	strcpy_truncate(p->realm, u_realm, sizeof(p->realm));
       head = p;
     }
 
@@ -377,16 +406,20 @@ ksrvutil_get(int fd, char *filename, int argc, char **argv)
 
       if(yn("Is this correct?")){
 	struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent));
+	if (p == NULL) {
+	    warnx ("out of memory in malloc");
+	    leave(NULL,1);
+	}
 	p->next=head;
 	head=p;
-	strcpy(p->name, sname);
-	strcpy(p->inst, sinst);
-	strcpy(p->realm, srealm);
+	strcpy_truncate(p->name, sname, sizeof(p->name));
+	strcpy_truncate(p->inst, sinst, sizeof(p->inst));
+	strcpy_truncate(p->realm, srealm, sizeof(p->realm));
       }
     }while(ny("Add more keys?"));
   
   
-  ksrvutil_kadm(fd, filename, head);
+  ksrvutil_kadm(unique_filename, fd, filename, head);
 
   {
     struct srv_ent *p=head, *q;
diff --git a/crypto/kerberosIV/kadmin/new_pwd.c b/crypto/kerberosIV/kadmin/new_pwd.c
index 88fb7a9..64756f7 100644
--- a/crypto/kerberosIV/kadmin/new_pwd.c
+++ b/crypto/kerberosIV/kadmin/new_pwd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "kadm_locl.h"
 
-RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $");
+RCSID("$Id: new_pwd.c,v 1.13 1998/06/09 19:24:55 joda Exp $");
 
 #ifdef NOENCRYPTION
 #define read_long_pw_string placebo_read_pw_string
@@ -49,24 +49,22 @@ RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $");
 static char *
 check_pw (char *pword)
 {
-    if (strlen(pword) == 0)
-	return "Null passwords are not allowed - Please enter a longer password.";
-    
-    if (strlen(pword) < MIN_KPW_LEN)
+    int ret = kadm_check_pw(pword);
+    switch(ret) {
+    case 0:
+	return NULL;
+    case KADM_PASS_Q_NULL:
+	return "Null passwords are not allowed - "
+	    "Please enter a longer password.";
+    case KADM_PASS_Q_TOOSHORT:
 	return "Password is to short - Please enter a longer password.";
-    
-    /* Don't allow all lower case passwords regardless of length */
-    {
-	char *t;
-	for (t = pword; *t && islower(*t); t++)
-	    ;
-	if (*t == 0)
-	    return "Please don't use an all-lower case password.\n"
-	      "\tUnusual capitalization, delimiter characters or "
-	      "digits are suggested.";
+    case KADM_PASS_Q_CLASS:
+	/* XXX */
+	return "Please don't use an all-lower case password.\n"
+	    "\tUnusual capitalization, delimiter characters or "
+	    "digits are suggested.";
     }
-
-    return NULL;
+    return "Password is insecure"; /* XXX this shouldn't happen */
 }
 
 int
@@ -119,6 +117,7 @@ get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm)
     
     do {
 	char verify[MAX_KPW_LEN];
+
 	snprintf(npromp, sizeof(npromp), "New Password for %s:",p);
 	if (read_long_pw_string(pword, pwlen-1, npromp, 0)) {
 	    fprintf(stderr,
diff --git a/crypto/kerberosIV/kadmin/random_password.c b/crypto/kerberosIV/kadmin/random_password.c
new file mode 100644
index 0000000..d274831
--- /dev/null
+++ b/crypto/kerberosIV/kadmin/random_password.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadm_locl.h"
+
+RCSID("$Id: random_password.c,v 1.2 1998/06/09 19:24:56 joda Exp $");
+
+/* This file defines some a function that generates a random password,
+   that can be used when creating a large amount of principals (such
+   as for a batch of students). Since this is a political matter, you
+   should think about how secure generated passwords has to be.
+   
+   Both methods defined here will give you at least 55 bits of
+   entropy.
+   */
+
+/* If you want OTP-style passwords, define OTP_STYLE */
+
+#ifdef OTP_STYLE
+#include <otp.h>
+#else
+static void generate_password(char **pw, int num_classes, ...);
+#endif
+
+void
+random_password(char *pw, size_t len, u_int32_t *low, u_int32_t *high)
+{
+    des_cblock newkey;
+#ifdef OTP_STYLE
+    des_new_random_key(&newkey);
+    otp_print_stddict (newkey, pw, len);
+    strlwr(pw);
+#else
+    char *pass;
+    generate_password(&pass, 3, 
+		      "abcdefghijklmnopqrstuvwxyz", 7, 
+		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, 
+		      "@$%&*()-+=:,/<>1234567890", 1);
+    strcpy_truncate(pw, pass, len);
+    memset(pass, 0, strlen(pass));
+    free(pass);
+#endif
+    des_string_to_key(pw, &newkey);
+    memcpy(low, newkey, 4);
+    memcpy(high, ((char *)newkey) + 4, 4);
+    memset(newkey, 0, sizeof(newkey));
+
+    *low = htonl(*low);
+    *high = htonl(*high);
+}
+
+/* some helper functions */
+
+#ifndef OTP_STYLE
+/* return a random value in range 0-127 */
+static int
+RND(des_cblock *key, int *left)
+{
+    if(*left == 0){
+	des_new_random_key(key);
+	*left = 8;
+    }
+    (*left)--;
+    return ((unsigned char*)key)[*left];
+}
+
+/* This a helper function that generates a random password with a
+   number of characters from a set of character classes.
+
+   If there are n classes, and the size of each class is Pi, and the
+   number of characters from each class is Ni, the number of possible
+   passwords are (given that the character classes are disjoint):
+
+     n             n
+   -----        /  ----  \
+   |   |  Ni    |  \     |
+   |   | Pi     |   \  Ni| !
+   |   | ---- * |   /    |
+   |   | Ni!    |  /___  |
+    i=1          \  i=1  /
+   
+    Since it uses the RND function above, neither the size of each
+    class, nor the total length of the generated password should be
+    larger than 127 (without fixing RND).
+   
+   */
+static void
+generate_password(char **pw, int num_classes, ...)
+{
+    struct {
+	const char *str;
+	int len;
+	int freq;
+    } *classes;
+    va_list ap;
+    int len, i;
+    des_cblock rbuf; /* random buffer */
+    int rleft = 0;
+
+    classes = malloc(num_classes * sizeof(*classes));
+    va_start(ap, num_classes);
+    len = 0;
+    for(i = 0; i < num_classes; i++){
+	classes[i].str = va_arg(ap, const char*);
+	classes[i].len = strlen(classes[i].str);
+	classes[i].freq = va_arg(ap, int);
+	len += classes[i].freq;
+    }
+    va_end(ap);
+    *pw = malloc(len + 1);
+    if(*pw == NULL)
+	return;
+    for(i = 0; i < len; i++) {
+	int j;
+	int x = RND(&rbuf, &rleft) % (len - i);
+	int t = 0;
+	for(j = 0; j < num_classes; j++) {
+	    if(x < t + classes[j].freq) {
+		(*pw)[i] = classes[j].str[RND(&rbuf, &rleft) % classes[j].len];
+		classes[j].freq--;
+		break;
+	    }
+	    t += classes[j].freq;
+	}
+    }
+    (*pw)[len] = '\0';
+    memset(rbuf, 0, sizeof(rbuf));
+    free(classes);
+}
+#endif
diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in
index aff8c19..9047bdd 100644
--- a/crypto/kerberosIV/kuser/Makefile.in
+++ b/crypto/kerberosIV/kuser/Makefile.in
@@ -1,17 +1,19 @@
-# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $
+# $Id: Makefile.in,v 1.30 1999/03/10 19:01:14 joda Exp $
 
 SHELL	= /bin/sh
 
 srcdir	= @srcdir@
 VPATH	= @srcdir@
 
-topdir	= ..
+top_builddir	= ..
 
 CC		= @CC@
+LINK		= @LINK@
 AR		= ar
 RANLIB		= @RANLIB@
 DEFS		= @DEFS@
-CFLAGS		= @CFLAGS@
+CFLAGS		= @CFLAGS@ $(WFLAGS)
+WFLAGS		= @WFLAGS@
 LD_FLAGS	= @LD_FLAGS@
 INSTALL		= @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -40,17 +42,17 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(bindir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -69,24 +71,20 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 KLIB=-L../lib/krb -lkrb -L../lib/des -ldes
 LIBROKEN=-L../lib/roken -lroken
 
 kinit$(EXECSUFFIX): kinit.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 kdestroy$(EXECSUFFIX): kdestroy.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 klist$(EXECSUFFIX): klist.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
 
 # su move to appl/bsd
 
 $(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c
index 2fe36c3..b5a620b 100644
--- a/crypto/kerberosIV/kuser/kdestroy.c
+++ b/crypto/kerberosIV/kuser/kdestroy.c
@@ -1,72 +1,118 @@
 /*
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology. 
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>. 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
  *
- * This program causes Kerberos tickets to be destroyed.
- * Options are: 
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
  *
- *   -q[uiet]	- no bell even if tickets not destroyed
- *   -f[orce]	- no message printed at all 
- *   -t		- do not destroy tokens
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
  */
 
 #include "kuser_locl.h"
 #include <kafs.h>
+#include <getarg.h>
+
+RCSID("$Id: kdestroy.c,v 1.16 1999/06/16 17:34:51 assar Exp $");
+
+#ifdef LEGACY_KDESTROY
+int ticket_flag = 1;
+int unlog_flag  = 0;
+#else
+int ticket_flag = -1;
+int unlog_flag  = -1;
+#endif
+int quiet_flag;
+int help_flag;
+int version_flag;
 
-RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $");
+struct getargs args[] = {
+    { "quiet", 		'q',	arg_flag, 	&quiet_flag, 
+      "don't print any messages" },
+    { NULL, 		'f',	arg_flag, 	&quiet_flag },
+    { "tickets",	't',	arg_flag,       &ticket_flag,
+    "destroy tickets" },
+    { "unlog",          'u',    arg_flag,       &unlog_flag,
+      "destroy AFS tokens" },
+    { "version", 	0,	arg_flag,	&version_flag },
+    { "help",		'h',	arg_flag,	&help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
 
 static void
-usage(void)
+usage(int code)
 {
-    fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname);
-    exit(1);
+    arg_printusage(args, num_args, NULL, "");
+    exit(code);
 }
 
 int
 main(int argc, char **argv)
 {
-    int fflag=0, tflag = 0, k_errno;
-    int c;
+    int optind = 0;
+    int ret = RET_TKFIL;
 
     set_progname(argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
 
-    while((c = getopt(argc, argv, "fqt")) >= 0){
-	switch(c){
-	case 'f':
-	case 'q':
-	    fflag++;
-	    break;
-	case 't':
-	    tflag++;
-	    break;
-	default:
-	    usage();
-	}
+    if(help_flag)
+	usage(0);
+
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
     }
-    if(argc - optind > 0)
-	usage();
+    
+    if (unlog_flag == -1 && ticket_flag == -1)
+        unlog_flag = ticket_flag = 1;
 
-    k_errno = dest_tkt();
+    if (ticket_flag)
+        ret = dest_tkt();
 
-    if(!tflag && k_hasafs())
+    if (unlog_flag && k_hasafs())
 	k_unlog();
 
-    if (fflag) {
-	if (k_errno != 0 && k_errno != RET_TKFIL)
-	    exit(1);
-	else
-	    exit(0);
-    } else {
-	if (k_errno == 0)
+    if (!quiet_flag) {
+	if (ret == KSUCCESS)
 	    printf("Tickets destroyed.\n");
-	else if (k_errno == RET_TKFIL)
+	else if (ret == RET_TKFIL)
 	    printf("No tickets to destroy.\n");
 	else {
 	    printf("Tickets NOT destroyed.\n");
-	    exit(1);
 	}
     }
-    exit(0);
+
+    if (ret == KSUCCESS || ret == RET_TKFIL)
+	return 0;
+    else
+	return 1;
 }
diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c
index faf7d6b..82ac58e 100644
--- a/crypto/kerberosIV/kuser/klist.c
+++ b/crypto/kerberosIV/kuser/klist.c
@@ -10,7 +10,7 @@
 
 #include "kuser_locl.h"
 
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 
@@ -20,7 +20,9 @@
 
 #include <kafs.h>
 
-RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $");
+#include <parse_time.h>
+
+RCSID("$Id: klist.c,v 1.41.2.1 1999/07/22 03:15:12 assar Exp $");
 
 static int option_verbose = 0;
 
@@ -36,7 +38,23 @@ short_date(int32_t dp)
     return (cp);
 }
 
+/* prints the approximate kdc time differential as something human
+   readable */
+
 static void
+print_time_diff(void)
+{
+    int d = abs(krb_get_kdc_time_diff());
+    char buf[80];
+
+    if ((option_verbose && d > 0) || d > 60) {
+	unparse_time_approx (d, buf, sizeof(buf));
+	printf ("Time diff:\t%s\n", buf);
+    }
+}
+
+static
+int
 display_tktfile(char *file, int tgt_test, int long_form)
 {
     krb_principal pr;
@@ -65,7 +83,7 @@ display_tktfile(char *file, int tgt_test, int long_form)
     if ((k_errno = tf_init(file, R_TKT_FIL))) {
 	if (!tgt_test)
 	    warnx("%s", krb_get_err_text(k_errno));
-	exit(1);
+	return 1;
     }
     /* Close ticket file */
     tf_close();
@@ -80,21 +98,21 @@ display_tktfile(char *file, int tgt_test, int long_form)
 	if (!tgt_test)
 	    warnx("can't find realm of ticket file: %s", 
 		  krb_get_err_text(k_errno));
-	exit(1);
+	return 1;
     }
 
     /* Open ticket file */
     if ((k_errno = tf_init(file, R_TKT_FIL))) {
 	if (!tgt_test)
 	    warnx("%s", krb_get_err_text(k_errno));
-	exit(1);
+	return 1;
     }
     /* Get principal name and instance */
     if ((k_errno = tf_get_pname(pr.name)) ||
 	(k_errno = tf_get_pinst(pr.instance))) {
 	if (!tgt_test)
 	    warnx("%s", krb_get_err_text(k_errno));
-	exit(1);
+	return 1;
     }
 
     /* 
@@ -104,8 +122,11 @@ display_tktfile(char *file, int tgt_test, int long_form)
      * it was done before tf_init.
      */
        
-    if (!tgt_test && long_form)
-	printf("Principal:\t%s\n\n", krb_unparse_name(&pr));
+    if (!tgt_test && long_form) {
+	printf("Principal:\t%s\n", krb_unparse_name(&pr));
+	print_time_diff();
+	printf("\n");
+    }
     while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
 	if (!tgt_test && long_form && header) {
 	    printf("%-15s  %-15s  %s%s\n",
@@ -118,19 +139,27 @@ display_tktfile(char *file, int tgt_test, int long_form)
 	    if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) &&
 		!strcmp(c.instance, pr.realm)) {
 		if (time(0) < c.issue_date)
-		    exit(0);		/* tgt hasn't expired */
+		    return 0;		/* tgt hasn't expired */
 		else
-		    exit(1);		/* has expired */
+		    return 1;		/* has expired */
 	    }
 	    continue;			/* not a tgt */
 	}
 	if (long_form) {
-	    strcpy(buf1, short_date(c.issue_date));
+	    struct timeval tv;
+	    strcpy_truncate(buf1,
+			    short_date(c.issue_date),
+			    sizeof(buf1));
 	    c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
-	    if (time(0) < (unsigned long) c.issue_date)
-	        strcpy(buf2, short_date(c.issue_date));
+	    krb_kdctimeofday(&tv);
+	    if (option_verbose || tv.tv_sec < (unsigned long) c.issue_date)
+	        strcpy_truncate(buf2,
+				short_date(c.issue_date),
+				sizeof(buf2));
 	    else
-	        strcpy(buf2, ">>> Expired <<<");
+	        strcpy_truncate(buf2,
+				">>> Expired <<<",
+				sizeof(buf2));
 	    printf("%s  %s  ", buf1, buf2);
 	}
 	printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm));
@@ -139,10 +168,11 @@ display_tktfile(char *file, int tgt_test, int long_form)
 	printf("\n");
     }
     if (tgt_test)
-	exit(1);			/* no tgt found */
+	return 1;			/* no tgt found */
     if (header && long_form && k_errno == EOF) {
 	printf("No tickets in file.\n");
     }
+    return 0;
 }
 
 /* adapted from getst() in librkb */
@@ -173,13 +203,11 @@ ok_getst(int fd, char *s, int n)
 }
 
 static void
-display_tokens()
+display_tokens(void)
 {
     u_int32_t i;
     unsigned char t[128];
     struct ViceIoctl parms;
-    struct ClearToken ct;
-    int size_secret_tok, size_public_tok;
 
     parms.in = (void *)&i;
     parms.in_size = sizeof(i);
@@ -187,14 +215,33 @@ display_tokens()
     parms.out_size = sizeof(t);
 
     for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) {
-        char *cell;
-	memcpy(&size_secret_tok, t, 4);
-	memcpy(&size_public_tok, t + 4 + size_secret_tok, 4);
-	memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok);
-	cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4;
-
-	printf("%-15s  ", short_date(ct.BeginTimestamp));
-	printf("%-15s  ", short_date(ct.EndTimestamp));
+        int32_t size_secret_tok, size_public_tok;
+        const char *cell;
+	struct ClearToken ct;
+	const unsigned char *r = t;
+	struct timeval tv;
+	char buf1[20], buf2[20];
+
+	memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
+	/* dont bother about the secret token */
+	r += size_secret_tok + sizeof(size_secret_tok);
+	memcpy(&size_public_tok, r, sizeof(size_public_tok));
+	r += sizeof(size_public_tok);
+	memcpy(&ct, r, size_public_tok);
+	r += size_public_tok;
+	/* there is a int32_t with length of cellname, but we dont read it */
+	r += sizeof(int32_t);
+	cell = (const char *)r;
+
+	krb_kdctimeofday (&tv);
+	strcpy_truncate (buf1, short_date(ct.BeginTimestamp), sizeof(buf1));
+	if (option_verbose || tv.tv_sec < ct.EndTimestamp)
+	    strcpy_truncate (buf2, short_date(ct.EndTimestamp), sizeof(buf2));
+	else
+	    strcpy_truncate (buf2, ">>> Expired <<<", sizeof(buf2));
+
+	printf("%s  %s  ", buf1, buf2);
+
 	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
 	  printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
 	else
@@ -262,6 +309,7 @@ main(int argc, char **argv)
     int     do_srvtab = 0;
     int     do_tokens = 0;
     char   *tkt_file = NULL;
+    int     eval;
 
     set_progname(argv[0]);
 
@@ -304,11 +352,14 @@ main(int argc, char **argv)
 	usage();
     }
 
+    eval = 0;
     if (do_srvtab)
 	display_srvtab(tkt_file);
     else
-	display_tktfile(tkt_file, tgt_test, long_form);
-    if (long_form && do_tokens)
+	eval = display_tktfile(tkt_file, tgt_test, long_form);
+    if (long_form && do_tokens){
+	printf("\nAFS tokens:\n");
 	display_tokens();
-    exit(0);
+    }
+    exit(eval);
 }
diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in
index b2e662c..44a8918 100644
--- a/crypto/kerberosIV/lib/Makefile.in
+++ b/crypto/kerberosIV/lib/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $
+# $Id: Makefile.in,v 1.27 1998/04/05 10:27:59 assar Exp $
 #
 
 srcdir		= @srcdir@
@@ -9,7 +9,7 @@ SHELL		= /bin/sh
 
 @SET_MAKE@
 
-SUBDIRS		= des krb kdb kadm acl kafs roken otp auth sl editline
+SUBDIRS		= roken com_err des krb kdb kadm acl kafs auth editline sl @LIB_SUBDIRS@
 
 all:
 		for i in $(SUBDIRS); \
@@ -44,3 +44,5 @@ distclean:
 realclean:
 		for i in $(SUBDIRS); \
 		do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in
index 59894e4..2a78190 100644
--- a/crypto/kerberosIV/lib/acl/Makefile.in
+++ b/crypto/kerberosIV/lib/acl/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $
+# $Id: Makefile.in,v 1.29 1999/03/10 19:01:14 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -8,10 +8,13 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
+LN_S = @LN_S@
 RANLIB = @RANLIB@
-DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -41,14 +44,14 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(PICFLAGS) $(CPPFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -61,17 +64,11 @@ clean:
 mostlyclean: clean
 
 distclean: clean
-	rm -f Makefile *.tab.c *~
+	rm -f Makefile *.tab.c *~ roken_rename.h
 
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
@@ -81,4 +78,9 @@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
 	$(LDSHARED) -o $@ $(OBJECTS)
 
-$(OBJECTS): ../../include/config.h
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h
index 305b66c..0a6fa56 100644
--- a/crypto/kerberosIV/lib/acl/acl.h
+++ b/crypto/kerberosIV/lib/acl/acl.h
@@ -36,13 +36,11 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */
+/* $Id: acl.h,v 1.6 1997/12/05 03:31:47 joda Exp $ */
 
 #ifndef __ACL_H
 #define __ACL_H
 
-#include <sys/cdefs.h>
-
 void acl_canonicalize_principal __P((char *principal, char *canon));
 int acl_initialize __P((char *acl_file, int perm));
 int acl_exact_match __P((char *acl, char *principal));
diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c
index fc00b80..12098b7 100644
--- a/crypto/kerberosIV/lib/acl/acl_files.c
+++ b/crypto/kerberosIV/lib/acl/acl_files.c
@@ -22,7 +22,7 @@ or implied warranty.
 #include "config.h"
 #include "protos.h"
 
-RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $");
+RCSID("$Id: acl_files.c,v 1.13 1999/03/13 21:21:32 assar Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -71,67 +71,28 @@ RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $");
 
 #define COR(a,b) ((a!=NULL)?(a):(b))
 
-/* Canonicalize a principal name */
-/* If instance is missing, it becomes "" */
-/* If realm is missing, it becomes the local realm */
-/* Canonicalized form is put in canon, which must be big enough to hold
-   MAX_PRINCIPAL_SIZE characters */
+/*
+ * Canonicalize a principal name.
+ * If instance is missing, it becomes ""
+ * If realm is missing, it becomes the local realm
+ * Canonicalized form is put in canon, which must be big enough to
+ * hold MAX_PRINCIPAL_SIZE characters
+ *
+ */
+
 void
 acl_canonicalize_principal(char *principal, char *canon)
 {
-    char *dot, *atsign, *end;
-    int len;
-
-    dot = strchr(principal, INST_SEP);
-    atsign = strchr(principal, REALM_SEP);
-
-    /* Maybe we're done already */
-    if(dot != NULL && atsign != NULL) {
-	if(dot < atsign) {
-	    /* It's for real */
-	    /* Copy into canon */
-	    strncpy(canon, principal, MAX_PRINCIPAL_SIZE);
-	    canon[MAX_PRINCIPAL_SIZE-1] = '\0';
-	    return;
-	} else {
-	    /* Nope, it's part of the realm */
-	    dot = NULL;
-	}
-    }
-    
-    /* No such luck */
-    end = principal + strlen(principal);
-
-    /* Get the principal name */
-    len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal);
-    strncpy(canon, principal, len);
-    canon += len;
-
-    /* Add INST_SEP */
-    *canon++ = INST_SEP;
-
-    /* Get the instance, if it exists */
-    if(dot != NULL) {
-	++dot;
-	len = min(INST_SZ, COR(atsign, end) - dot);
-	strncpy(canon, dot, len);
-	canon += len;
-    }
-
-    /* Add REALM_SEP */
-    *canon++ = REALM_SEP;
-
-    /* Get the realm, if it exists */
-    /* Otherwise, default to local realm */
-    if(atsign != NULL) {
-	++atsign;
-	len = min(REALM_SZ, end - atsign);
-	strncpy(canon, atsign, len);
-	canon += len;
-	*canon++ = '\0';
-    } else if(krb_get_lrealm(canon, 1) != KSUCCESS) {
-	strcpy(canon, KRB_REALM);
+    krb_principal princ;
+    int ret;
+    ret = krb_parse_name(principal, &princ);
+    if(ret) { /* ? */
+	*canon = '\0';
+	return;
     }
+    if(princ.realm[0] == '\0')
+	krb_get_lrealm(princ.realm, 1);
+    krb_unparse_name_r(&princ, canon);
 }
 	    
 /* Get a lock to modify acl_file */
@@ -256,12 +217,13 @@ acl_initialize(char *acl_file, int perm)
 /* Eliminate all whitespace character in buf */
 /* Modifies its argument */
 static void
- nuke_whitespace(char *buf)
+nuke_whitespace(char *buf)
 {
-    char *pin, *pout;
+    unsigned char *pin, *pout;
 
-    for(pin = pout = buf; *pin != '\0'; pin++)
-	if(!isspace(*pin)) *pout++ = *pin;
+    for(pin = pout = (unsigned char *)buf; *pin != '\0'; pin++)
+	if(!isspace(*pin))
+	    *pout++ = *pin;
     *pout = '\0';		/* Terminate the string */
 }
 
@@ -281,9 +243,15 @@ make_hash(int size)
 
     if(size < 1) size = 1;
     h = (struct hashtbl *) malloc(sizeof(struct hashtbl));
+    if (h == NULL)
+	return NULL;
     h->size = size;
     h->entries = 0;
     h->tbl = (char **) calloc(size, sizeof(char *));
+    if (h->tbl == NULL) {
+	free (h);
+	return NULL;
+    }
     return(h);
 }
 
@@ -339,8 +307,10 @@ add_hash(struct hashtbl *h, char *el)
     hv = hashval(el) % h->size;
     while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
     s = strdup(el);
-    h->tbl[hv] = s;
-    h->entries++;
+    if (s != NULL) {
+	h->tbl[hv] = s;
+	h->entries++;
+    }
 }
 
 /* Returns nonzero if el is in h */
@@ -403,7 +373,7 @@ acl_load(char *name)
     }
 
     /* Set up the acl */
-    strcpy(acl_cache[i].filename, name);
+    strcpy_truncate(acl_cache[i].filename, name, LINESIZE);
     if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1);
     /* Force reload */
     acl_cache[i].acl = (struct hashtbl *) 0;
diff --git a/crypto/kerberosIV/lib/auth/ChangeLog b/crypto/kerberosIV/lib/auth/ChangeLog
new file mode 100644
index 0000000..ce2eccc
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/ChangeLog
@@ -0,0 +1,34 @@
+Thu Apr  8 14:35:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
+ 	config.h)
+
+	* sia/Makefile.am: make it build w/o krb4
+
+	* afskauthlib/verify.c: add krb5 support
+
+	* afskauthlib/Makefile.am: build afskauthlib.so
+
+Wed Apr  7 14:06:22 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia.c: make it compile w/o krb4
+
+	* sia/Makefile.am: make it compile w/o krb4
+
+Thu Apr  1 18:09:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
+
+Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* sia/Makefile.in: add posix_getpw.c
+	  
+	* sia/Makefile.am: makefile for sia
+	  
+	* sia/posix_getpw.c: move from sia.c
+	  
+	* sia/sia_locl.h: merge with krb5 version
+	  
+	* sia/sia.c: merge with krb5 version
+	  
+	* sia/sia5.c: remove unused variables
diff --git a/crypto/kerberosIV/lib/auth/Makefile.am b/crypto/kerberosIV/lib/auth/Makefile.am
new file mode 100644
index 0000000..0310dc3
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/Makefile.am
@@ -0,0 +1,6 @@
+# $Id: Makefile.am,v 1.2 1999/03/21 17:11:08 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = @LIB_AUTH_SUBDIRS@
+DIST_SUBDIRS = afskauthlib pam sia
diff --git a/crypto/kerberosIV/lib/auth/Makefile.in b/crypto/kerberosIV/lib/auth/Makefile.in
new file mode 100644
index 0000000..53fde5f
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/Makefile.in
@@ -0,0 +1,55 @@
+#
+# $Id: Makefile.in,v 1.12 1998/03/15 05:58:10 assar Exp $
+#
+
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+SHELL		= /bin/sh
+
+@SET_MAKE@
+
+SUBDIRS		= @LIB_AUTH_SUBDIRS@
+
+all:
+		SUBDIRS='$(SUBDIRS)'; \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) all); done
+
+Wall:
+		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+install:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) install); done
+
+uninstall:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
+
+check:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) check); done
+
+clean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) clean); done
+
+mostlyclean:	clean
+
+distclean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
+		rm -f Makefile *~
+
+realclean:
+		SUBDIRS=$(SUBDIRS); \
+		for i in $$SUBDIRS; \
+		do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am
new file mode 100644
index 0000000..7dd6d52
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.am
@@ -0,0 +1,38 @@
+# $Id: Makefile.am,v 1.3 1999/04/08 12:35:33 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+DEFS = @DEFS@
+
+foodir = $(libdir)
+foo_DATA = afskauthlib.so
+
+SUFFIXES += .c .o
+
+SRCS = verify.c
+OBJS = verify.o
+
+CLEANFILES = $(foo_DATA) $(OBJS) so_locations
+
+afskauthlib.so: $(OBJS)
+	$(LD) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)
+
+.c.o:
+	$(COMPILE) -c $<
+
+if KRB4
+KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
+endif
+
+L = \
+	$(KAFS)	\
+	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
+	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
+	$(LIB_krb4)					\
+	$(top_builddir)/lib/des/.libs/libdes.a		\
+	$(top_builddir)/lib/roken/.libs/libroken.a	\
+	-lc
+
+$(OBJS): $(top_builddir)/include/config.h
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
new file mode 100644
index 0000000..dc09a13
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
@@ -0,0 +1,86 @@
+#
+# $Id: Makefile.in,v 1.24 1999/03/10 19:01:14 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+LN_S = @LN_S@
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+@lib_deps_yes@LIB_DEPS = -L../../kafs -lkafs			\
+@lib_deps_yes@	   -L../../krb -lkrb			\
+@lib_deps_yes@	   -L../../des -ldes			\
+@lib_deps_yes@	   -L../../roken -lroken		\
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS =
+
+PICFLAGS = @REAL_PICFLAGS@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+ 
+LIB = afskauthlib.$(SHLIBEXT)
+
+SOURCES = verify.c
+
+OBJECTS = verify.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	 $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	 rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) $(CFLAGS) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/README b/crypto/kerberosIV/lib/auth/afskauthlib/README
new file mode 100644
index 0000000..6052a26
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/README
@@ -0,0 +1,25 @@
+
+IRIX
+----
+
+The IRIX support is a module that is compatible with Transarc's
+`afskauthlib.so'.  It should work with all programs that use this
+library, this should include `login' and `xdm'.
+
+The interface is not very documented but it seems that you have to copy
+`libkafs.so', `libkrb.so', and `libdes.so' to `/usr/lib', or build your
+`afskauthlib.so' statically.
+
+The `afskauthlib.so' itself is able to reside in `/usr/vice/etc',
+`/usr/afsws/lib', or the current directory (wherever that is).
+
+IRIX 6.4 and newer seems to have all programs (including `xdm' and
+`login') in the N32 object format, whereas in older versions they were
+O32. For it to work, the `afskauthlib.so' library has to be in the same
+object format as the program that tries to load it. This might require
+that you have to configure and build for O32 in addition to the default
+N32.
+
+Appart from this it should "just work", there are no configuration
+files.
+
diff --git a/crypto/kerberosIV/lib/auth/afskauthlib/verify.c b/crypto/kerberosIV/lib/auth/afskauthlib/verify.c
new file mode 100644
index 0000000..f7db523
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/afskauthlib/verify.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.13 1999/04/08 12:36:16 joda Exp $");
+#endif
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+#include <roken.h>
+
+#if 0
+static char krb5ccname[128];
+#endif
+static char krbtkfile[128];
+
+#ifdef KRB4
+static void
+set_krbtkfile(uid_t uid)
+{
+    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
+    krb_set_tkt_string (krbtkfile);
+}
+#endif
+
+
+#ifdef KRB5
+static int
+verify_krb5(struct passwd *pwd,
+	    char *password,
+	    int32_t *exp,
+	    int quiet)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    char ticket[128];
+    krb5_ccache ccache;
+    krb5_principal principal;
+    krb5_realm realm;
+    
+    krb5_init_context(&context);
+
+    krb5_get_default_realm(context, &realm);
+    krb5_make_principal(context, &principal, realm, pwd->pw_name, NULL);
+
+    if(!krb5_kuserok(context, principal, pwd->pw_name)) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_kuserok failed");
+	goto out;
+    }
+    /* XXX this has to be the default cache name, since the KRB5CCNAME
+       environment variable isn't exported by login/xdm
+       */
+    snprintf(ticket, sizeof(ticket), "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
+    ret = krb5_cc_resolve(context, ticket, &ccache);
+    if(ret) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", 
+	       krb5_get_err_text(context, ret));
+	goto out;
+    }
+
+    ret = krb5_verify_user(context,
+			   principal,
+			   ccache,
+			   password,
+			   TRUE,
+			   NULL);
+    if(ret) {
+	syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", 
+	       krb5_get_err_text(context, ret));
+	goto out;
+    }
+    if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
+	syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", 
+	       krb5_get_err_text(context, errno));
+	goto out;
+    }
+
+#ifdef KRB4
+    {
+	CREDENTIALS c;
+	krb5_creds mcred, cred;
+
+	krb5_make_principal(context, &mcred.server, realm,
+			    "krbtgt",
+			    realm,
+			    NULL);
+	ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
+	if(ret == 0) {
+	    ret = krb524_convert_creds_kdc(context, &cred, &c);
+	    if(ret)
+		krb5_warn(context, ret, "converting creds");
+	    else {
+		set_krbtkfile(pwd->pw_uid);
+		tf_setup(&c, c.pname, c.pinst); 
+	    }
+	    memset(&c, 0, sizeof(c));
+	    krb5_free_creds_contents(context, &cred);
+	} else
+	    syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", 
+		   krb5_get_err_text(context, ret));
+	    
+	krb5_free_principal(context, mcred.server);
+    }
+    if (k_hasafs()) {
+	k_setpag();
+	krb5_afslog_uid_home(context, ccache, NULL, NULL, 
+			     pwd->pw_uid, pwd->pw_dir);
+    }
+#endif
+    
+out:
+    if(ret && !quiet)
+	printf ("%s\n", krb5_get_err_text (context, ret));
+    return ret;
+}
+#endif
+
+#ifdef KRB4
+static int
+verify_krb4(struct passwd *pwd,
+	    char *password,
+	    int32_t *exp,
+	    int quiet)
+{
+    int ret = 1;
+    char lrealm[REALM_SZ];
+    
+    if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
+	set_krbtkfile(pwd->pw_uid);
+	ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
+			       KRB_VERIFY_SECURE, NULL);
+	if (ret == KSUCCESS) {
+	    if (k_hasafs()) {
+		k_setpag ();
+		krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
+	    }
+	} else if (!quiet)
+	    printf ("%s\n", krb_get_err_text (ret));
+    }
+    return ret;
+}
+#endif
+
+int
+afs_verify(char *name,
+	   char *password,
+	   int32_t *exp,
+	   int quiet)
+{
+    int ret = 1;
+    struct passwd *pwd = k_getpwnam (name);
+    if(pwd == NULL)
+	return 1;
+#ifdef KRB5
+    ret = verify_krb5(pwd, password, exp, quiet);
+#endif
+#ifdef KRB4
+    if(ret)
+	ret = verify_krb4(pwd, password, exp, quiet);
+#endif
+    if (ret)
+	ret = unix_verify_user (name, password);
+    return ret;
+}
+
+char *
+afs_gettktstring (void)
+{
+    return krbtkfile;
+}
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.am b/crypto/kerberosIV/lib/auth/pam/Makefile.am
new file mode 100644
index 0000000..abde2d9
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/Makefile.am
@@ -0,0 +1,3 @@
+# $Id: Makefile.am,v 1.2 1999/04/01 14:57:04 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
diff --git a/crypto/kerberosIV/lib/auth/pam/Makefile.in b/crypto/kerberosIV/lib/auth/pam/Makefile.in
new file mode 100644
index 0000000..f338fbf
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/Makefile.in
@@ -0,0 +1,83 @@
+#
+# $Id: Makefile.in,v 1.20 1999/03/10 19:01:14 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @REAL_PICFLAGS@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+ 
+@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des -L../../roken \
+@lib_deps_yes@	   -lkafs -lkrb -ldes -lroken -lc
+@lib_deps_no@LIB_DEPS =
+
+LIB = pam_krb4.$(SHLIBEXT)
+
+SOURCES = pam.c
+
+OBJECTS = pam.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	  rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
+#	$(LINK) -shared -Wl,-x -o $(LIB) $(OBJECTS)  ../../kafs/libkafs.a ../../krb/libkrb.a ../../des/libdes.a
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/pam/README b/crypto/kerberosIV/lib/auth/pam/README
new file mode 100644
index 0000000..9505699
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/README
@@ -0,0 +1,25 @@
+
+PAM
+---
+
+The PAM module was written more out of curiosity that anything else. It
+has not been updated for quite a while, since none of us are using
+Linux, and Solaris does not support PAM yet.  We've had positive reports
+from at least one person using the module, though.
+
+To use this module you should:
+
+   * Make sure `pam_krb4.so' is available in `/usr/athena/lib'. You
+     might actually want it on local disk, so `/lib/security' might be a
+     better place if `/usr/athena' is not local.
+
+   * Look at `pam.conf.add' for examples of what to add to
+     `/etc/pam.conf'.
+
+There is currently no support for changing kerberos passwords. Use
+kpasswd instead.
+
+See also Derrick J Brashear's `<shadow@dementia.org>' Kerberos PAM
+module at `ftp://ftp.dementia.org/pub/pam'. It has a lot more features,
+and it is also more in line with other PAM modules.
+
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.c b/crypto/kerberosIV/lib/auth/pam/pam.c
new file mode 100644
index 0000000..37a125e
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/pam.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* This code is extremely ugly, and would probably be better off
+   beeing completely rewritten */
+
+
+#ifdef HAVE_CONFIG_H
+#include<config.h>
+RCSID("$Id: pam.c,v 1.18 1999/03/17 22:37:10 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#define PAM_SM_AUTH
+#define PAM_SM_SESSION
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+#include <netinet/in.h>
+#include <krb.h>
+#include <kafs.h>
+
+static int
+cleanup(pam_handle_t *pamh, void *data, int error_code)
+{
+    if(error_code != PAM_SUCCESS)
+	dest_tkt();
+    free(data);
+    return PAM_SUCCESS;
+}
+
+static int
+doit(pam_handle_t *pamh, char *name, char *inst, char *pwd, char *tkt)
+{
+    char realm[REALM_SZ];
+    int ret;
+
+    pam_set_data(pamh, "KRBTKFILE", strdup(tkt), cleanup);
+    krb_set_tkt_string(tkt);
+	
+    krb_get_lrealm(realm, 1);
+    ret = krb_verify_user(name, inst, realm, pwd, KRB_VERIFY_SECURE, NULL);
+    memset(pwd, 0, strlen(pwd));
+    switch(ret){
+    case KSUCCESS:
+	return PAM_SUCCESS;
+    case KDC_PR_UNKNOWN:
+	return PAM_USER_UNKNOWN;
+    case SKDC_CANT:
+    case SKDC_RETRY:
+    case RD_AP_TIME:
+	return PAM_AUTHINFO_UNAVAIL;
+    default:
+	return PAM_AUTH_ERR;
+    }
+}
+
+static int
+auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+{
+    int ret;
+    struct pam_message msg, *pmsg;
+    struct pam_response *resp;
+    char prompt[128];
+
+    pmsg = &msg;
+    msg.msg_style = PAM_PROMPT_ECHO_OFF;
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
+    msg.msg = prompt;
+
+    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
+		     &resp, conv->appdata_ptr);
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    {
+	char tkt[1024];
+	struct passwd *pw = getpwnam(user);
+
+	if(pw){
+	    snprintf(tkt, sizeof(tkt),
+		     "%s%u", TKT_ROOT, (unsigned)pw->pw_uid);
+	    ret = doit(pamh, user, "", resp->resp, tkt);
+	    if(ret == PAM_SUCCESS)
+		chown(tkt, pw->pw_uid, pw->pw_gid);
+	}else
+	    ret = PAM_USER_UNKNOWN;
+	memset(resp->resp, 0, strlen(resp->resp));
+	free(resp->resp);
+	free(resp);
+    }
+    return ret;
+}
+
+static int
+auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+{
+    int ret;
+    struct passwd *pw;
+    struct pam_message msg, *pmsg;
+    struct pam_response *resp;
+    char prompt[128];
+    krb_principal pr;
+    
+    pr.realm[0] = 0;
+    ret = pam_get_user(pamh, &user, "login: ");
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    pw = getpwuid(getuid());
+    if(strcmp(user, "root") == 0){
+	strcpy_truncate(pr.name, pw->pw_name, sizeof(pr.name));
+	strcpy_truncate(pr.instance, "root", sizeof(pr.instance));
+    }else{
+	strcpy_truncate(pr.name, user, sizeof(pr.name));
+	pr.instance[0] = 0;
+    }
+    pmsg = &msg;
+    msg.msg_style = PAM_PROMPT_ECHO_OFF;
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
+    msg.msg = prompt;
+
+    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
+		     &resp, conv->appdata_ptr);
+    if(ret != PAM_SUCCESS)
+	return ret;
+    
+    {
+	char tkt[1024];
+
+	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s",
+		 TKT_ROOT, pw->pw_name, user);
+	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
+	if(ret == PAM_SUCCESS)
+	    chown(tkt, pw->pw_uid, pw->pw_gid);
+	memset(resp->resp, 0, strlen(resp->resp));
+	free(resp->resp);
+	free(resp);
+    }
+    return ret;
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    char *user;
+    int ret;
+    struct pam_conv *conv;
+    ret = pam_get_user(pamh, &user, "login: ");
+    if(ret != PAM_SUCCESS)
+	return ret;
+
+    ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
+    if(ret != PAM_SUCCESS)
+	return ret;
+
+    
+    if(getuid() != geteuid())
+	return auth_su(pamh, flags, user, conv);
+    else
+	return auth_login(pamh, flags, user, conv);
+}
+
+int 
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    return PAM_SUCCESS;
+}
+
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    char *tkt;
+    void *user;
+    const char *homedir = NULL;
+
+    if(pam_get_item (pamh, PAM_USER, &user) == PAM_SUCCESS) {
+	struct passwd *pwd;
+
+	pwd = getpwnam ((char *)user);
+	if (pwd != NULL)
+	    homedir = pwd->pw_dir;
+    }
+
+    pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt);
+    setenv("KRBTKFILE", tkt, 1);
+    if(k_hasafs()){
+	k_setpag();
+	krb_afslog_home(0, 0, homedir);
+    }
+    return PAM_SUCCESS;
+}
+
+
+int
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+    dest_tkt();
+    if(k_hasafs())
+	k_unlog();
+    return PAM_SUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/auth/pam/pam.conf.add b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
new file mode 100644
index 0000000..1bfb30e
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/pam/pam.conf.add
@@ -0,0 +1,13 @@
+# To get this to work, you will have to add entries to /etc/pam.conf
+#
+# To make login kerberos-aware, you might change pam.conf to look
+# like:
+
+# login authorization
+login   auth       sufficient   /lib/security/pam_krb4.so
+login   auth       required     /lib/security/pam_securetty.so
+login   auth       required     /lib/security/pam_unix_auth.so
+login   account    required     /lib/security/pam_unix_acct.so
+login   password   required     /lib/security/pam_unix_passwd.so
+login   session    required     /lib/security/pam_krb4.so
+login   session    required     /lib/security/pam_unix_session.so
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.am b/crypto/kerberosIV/lib/auth/sia/Makefile.am
new file mode 100644
index 0000000..5a58cb7
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/Makefile.am
@@ -0,0 +1,48 @@
+# $Id: Makefile.am,v 1.4 1999/04/08 12:36:40 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+DEFS = @DEFS@
+
+## this is horribly ugly, but automake/libtool doesn't allow us to
+## unconditionally build shared libraries, and it does not allow us to
+## link with non-installed libraries
+
+if KRB4
+KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
+endif
+
+L = \
+	$(KAFS)						\
+	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
+	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
+	$(LIB_krb4)					\
+	$(top_builddir)/lib/des/.libs/libdes.a		\
+	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
+	$(top_builddir)/lib/roken/.libs/libroken.a	\
+	$(LIB_getpwnam_r)				\
+	-lc
+
+EXTRA_DIST = sia.c krb5_matrix.conf krb5+c2_matrix.conf security.patch
+
+foodir = $(libdir)
+foo_DATA = libsia_krb5.so
+
+LDFLAGS = -rpath $(libdir) -hidden -exported_symbol siad_\* 
+
+OBJS = sia.o posix_getpw.o
+
+libsia_krb5.so: $(OBJS)
+	ld -shared -o $@ $(LDFLAGS) $(OBJS) $(L)
+	ostrip -x -z $@
+
+CLEANFILES = libsia_krb5.so $(OBJS) so_locations
+
+SUFFIXES += .c .o
+
+.c.o:
+	$(COMPILE) -c $<
diff --git a/crypto/kerberosIV/lib/auth/sia/Makefile.in b/crypto/kerberosIV/lib/auth/sia/Makefile.in
new file mode 100644
index 0000000..7abc8f0
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/Makefile.in
@@ -0,0 +1,89 @@
+#
+# $Id: Makefile.in,v 1.29 1999/03/21 17:11:58 joda Exp $
+#
+
+SHELL = /bin/sh
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+CC = @CC@
+LINK = @LINK@
+AR = ar
+RANLIB = @RANLIB@
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+
+INSTALL = @INSTALL@
+INSTALL_DATA	= @INSTALL_DATA@
+MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+libdir = @libdir@
+
+PICFLAGS = @REAL_PICFLAGS@
+SHARED = @SHARED@
+LDSHARED = @LDSHARED@
+SHLIBEXT = @REAL_SHLIBEXT@
+LD_FLAGS = @REAL_LD_FLAGS@
+ 
+@lib_deps_yes@LIB_DEPS = -L../../kafs -lkafs		\
+@lib_deps_yes@	   -L../../kadm -lkadm			\
+@lib_deps_yes@	   -L../../krb -lkrb			\
+@lib_deps_yes@	   -L../../des -ldes			\
+@lib_deps_yes@	   -L../../com_err -lcom_err		\
+@lib_deps_yes@	   -L../../roken -lroken		\
+@lib_deps_yes@	   @LIB_getpwnam_r@			\
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS =
+
+LIB = libsia_krb4.$(SHLIBEXT)
+
+SOURCES = sia.c posix_getpw.c
+
+OBJECTS = sia.o posix_getpw.o
+
+all: $(LIB)
+
+Wall:
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+
+.c.o:
+	$(CC) -c $(DEFS) -I../../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
+
+install: all
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	-if test "$(LIB)" != ""; then \
+	  $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+uninstall:
+	-if test "$(LIB)" != ""; then \
+	  rm -f $(DESTDIR)$(libdir)/$(LIB) ; \
+	fi
+
+TAGS: $(SOURCES)
+	etags $(SOURCES)
+
+check:
+
+clean:
+	rm -f $(LIB) *.o
+
+mostlyclean: clean
+
+distclean: clean
+	rm -f Makefile *.tab.c *~
+
+realclean: distclean
+	rm -f TAGS
+
+$(OBJECTS): ../../../include/config.h
+
+$(LIB): $(OBJECTS)
+	rm -f $@
+	$(LDSHARED) -shared -o $@ -rpath $(libdir) -hidden -exported_symbol siad_\* $(OBJECTS) $(LIB_DEPS)
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/auth/sia/README b/crypto/kerberosIV/lib/auth/sia/README
new file mode 100644
index 0000000..aa7383e
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/README
@@ -0,0 +1,87 @@
+
+Digital SIA
+-----------
+
+To install the SIA module you will have to do the following:
+
+   * Make sure `libsia_krb4.so' is available in `/usr/athena/lib'. If
+     `/usr/athena' is not on local disk, you might want to put it in
+     `/usr/shlib' or someplace else. If you do, you'll have to edit
+     `krb4_matrix.conf' to reflect the new location (you will also have
+     to do this if you installed in some other directory than
+     `/usr/athena'). If you built with shared libraries, you will have
+     to copy the shared `libkrb.so', `libdes.so', `libkadm.so', and
+     `libkafs.so' to a place where the loader can find them (such as
+     `/usr/shlib').
+
+   * Copy (your possibly edited) `krb4_matrix.conf' to `/etc/sia'.
+
+   * Apply `security.patch' to `/sbin/init.d/security'.
+
+   * Turn on KRB4 security by issuing `rcmgr set SECURITY KRB4' and
+     `rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf'.
+
+   * Digital thinks you should reboot your machine, but that really
+     shouldn't be necessary.  It's usually sufficient just to run
+     `/sbin/init.d/security start' (and restart any applications that
+     use SIA, like `xdm'.)
+
+Users with local passwords (like `root') should be able to login safely.
+
+When using Digital's xdm the `KRBTKFILE' environment variable isn't
+passed along as it should (since xdm zaps the environment). Instead you
+have to set `KRBTKFILE' to the correct value in
+`/usr/lib/X11/xdm/Xsession'. Add a line similar to
+     KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE
+If you use CDE, `dtlogin' allows you to specify which additional
+environment variables it should export. To add `KRBTKFILE' to this
+list, edit `/usr/dt/config/Xconfig', and look for the definition of
+`exportList'. You want to add something like:
+     Dtlogin.exportList:     KRBTKFILE
+
+Notes to users with Enhanced security
+.....................................
+
+Digital's `ENHANCED' (C2) security, and Kerberos solves two different
+problems. C2 deals with local security, adds better control of who can
+do what, auditing, and similar things. Kerberos deals with network
+security.
+
+To make C2 security work with Kerberos you will have to do the
+following.
+
+   * Replace all occurencies of `krb4_matrix.conf' with
+     `krb4+c2_matrix.conf' in the directions above.
+
+   * You must enable "vouching" in the `default' database.  This will
+     make the OSFC2 module trust other SIA modules, so you can login
+     without giving your C2 password. To do this use `edauth' to edit
+     the default entry `/usr/tcb/bin/edauth -dd default', and add a
+     `d_accept_alternate_vouching' capability, if not already present.
+
+   * For each user that does *not* have a local C2 password, you should
+     set the password expiration field to zero. You can do this for each
+     user, or in the `default' table. To do this use `edauth' to set
+     (or change) the `u_exp' capability to `u_exp#0'.
+
+   * You also need to be aware that the shipped `login', `rcp', and
+     `rshd', doesn't do any particular C2 magic (such as checking to
+     various forms of disabled accounts), so if you rely on those
+     features, you shouldn't use those programs. If you configure with
+     `--enable-osfc2', these programs will, however, set the login UID.
+     Still: use at your own risk.
+
+At present `su' does not accept the vouching flag, so it will not work
+as expected.
+
+Also, kerberised ftp will not work with C2 passwords. You can solve this
+by using both Digital's ftpd and our on different ports.
+
+*Remember*, if you do these changes you will get a system that most
+certainly does *not* fulfill the requirements of a C2 system. If C2 is
+what you want, for instance if someone else is forcing you to use it,
+you're out of luck.  If you use enhanced security because you want a
+system that is more secure than it would otherwise be, you probably got
+an even more secure system. Passwords will not be sent in the clear,
+for instance.
+
diff --git a/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf
new file mode 100644
index 0000000..b664d3d
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb4+c2_matrix.conf
@@ -0,0 +1,63 @@
+# Copyright (c) 1998 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden). 
+# All rights reserved. 
+#
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions 
+# are met: 
+#
+# 1. Redistributions of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer. 
+#
+# 2. Redistributions in binary form must reproduce the above copyright 
+#    notice, this list of conditions and the following disclaimer in the 
+#    documentation and/or other materials provided with the distribution. 
+#
+# 3. All advertising materials mentioning features or use of this software 
+#    must display the following acknowledgement: 
+#      This product includes software developed by Kungliga Tekniska 
+#      Högskolan and its contributors. 
+#
+# 4. Neither the name of the Institute nor the names of its contributors 
+#    may be used to endorse or promote products derived from this software 
+#    without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+# SUCH DAMAGE. 
+
+# $Id: krb4+c2_matrix.conf,v 1.3 1998/06/30 15:14:31 assar Exp $
+
+# sia matrix configuration file (Kerberos 4 + C2)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf
new file mode 100644
index 0000000..9f78850
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb4_matrix.conf
@@ -0,0 +1,64 @@
+# Copyright (c) 1998 Kungliga Tekniska Högskolan
+# (Royal Institute of Technology, Stockholm, Sweden). 
+# All rights reserved. 
+#
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions 
+# are met: 
+#
+# 1. Redistributions of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer. 
+#
+# 2. Redistributions in binary form must reproduce the above copyright 
+#    notice, this list of conditions and the following disclaimer in the 
+#    documentation and/or other materials provided with the distribution. 
+#
+# 3. All advertising materials mentioning features or use of this software 
+#    must display the following acknowledgement: 
+#      This product includes software developed by Kungliga Tekniska 
+#      Högskolan and its contributors. 
+#
+# 4. Neither the name of the Institute nor the names of its contributors 
+#    may be used to endorse or promote products derived from this software 
+#    without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+# SUCH DAMAGE. 
+
+# $Id: krb4_matrix.conf,v 1.5 1998/01/29 02:54:11 joda Exp $
+
+# sia matrix configuration file (Kerberos 4 + BSD)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) 
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+
diff --git a/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf
new file mode 100644
index 0000000..c2952e2
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb5+c2_matrix.conf
@@ -0,0 +1,27 @@
+# $Id: krb5+c2_matrix.conf,v 1.2 1998/11/26 20:58:18 assar Exp $
+
+# sia matrix configuration file (Kerberos 5 + C2)
+
+siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf b/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf
new file mode 100644
index 0000000..e49366a
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/krb5_matrix.conf
@@ -0,0 +1,27 @@
+# $Id: krb5_matrix.conf,v 1.1 1997/05/15 18:34:18 joda Exp $
+
+# sia matrix configuration file (Kerberos 5 + BSD)
+
+siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so) 
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)
+siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_reauthent=(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_user=(BSD,libc.so)
diff --git a/crypto/kerberosIV/lib/auth/sia/posix_getpw.c b/crypto/kerberosIV/lib/auth/sia/posix_getpw.c
new file mode 100644
index 0000000..c5961dc
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/posix_getpw.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "sia_locl.h"
+
+RCSID("$Id: posix_getpw.c,v 1.1 1999/03/21 17:07:02 joda Exp $");
+
+#ifndef POSIX_GETPWNAM_R
+/* 
+ * These functions translate from the old Digital UNIX 3.x interface
+ * to POSIX.1c.
+ */
+
+int
+posix_getpwnam_r(const char *name, struct passwd *pwd, 
+		 char *buffer, int len, struct passwd **result)
+{
+    int ret = getpwnam_r(name, pwd, buffer, len);
+    if(ret == 0)
+	*result = pwd;
+    else{
+	*result = NULL;
+	ret = _Geterrno();
+	if(ret == 0){
+	    ret = ERANGE;
+	    _Seterrno(ret);
+	}
+    }
+    return ret;
+}
+
+int
+posix_getpwuid_r(uid_t uid, struct passwd *pwd, 
+		 char *buffer, int len, struct passwd **result)
+{
+    int ret = getpwuid_r(uid, pwd, buffer, len);
+    if(ret == 0)
+	*result = pwd;
+    else{
+	*result = NULL;
+	ret = _Geterrno();
+	if(ret == 0){
+	    ret = ERANGE;
+	    _Seterrno(ret);
+	}
+    }
+    return ret;
+}
+#endif /* POSIX_GETPWNAM_R */
diff --git a/crypto/kerberosIV/lib/auth/sia/security.patch b/crypto/kerberosIV/lib/auth/sia/security.patch
new file mode 100644
index 0000000..c407876
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/security.patch
@@ -0,0 +1,11 @@
+--- /sbin/init.d/security~      Tue Aug 20 22:44:09 1996
++++ /sbin/init.d/security       Fri Nov  1 14:52:56 1996
+@@ -49,7 +49,7 @@
+                    SECURITY=BASE
+                fi
+                ;;
+-       BASE)
++       BASE|KRB4)
+                ;;
+        *)
+                echo "security configuration set to default (BASE)."
diff --git a/crypto/kerberosIV/lib/auth/sia/sia.c b/crypto/kerberosIV/lib/auth/sia/sia.c
new file mode 100644
index 0000000..8d35b41
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/sia.c
@@ -0,0 +1,673 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sia_locl.h"
+
+RCSID("$Id: sia.c,v 1.30 1999/04/08 13:07:38 joda Exp $");
+
+int 
+siad_init(void)
+{
+    return SIADSUCCESS;
+}
+
+int 
+siad_chk_invoker(void)
+{
+    SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
+    return SIADFAIL;
+}
+
+int 
+siad_ses_init(SIAENTITY *entity, int pkgind)
+{
+    struct state *s = malloc(sizeof(*s));
+    SIA_DEBUG(("DEBUG", "siad_ses_init"));
+    if(s == NULL)
+	return SIADFAIL;
+    memset(s, 0, sizeof(*s));
+#ifdef SIA_KRB5
+    krb5_init_context(&s->context);
+#endif
+    entity->mech[pkgind] = (int*)s;
+    return SIADSUCCESS;
+}
+
+static int
+setup_name(SIAENTITY *e, prompt_t *p)
+{
+    SIA_DEBUG(("DEBUG", "setup_name"));
+    e->name = malloc(SIANAMEMIN + 1);
+    if(e->name == NULL){
+	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
+	return SIADFAIL;
+    }
+    p->prompt = (unsigned char*)"login: ";
+    p->result = (unsigned char*)e->name;
+    p->min_result_length = 1;
+    p->max_result_length = SIANAMEMIN;
+    p->control_flags = 0;
+    return SIADSUCCESS;
+}
+
+static int
+setup_password(SIAENTITY *e, prompt_t *p)
+{
+    SIA_DEBUG(("DEBUG", "setup_password"));
+    e->password = malloc(SIAMXPASSWORD + 1);
+    if(e->password == NULL){
+	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
+	return SIADFAIL;
+    }
+    p->prompt = (unsigned char*)"Password: ";
+    p->result = (unsigned char*)e->password;
+    p->min_result_length = 0;
+    p->max_result_length = SIAMXPASSWORD;
+    p->control_flags = SIARESINVIS;
+    return SIADSUCCESS;
+}
+
+
+static int
+doauth(SIAENTITY *entity, int pkgind, char *name)
+{
+    struct passwd pw, *pwd;
+    char pwbuf[1024];
+    struct state *s = (struct state*)entity->mech[pkgind];
+#ifdef SIA_KRB5
+    char *realm;
+    krb5_principal principal;
+    krb5_ccache ccache;
+    krb5_error_code ret;
+#endif
+#ifdef SIA_KRB4
+    char realm[REALM_SZ];
+    char *toname, *toinst;
+    int ret;
+    struct passwd fpw, *fpwd;
+    char fpwbuf[1024];
+    int secure;
+#endif
+	
+    if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0){
+	SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
+	return SIADFAIL;
+    }
+
+#ifdef SIA_KRB5
+    ret = krb5_get_default_realm(s->context, &realm);
+    krb5_build_principal(s->context, &principal, 
+			 strlen(realm),
+			 realm,
+			 entity->name,
+			 NULL);
+
+	
+    if(!krb5_kuserok(s->context, principal, entity->name))
+	return SIADFAIL;
+    sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
+    ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
+    if(ret)
+	return SIADFAIL;
+    ret = krb5_cc_initialize(s->context, ccache, principal);
+    if(ret)
+	return SIADFAIL;
+#endif
+	
+#ifdef SIA_KRB4
+    snprintf(s->ticket, sizeof(s->ticket),
+	     TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid());
+    krb_get_lrealm(realm, 1);
+    toname = name;
+    toinst = "";
+    if(entity->authtype == SIA_A_SUAUTH){
+	uid_t ouid;
+#ifdef HAVE_SIAENTITY_OUID
+	ouid = entity->ouid;
+#else
+	ouid = getuid();
+#endif
+	if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0){
+	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
+	    return SIADFAIL;
+	}
+	snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d", 
+		 fpwd->pw_name, pwd->pw_name, getpid());
+	if(strcmp(pwd->pw_name, "root") == 0){
+	    toname = fpwd->pw_name;
+	    toinst = pwd->pw_name;
+	}
+    }
+    if(entity->authtype == SIA_A_REAUTH) 
+	snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
+    
+    krb_set_tkt_string(s->ticket);
+	
+    setuid(0); /* XXX fix for fix in tf_util.c */
+    if(krb_kuserok(toname, toinst, realm, name)){
+	SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", 
+		   toname, toinst, realm, name));
+	return SIADFAIL;
+    }
+#endif
+#ifdef SIA_KRB5
+    ret = krb5_verify_user(s->context, principal, ccache,
+			   entity->password, 1, NULL);
+    if(ret){
+	/* if this is most likely a local user (such as
+	   root), just silently return failure when the
+	   principal doesn't exist */
+	if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
+	   ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+	    SIALOG("WARNING", "krb5_verify_user(%s): %s", 
+		   entity->name, error_message(ret));
+	return SIADFAIL;
+    }
+#endif
+#ifdef SIA_KRB4
+    if (getuid () == 0)
+	secure = KRB_VERIFY_SECURE;
+    else
+	secure = KRB_VERIFY_NOT_SECURE;
+	
+    ret = krb_verify_user(toname, toinst, realm,
+			  entity->password, secure, NULL);
+    if(ret){
+	SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
+	if(ret != KDC_PR_UNKNOWN)
+	    /* since this is most likely a local user (such as
+	       root), just silently return failure when the
+	       principal doesn't exist */
+	    SIALOG("WARNING", "krb_verify_user(%s.%s): %s", 
+		   toname, toinst, krb_get_err_text(ret));
+	return SIADFAIL;
+    }
+#endif
+    if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
+	return SIADFAIL;
+    s->valid = 1;
+    return SIADSUCCESS;
+}
+
+
+static int 
+common_auth(sia_collect_func_t *collect, 
+	    SIAENTITY *entity, 
+	    int siastat,
+	    int pkgind)
+{
+    prompt_t prompts[2], *pr;
+    char *name;
+
+    SIA_DEBUG(("DEBUG", "common_auth"));
+    if((siastat == SIADSUCCESS) && (geteuid() == 0))
+	return SIADSUCCESS;
+    if(entity == NULL) {
+	SIA_DEBUG(("DEBUG", "entity == NULL"));
+	return SIADFAIL | SIADSTOP;
+    }
+    name = entity->name;
+    if(entity->acctname)
+	name = entity->acctname;
+    
+    if((collect != NULL) && entity->colinput) {
+	int num;
+	pr = prompts;
+	if(name == NULL){
+	    if(setup_name(entity, pr) != SIADSUCCESS)
+		return SIADFAIL;
+	    pr++;
+	}
+	if(entity->password == NULL){
+	    if(setup_password(entity, pr) != SIADSUCCESS)
+		return SIADFAIL;
+	    pr++;
+	}
+	num = pr - prompts;
+	if(num == 1){
+	    if((*collect)(240, SIAONELINER, (unsigned char*)"", num, 
+			  prompts) != SIACOLSUCCESS){
+		SIA_DEBUG(("DEBUG", "collect failed"));
+		return SIADFAIL | SIADSTOP;
+	    }
+	} else if(num > 0){
+	    if((*collect)(0, SIAFORM, (unsigned char*)"", num, 
+			  prompts) != SIACOLSUCCESS){
+		SIA_DEBUG(("DEBUG", "collect failed"));
+		return SIADFAIL | SIADSTOP;
+	    }
+	}
+    }
+    if(name == NULL)
+	name = entity->name;
+    if(name == NULL || name[0] == '\0'){
+	SIA_DEBUG(("DEBUG", "name is null"));
+	return SIADFAIL;
+    }
+
+    if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
+	SIA_DEBUG(("DEBUG", "entity->password is null"));
+	return SIADFAIL;
+    }
+    
+    return doauth(entity, pkgind, name);
+}
+
+
+int 
+siad_ses_authent(sia_collect_func_t *collect, 
+		 SIAENTITY *entity, 
+		 int siastat,
+		 int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_authent"));
+    return common_auth(collect, entity, siastat, pkgind);
+}
+
+int 
+siad_ses_estab(sia_collect_func_t *collect, 
+	       SIAENTITY *entity, int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_estab"));
+    return SIADFAIL;
+}
+
+int 
+siad_ses_launch(sia_collect_func_t *collect,
+		SIAENTITY *entity,
+		int pkgind)
+{
+    static char env[MaxPathLen];
+    struct state *s = (struct state*)entity->mech[pkgind];
+    SIA_DEBUG(("DEBUG", "siad_ses_launch"));
+    if(s->valid){
+#ifdef SIA_KRB5
+	chown(s->ticket + sizeof("FILE:") - 1, 
+	      entity->pwd->pw_uid, 
+	      entity->pwd->pw_gid);
+	snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
+#endif
+#ifdef SIA_KRB4
+	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+	snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
+#endif
+	putenv(env);
+    }
+#ifdef KRB4
+    if (k_hasafs()) {
+	char cell[64];
+	k_setpag();
+	if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
+	    krb_afslog(cell, 0);
+	krb_afslog_home(0, 0, entity->pwd->pw_dir);
+    }
+#endif
+    return SIADSUCCESS;
+}
+
+int 
+siad_ses_release(SIAENTITY *entity, int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_release"));
+    if(entity->mech[pkgind]){
+#ifdef SIA_KRB5
+	struct state *s = (struct state*)entity->mech[pkgind];
+	krb5_free_context(s->context);
+#endif
+	free(entity->mech[pkgind]);
+    }
+    return SIADSUCCESS;
+}
+
+int 
+siad_ses_suauthent(sia_collect_func_t *collect,
+		   SIAENTITY *entity,
+		   int siastat,
+		   int pkgind)
+{
+    SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
+    if(geteuid() != 0)
+	return SIADFAIL;
+    if(entity->name == NULL)
+	return SIADFAIL;
+    if(entity->name[0] == '\0') {
+	free(entity->name);
+	entity->name = strdup("root");
+	if (entity->name == NULL)
+	    return SIADFAIL;
+    }
+    return common_auth(collect, entity, siastat, pkgind);
+}
+
+int
+siad_ses_reauthent (sia_collect_func_t *collect,
+		    SIAENTITY *entity,
+		    int siastat,
+		    int pkgind)
+{
+    int ret;
+    SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
+    if(entity == NULL || entity->name == NULL)
+	return SIADFAIL;
+    ret = common_auth(collect, entity, siastat, pkgind);
+    if((ret & SIADSUCCESS)){
+	/* launch isn't (always?) called when doing reauth, so we must
+           duplicate some code here... */
+	struct state *s = (struct state*)entity->mech[pkgind];
+	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+#ifdef KRB4
+	if(k_hasafs()) {
+	    char cell[64];
+	    if(k_afs_cell_of_file(entity->pwd->pw_dir, 
+				  cell, sizeof(cell)) == 0)
+		krb_afslog(cell, 0);
+	    krb_afslog_home(0, 0, entity->pwd->pw_dir);
+	}
+#endif
+    }
+    return ret;
+}
+
+int
+siad_chg_finger (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    SIA_DEBUG(("DEBUG", "siad_chg_finger"));
+    return SIADFAIL;
+}
+
+#ifdef SIA_KRB5
+int
+siad_chg_password (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    return SIADFAIL;
+}
+#endif
+
+#ifdef SIA_KRB4
+static void
+sia_message(sia_collect_func_t *collect, int rendition, 
+	    const char *title, const char *message)
+{
+    prompt_t prompt;
+    prompt.prompt = (unsigned char*)message;
+    (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
+}
+
+static int
+init_change(sia_collect_func_t *collect, krb_principal *princ)
+{
+    prompt_t prompt;
+    char old_pw[MAX_KPW_LEN+1];
+    char *msg;
+    char tktstring[128];
+    int ret;
+    
+    SIA_DEBUG(("DEBUG", "init_change"));
+    prompt.prompt = (unsigned char*)"Old password: ";
+    prompt.result = (unsigned char*)old_pw;
+    prompt.min_result_length = 0;
+    prompt.max_result_length = sizeof(old_pw) - 1;
+    prompt.control_flags = SIARESINVIS;
+    asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
+    if(msg == NULL){
+	SIA_DEBUG(("DEBUG", "out of memory"));
+	return SIADFAIL;
+    }
+    ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
+    free(msg);
+    SIA_DEBUG(("DEBUG", "ret = %d", ret));
+    if(ret != SIACOLSUCCESS)
+	return SIADFAIL;
+    snprintf(tktstring, sizeof(tktstring), 
+	     TKT_ROOT "_cpw_%u", (unsigned)getpid());
+    krb_set_tkt_string(tktstring);
+    
+    ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
+			    PWSERV_NAME, KADM_SINST, 1, old_pw);
+    if (ret != KSUCCESS) {
+	SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
+	if (ret == INTK_BADPW)
+	    sia_message(collect, SIAWARNING, "", "Incorrect old password.");
+	else
+	    sia_message(collect, SIAWARNING, "", "Kerberos error.");
+	memset(old_pw, 0, sizeof(old_pw));
+	return SIADFAIL;
+    }
+    if(chown(tktstring, getuid(), -1) < 0){
+	dest_tkt();
+	return SIADFAIL;
+    }
+    memset(old_pw, 0, sizeof(old_pw));
+    return SIADSUCCESS;
+}
+
+int
+siad_chg_password (sia_collect_func_t *collect,
+		   const char *username, 
+		   int argc, 
+		   char *argv[])
+{
+    prompt_t prompts[2];
+    krb_principal princ;
+    int ret;
+    char new_pw1[MAX_KPW_LEN+1];
+    char new_pw2[MAX_KPW_LEN+1];
+    static struct et_list *et_list;
+
+    set_progname(argv[0]);
+
+    SIA_DEBUG(("DEBUG", "siad_chg_password"));
+    if(collect == NULL)
+	return SIADFAIL;
+
+    if(username == NULL)
+	username = getlogin();
+
+    ret = krb_parse_name(username, &princ);
+    if(ret)
+	return SIADFAIL;
+    if(princ.realm[0] == '\0')
+	krb_get_lrealm(princ.realm, 1);
+
+    if(et_list == NULL) {
+	initialize_kadm_error_table_r(&et_list);
+	initialize_krb_error_table_r(&et_list);
+    }
+
+    ret = init_change(collect, &princ);
+    if(ret != SIADSUCCESS)
+	return ret;
+
+again:
+    prompts[0].prompt = (unsigned char*)"New password: ";
+    prompts[0].result = (unsigned char*)new_pw1;
+    prompts[0].min_result_length = MIN_KPW_LEN;
+    prompts[0].max_result_length = sizeof(new_pw1) - 1;
+    prompts[0].control_flags = SIARESINVIS;
+    prompts[1].prompt = (unsigned char*)"Verify new password: ";
+    prompts[1].result = (unsigned char*)new_pw2;
+    prompts[1].min_result_length = MIN_KPW_LEN;
+    prompts[1].max_result_length = sizeof(new_pw2) - 1;
+    prompts[1].control_flags = SIARESINVIS;
+    if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != 
+       SIACOLSUCCESS) {
+	dest_tkt();
+	return SIADFAIL;
+    }
+    if(strcmp(new_pw1, new_pw2) != 0){
+	sia_message(collect, SIAWARNING, "", "Password mismatch.");
+	goto again;
+    }
+    ret = kadm_check_pw(new_pw1);
+    if(ret) {
+	sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
+	goto again;
+    }
+    
+    memset(new_pw2, 0, sizeof(new_pw2));
+    ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
+    if (ret != KADM_SUCCESS)
+	sia_message(collect, SIAWARNING, "Error initing kadmin connection", 
+		    com_right(et_list, ret));
+    else {
+	des_cblock newkey;
+	char *pw_msg; /* message from server */
+
+	des_string_to_key(new_pw1, &newkey);
+	ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
+	memset(newkey, 0, sizeof(newkey));
+      
+	if (ret == KADM_INSECURE_PW)
+	    sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
+	else if (ret != KADM_SUCCESS)
+	    sia_message(collect, SIAWARNING, "Error changing password", 
+			com_right(et_list, ret));
+    }
+    memset(new_pw1, 0, sizeof(new_pw1));
+
+    if (ret != KADM_SUCCESS)
+	sia_message(collect, SIAWARNING, "", "Password NOT changed.");
+    else
+	sia_message(collect, SIAINFO, "", "Password changed.");
+    
+    dest_tkt();
+    if(ret)
+	return SIADFAIL;
+    return SIADSUCCESS;
+}
+#endif
+
+int
+siad_chg_shell (sia_collect_func_t *collect,
+		     const char *username, 
+		     int argc, 
+		     char *argv[])
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwent(struct passwd *result, 
+	      char *buf, 
+	      int bufsize, 
+	      struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwuid (uid_t uid, 
+	       struct passwd *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getpwnam (const char *name, 
+	       struct passwd *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_setpwent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_endpwent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrent(struct group *result, 
+	      char *buf, 
+	      int bufsize, 
+	      struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrgid (gid_t gid, 
+	       struct group *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_getgrnam (const char *name, 
+	       struct group *result, 
+	       char *buf, 
+	       int bufsize, 
+	       struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_setgrent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_endgrent (struct sia_context *context)
+{
+    return SIADFAIL;
+}
+
+int
+siad_chk_user (const char *logname, int checkflag)
+{
+    if(checkflag != CHGPASSWD)
+	return SIADFAIL;
+    return SIADSUCCESS;
+}
diff --git a/crypto/kerberosIV/lib/auth/sia/sia_locl.h b/crypto/kerberosIV/lib/auth/sia/sia_locl.h
new file mode 100644
index 0000000..0f3f74d
--- /dev/null
+++ b/crypto/kerberosIV/lib/auth/sia/sia_locl.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/* $Id: sia_locl.h,v 1.2 1999/04/01 16:09:22 joda Exp $ */
+
+#ifndef __sia_locl_h__
+#define __sia_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <siad.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#ifdef KRB5
+#define SIA_KRB5
+#elif defined(KRB4)
+#define SIA_KRB4
+#endif
+
+#ifdef SIA_KRB5
+#include <krb5.h>
+#include <com_err.h>
+#endif
+#ifdef SIA_KRB4
+#include <krb.h>
+#include <krb_err.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#endif
+#ifdef KRB4
+#include <kafs.h>
+#endif
+
+#include <roken.h>
+
+#ifndef POSIX_GETPWNAM_R
+
+#define getpwnam_r posix_getpwnam_r
+#define getpwuid_r posix_getpwuid_r
+
+#endif /* POSIX_GETPWNAM_R */
+
+#ifndef DEBUG
+#define SIA_DEBUG(X)
+#else
+#define SIA_DEBUG(X) SIALOG X
+#endif
+
+struct state{
+#ifdef SIA_KRB5
+    krb5_context context;
+    krb5_auth_context auth_context;
+#endif
+    char ticket[MaxPathLen];
+    int valid;
+};
+
+#endif /* __sia_locl_h__ */
diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in
index 1dafd4f..ba97c5d 100644
--- a/crypto/kerberosIV/lib/kadm/Makefile.in
+++ b/crypto/kerberosIV/lib/kadm/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $
+# $Id: Makefile.in,v 1.47 1998/10/13 16:50:44 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -8,24 +8,42 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 LN_S = @LN_S@
-DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 
-COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c 
+COMPILE_ET = ../com_err/compile_et
 
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 libdir = @libdir@
 
+top_builddir = ../..
+
+includedir = @includedir@
+
+incdir = $(includedir)
+inc_DATA = kadm_err.h
+idir = $(top_builddir)/include
+
 PICFLAGS = @PICFLAGS@
 
+@lib_deps_yes@LIB_DEPS = -L../krb -lkrb \
+@lib_deps_yes@	   -L../des -ldes \
+@lib_deps_yes@	   -lc
+@lib_deps_no@LIB_DEPS = 
+
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
 LIBNAME = $(LIBPREFIX)kadm
 LIBEXT = @LIBEXT@
 LIBPREFIX = @LIBPREFIX@
@@ -34,24 +52,32 @@ SHLIBEXT = @SHLIBEXT@
 LDSHARED = @LDSHARED@
 LIB = $(LIBNAME).$(LIBEXT)
 
-SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c
+SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c check_password.c
 
-OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o
+OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o check_password.o
 
-all: $(LIB)
+all: $(LIB) all-local
 
 Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	@for i in $(inc_DATA); do \
+	echo "  $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\
+	$(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+	@for i in $(inc_DATA); do \
+	echo "  rm -f $(DESTDIR)$(incdir)/$$i";\
+	rm -f $(DESTDIR)$(incdir)/$$i; done
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -59,22 +85,16 @@ TAGS: $(SOURCES)
 check:
 
 clean:
-	rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations kadm_err.c kadm_err.h
 
 mostlyclean: clean
 
 distclean: clean
-	rm -f Makefile *.tab.c *~
+	rm -f Makefile *.tab.c *~ roken_rename.h
 
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
@@ -82,11 +102,24 @@ $(LIBNAME).a: $(OBJECTS)
 
 $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS)
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
 
-kadm_err.c kadm_err.h: kadm_err.et
-	test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .)
-	$(COMPILE_ET) kadm_err.et
+kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et
+	$(COMPILE_ET) $(srcdir)/kadm_err.et
 
-$(OBJECTS): ../../include/config.h
+$(OBJECTS): ../../include/config.h roken_rename.h
 $(OBJECTS): kadm_err.h kadm_locl.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+all-local: $(inc_DATA)
+	@for i in $(inc_DATA); do \
+		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
+			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
+			$(INSTALL_DATA) $$i $(idir)/$$i; \
+		fi ; \
+	done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local
diff --git a/crypto/kerberosIV/lib/kadm/check_password.c b/crypto/kerberosIV/lib/kadm/check_password.c
new file mode 100644
index 0000000..be95c91
--- /dev/null
+++ b/crypto/kerberosIV/lib/kadm/check_password.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kadm_locl.h"
+RCSID("$Id: check_password.c,v 1.2 1999/03/13 21:23:48 assar Exp $");
+
+/* This is a client side password check. Should perhaps be merged with
+   kadmind version that lives in pw_check.c */
+
+int
+kadm_check_pw (const char *password)
+{
+    const char *t;
+    if (strlen(password) == 0)
+	return KADM_PASS_Q_NULL;
+    if (strlen(password) < MIN_KPW_LEN)
+	return KADM_PASS_Q_TOOSHORT;
+    
+    /* Don't allow all lower case passwords regardless of length */
+    for (t = password; *t && islower((unsigned char)*t); t++)
+	;
+    if (*t == '\0')
+	return KADM_PASS_Q_CLASS;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h
index d18f592..fd3d75b 100644
--- a/crypto/kerberosIV/lib/kadm/kadm.h
+++ b/crypto/kerberosIV/lib/kadm/kadm.h
@@ -1,5 +1,5 @@
 /*
- * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $
+ * $Id: kadm.h,v 1.17 1998/10/23 14:25:55 joda Exp $
  *
  * Copyright 1988 by the Massachusetts Institute of Technology.
  *
@@ -66,20 +66,26 @@ typedef struct {		/* status of the server, i.e the parameters */
 /* Kadm_vals structure for passing db fields into the server routines */
 #define FLDSZ        4
 
+/* XXX enable new extended kadm fields */
+#define EXTENDED_KADM 1
+
 typedef struct {
-    u_int8_t       fields[FLDSZ];     /* The active fields in this struct */
-    char           name[ANAME_SZ];
-    char           instance[INST_SZ];
-    u_int32_t  key_low;
-    u_int32_t  key_high;
-    u_int32_t  exp_date;
-    u_int16_t attributes;
-    u_int8_t  max_life;
+    u_int8_t	fields[FLDSZ];     /* The active fields in this struct */
+    char	name[ANAME_SZ];
+    char	instance[INST_SZ];
+    u_int32_t	key_low;
+    u_int32_t	key_high;
+    u_int32_t	exp_date;
+    u_int16_t	attributes;
+    u_int8_t	max_life;
+#ifdef EXTENDED_KADM
+    u_int32_t	mod_date;
+    char	mod_name[ANAME_SZ];
+    char	mod_instance[INST_SZ];
+    u_int8_t	key_version;
+#endif
 } Kadm_vals;                    /* The basic values structure in Kadm */
 
-/* Kadm_vals structure for passing db fields into the server routines */
-#define FLDSZ        4
-
 /* Need to define fields types here */
 #define KADM_NAME       31
 #define KADM_INST       30
@@ -88,6 +94,13 @@ typedef struct {
 #define KADM_MAXLIFE    27
 #define KADM_DESKEY     26
 
+#ifdef EXTENDED_KADM
+#define KADM_MODDATE	25
+#define KADM_MODNAME	24
+#define KADM_MODINST	23
+#define KADM_KVNO	22
+#endif
+
 /* To set a field entry f in a fields structure d */
 #define SET_FIELD(f,d)  (d[3-(f/8)]|=(1<<(f%8)))
 
@@ -131,13 +144,13 @@ int vals_to_stream __P((Kadm_vals *, u_char **));
 int kadm_init_link __P((char *, char *, char *));
 int kadm_change_pw __P((unsigned char *));
 int kadm_change_pw_plain __P((unsigned char *, char *, char**));
+int kadm_change_pw2 __P((unsigned char *, char *, char**));
 int kadm_mod __P((Kadm_vals *, Kadm_vals *));
 int kadm_get __P((Kadm_vals *, u_char *));
 int kadm_add __P((Kadm_vals *));
 int kadm_del __P((Kadm_vals *));
 void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *));
 void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *));
-
-
+int kadm_check_pw __P((const char*));
 
 #endif /* KADM_DEFS */
diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
index 1e5c4f3..8f98d44 100644
--- a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
+++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c
@@ -29,16 +29,12 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $");
-
-#ifndef NULL
-#define NULL 0
-#endif
+RCSID("$Id: kadm_cli_wrap.c,v 1.26 1999/07/05 13:28:58 bg Exp $");
 
 static Kadm_Client client_parm;
 
 /* Macros for use in returning data... used in kadm_cli_send */
-#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;}
+#define RET_N_FREE(r) {clear_secrets(); free(act_st); free(priv_pak); return r;}
 
 /* Keys for use in the transactions */
 static des_cblock sess_key;	       /* to be filled in by kadm_cli_keyd */
@@ -49,7 +45,6 @@ clear_secrets(void)
 {
 	memset(sess_key, 0, sizeof(sess_key));
 	memset(sess_sched, 0, sizeof(sess_sched));
-	return;
 }
 
 static RETSIGTYPE (*opipe)();
@@ -59,7 +54,6 @@ kadm_cli_disconn(void)
 {
     close(client_parm.admin_fd);
     signal(SIGPIPE, opipe);
-    return;
 }
 
 /*
@@ -79,9 +73,9 @@ kadm_init_link(char *n, char *i, char *r)
 
 	init_kadm_err_tbl();
 	init_krb_err_tbl();
-	strcpy(client_parm.sname, n);
-	strcpy(client_parm.sinst, i);
-	strcpy(client_parm.krbrlm, r);
+	strcpy_truncate(client_parm.sname, n, ANAME_SZ);
+	strcpy_truncate(client_parm.sinst, i, INST_SZ);
+	strcpy_truncate(client_parm.krbrlm, r, REALM_SZ);
 	client_parm.admin_fd = -1;
 
 	/* set up the admin_addr - fetch name of admin host */
@@ -102,17 +96,17 @@ kadm_init_link(char *n, char *i, char *r)
 static int
 kadm_cli_conn(void)
 {					/* this connects and sets my_addr */
-    int on = 1;
+    client_parm.admin_fd =
+	socket(client_parm.admin_addr.sin_family, SOCK_STREAM, 0);
 
-    if ((client_parm.admin_fd =
-	 socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0)
-	return KADM_NO_SOCK;		/* couldnt create the socket */
+    if (client_parm.admin_fd < 0)
+	return KADM_NO_SOCK;		/* couldn't create the socket */
     if (connect(client_parm.admin_fd,
 		(struct sockaddr *) & client_parm.admin_addr,
 		sizeof(client_parm.admin_addr))) {
 	close(client_parm.admin_fd);
 	client_parm.admin_fd = -1;
-	return KADM_NO_CONN;		/* couldnt get the connect */
+	return KADM_NO_CONN;		/* couldn't get the connect */
     }
     opipe = signal(SIGPIPE, SIG_IGN);
     client_parm.my_addr_len = sizeof(client_parm.my_addr);
@@ -122,16 +116,20 @@ kadm_cli_conn(void)
 	close(client_parm.admin_fd);
 	client_parm.admin_fd = -1;
 	signal(SIGPIPE, opipe);
-	return KADM_NO_HERE;		/* couldnt find out who we are */
+	return KADM_NO_HERE;		/* couldn't find out who we are */
     }
 #if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
-		   (void *)&on,
-		   sizeof(on)) < 0) {
-	close(client_parm.admin_fd);
-	client_parm.admin_fd = -1;
-	signal(SIGPIPE, opipe);
-	return KADM_NO_CONN;		/* XXX */
+    {
+	int on = 1;
+
+	if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
+		       (void *)&on,
+		       sizeof(on)) < 0) {
+	    close(client_parm.admin_fd);
+	    client_parm.admin_fd = -1;
+	    signal(SIGPIPE, opipe);
+	    return KADM_NO_CONN;		/* XXX */
+	}
     }
 #endif
     return KADM_SUCCESS;
@@ -139,16 +137,15 @@ kadm_cli_conn(void)
 
 /* takes in the sess_key and key_schedule and sets them appropriately */
 static int
-kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s)
-                			       /* session key */
-                     		       /* session key schedule */
+kadm_cli_keyd(des_cblock (*s_k), /* session key */
+	      struct des_ks_struct *s_s) /* session key schedule */
 {
 	CREDENTIALS cred;	       /* to get key data */
 	int stat;
 
 	/* want .sname and .sinst here.... */
 	if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
-				client_parm.krbrlm, &cred)))
+				 client_parm.krbrlm, &cred)))
 		return stat + krb_err_base;
 	memcpy(s_k, cred.session, sizeof(des_cblock));
 	memset(cred.session, 0, sizeof(des_cblock));
@@ -156,7 +153,7 @@ kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s)
 	memset(s_s, 0, sizeof(des_key_schedule));
 #else
 	if ((stat = des_key_sched(s_k,s_s)))
-		return(stat+krb_err_base);
+		return stat+krb_err_base;
 #endif
 	return KADM_SUCCESS;
 }				       /* This code "works" */
@@ -178,7 +175,7 @@ kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
 	if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2)
 	    return (errno);	       /* XXX */
 
-	if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0)
+	if (krb_net_write(client_parm.admin_fd, dat, dat_len) < 0)
 		return (errno);	       /* XXX */
 
 	
@@ -190,12 +187,12 @@ kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
 	}
 	dlen = (tmp[0] << 8) | tmp[1];
 
-	*ret_dat = (u_char *)malloc((unsigned)dlen);
-	if (!*ret_dat)
+	*ret_dat = malloc(dlen);
+	if (*ret_dat == NULL)
 	    return(KADM_NOMEM);
 
 	if ((retval = krb_net_read(client_parm.admin_fd,  *ret_dat,
-				  dlen) != dlen)) {
+				   dlen) != dlen)) {
 	    if (retval < 0)
 		return(errno);		/* XXX */
 	    else
@@ -224,69 +221,94 @@ kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
  * then it sends the data and waits for a reply. 
  */
 static int
-kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
-               				/* the actual data */
-           				/* length of said data */
-                 			/* to give return info */
-             				/* length of returned info */
+kadm_cli_send(u_char *st_dat,	/* the actual data */
+	      int st_siz,	/* length of said data */
+	      u_char **ret_dat,	/* to give return info */
+	      int *ret_siz)	/* length of returned info */
 {
-	int act_len, retdat;	       /* current offset into packet, return
-				        * data */
-	KTEXT_ST authent;	       /* the authenticator we will build */
-	u_char *act_st;		       /* the pointer to the complete packet */
-	u_char *priv_pak;	       /* private version of the packet */
-	int priv_len;		       /* length of private packet */
-	u_int32_t cksum;		       /* checksum of the packet */
+	int act_len, retdat;	/* current offset into packet, return
+				 * data */
+	KTEXT_ST authent;	/* the authenticator we will build */
+	u_char *act_st;		/* the pointer to the complete packet */
+	u_char *priv_pak;	/* private version of the packet */
+	int priv_len;		/* length of private packet */
+	u_int32_t cksum;	/* checksum of the packet */
 	MSG_DAT mdat;
 	u_char *return_dat;
+	int tmp;
+	void *tmp_ptr;
 
-	act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */
-	strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
+	act_st = malloc(KADM_VERSIZE); /* verstr stored first */
+	if (act_st == NULL) {
+	    clear_secrets ();
+	    return KADM_NOMEM;
+	}
+	memcpy(act_st, KADM_VERSTR, KADM_VERSIZE);
 	act_len = KADM_VERSIZE;
 
 	if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) {
 		free(act_st);
+		clear_secrets();
 		return retdat;	       /* couldnt get key working */
 	}
-	priv_pak = (u_char *) malloc((unsigned)(st_siz + 200));
+	priv_pak = malloc(st_siz + 200);
 	/* 200 bytes for extra info case */
-	if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz,
-				    sess_sched, &sess_key, &client_parm.my_addr,
-				    &client_parm.admin_addr)) < 0)
+	if (priv_pak == NULL) {
+	    free(act_st);
+	    clear_secrets ();
+	    return KADM_NOMEM;
+	}
+	priv_len = krb_mk_priv(st_dat, priv_pak, st_siz,
+			       sess_sched, &sess_key, &client_parm.my_addr,
+			       &client_parm.admin_addr);
+
+	if (priv_len < 0)
 		RET_N_FREE(KADM_NO_ENCRYPT);	/* whoops... we got a lose
 						 * here */
 	/* here is the length of priv data.  receiver calcs
 	 size of authenticator by subtracting vno size, priv size, and
 	 sizeof(u_int32_t) (for the size indication) from total size */
 
-	act_len += vts_long((u_int32_t) priv_len, &act_st, act_len);
+	tmp = vts_long(priv_len, &act_st, act_len);
+	if (tmp < 0)
+	    RET_N_FREE(KADM_NOMEM);
+	act_len += tmp;
 #ifdef NOENCRYPTION
 	cksum = 0;
 #else
-	cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0,
-			   &sess_key);
+	cksum = des_quad_cksum((des_cblock *)priv_pak,
+			       (des_cblock *)0, priv_len, 0,
+			       &sess_key);
 #endif
-	if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
-				client_parm.krbrlm, cksum))) {
+	
+	retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
+			    client_parm.krbrlm, cksum);
+
+	if (retdat) {
 	    /* authenticator? */
 	    RET_N_FREE(retdat + krb_err_base);
 	}
 
-	act_st = (u_char *) realloc(act_st,
-				    act_len + authent.length + priv_len);
-	if (!act_st) {
+	tmp_ptr = realloc(act_st,
+			  act_len + authent.length + priv_len);
+	if (tmp_ptr == NULL) {
 	    clear_secrets();
-	    free(priv_pak);
-	    return(KADM_NOMEM);
+	    free (priv_pak);
+	    free (act_st);
+	    return KADM_NOMEM;
 	}
-	memcpy((char *)act_st + act_len, authent.dat, authent.length);
-	memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len);
+	act_st = tmp_ptr;
+	memcpy(act_st + act_len, authent.dat, authent.length);
+	memcpy(act_st + act_len + authent.length, priv_pak, priv_len);
 	free(priv_pak);
-	if ((retdat = kadm_cli_out(act_st,
-				   act_len + authent.length + priv_len,
-				   ret_dat, ret_siz)) != KADM_SUCCESS)
-	    RET_N_FREE(retdat);
+	retdat = kadm_cli_out(act_st,
+			      act_len + authent.length + priv_len,
+			      ret_dat, ret_siz);
 	free(act_st);
+	if (retdat != KADM_SUCCESS) {
+	    clear_secrets();
+	    return retdat;
+	}
 #define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);}
 
 	/* first see if it's a YOULOUSE */
@@ -301,9 +323,10 @@ kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
 	    RET_N_FREE2(retdat);
 	}
 	/* need to decode the ret_dat */
-	if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched,
-				 &sess_key, &client_parm.admin_addr,
-				 &client_parm.my_addr, &mdat)))
+	retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched,
+			     &sess_key, &client_parm.admin_addr,
+			     &client_parm.my_addr, &mdat);
+	if (retdat)
 	    RET_N_FREE2(retdat+krb_err_base);
 	if (mdat.app_length < KADM_VERSIZE + 4)
 	    /* too short! */
@@ -316,10 +339,13 @@ kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
 	    retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
 	}
 	{
-	  int s=mdat.app_length - KADM_VERSIZE - 4;
-	  if(s<=0) s=1;
-	  if (!(return_dat = (u_char *)malloc(s)))
-	    RET_N_FREE2(KADM_NOMEM);
+	  int s = mdat.app_length - KADM_VERSIZE - 4;
+
+	  if(s <= 0)
+	      s=1;
+	  return_dat = malloc(s);
+	  if (return_dat == NULL)
+	      RET_N_FREE2(KADM_NOMEM);
 	}
 	memcpy(return_dat,
 	       (char *) mdat.app_data + KADM_VERSIZE + 4,
@@ -348,24 +374,33 @@ int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
 	int status;
 	static char msg[128];
 
-	if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
-	    return(retc);
 	/* possible problem with vts_long on a non-multiple of four boundary */
 
 	stsize = 0;		       /* start of our output packet */
-	send_st = (u_char *) malloc(1);/* to make it reallocable */
+	send_st = malloc(9);
+	if (send_st == NULL)
+	    return KADM_NOMEM;
 	send_st[stsize++] = (u_char) CHANGE_PW;
-
-	/* change key to stream */
-
-	send_st = realloc(send_st, stsize + 8);
 	memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */
 	memcpy(send_st + stsize, newkey + 4, 4);
 	stsize += 8;
-	
-	if(password && *password)
-	  stsize += vts_string(password, &send_st, stsize);
 
+	/* change key to stream */
+
+	if(password && *password) {
+	    int tmp = vts_string(password, &send_st, stsize);
+
+	    if (tmp < 0) {
+		free(send_st);
+		return KADM_NOMEM;
+	    }
+	    stsize += tmp;
+	}
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(send_st);
+	    return(retc);
+	}
 	retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
 	free(send_st);
 	
@@ -384,6 +419,16 @@ int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
 }
 
 /*
+ * This function is here for compatibility with CNS
+ */
+
+int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg)
+{
+    return kadm_change_pw_plain (newkey, password, pw_msg);
+}
+
+
+/*
  * kadm_change_pw
  * recieves    : key 
  *
@@ -416,14 +461,21 @@ kadm_add(Kadm_vals *vals)
 	u_char *ret_st;
 	int ret_sz;
 
-	if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
-	    return(retc);
 	st_len = vals_to_stream(vals, &st);
-	st2 = (u_char *) malloc((unsigned)(1 + st_len));
+	st2 = malloc(1 + st_len);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
 	*st2 = (u_char) ADD_ENT;       /* here's the opcode */
 	memcpy((char *) st2 + 1, st, st_len);	/* append st on */
-	retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
 	free(st);
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
+	retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
 	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
@@ -451,23 +503,37 @@ kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2)
 	int st_len, nlen;	       /* st2 the final stream with opcode */
 	u_char *ret_st;
 	int ret_sz;
+	void *tmp_ptr;
 
 	/* nlen is the length of second vals */
 	int retc;		       /* return code from call */
 
-	if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
-	    return(retc);
-
 	st_len = vals_to_stream(vals1, &st);
-	st2 = (u_char *) malloc((unsigned)(1 + st_len));
+	st2 = malloc(1 + st_len);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
 	*st2 = (u_char) MOD_ENT;       /* here's the opcode */
 	memcpy((char *)st2 + 1, st, st_len++); /* append st on */
 	free(st);
 	nlen = vals_to_stream(vals2, &st);
-	st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen));
+	tmp_ptr = realloc(st2, st_len + nlen);
+	if (tmp_ptr == NULL) {
+	    free(st);
+	    free(st2);
+	    return KADM_NOMEM;
+	}
+	st2 = tmp_ptr;
 	memcpy((char *) st2 + st_len, st, nlen); /* append st on */
-	retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
 	free(st);
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
+
+	retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
 	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
@@ -489,14 +555,21 @@ kadm_del(Kadm_vals *vals)
     u_char *ret_st;
     int ret_sz;
     
-    if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
-	return(retc);
     st_len = vals_to_stream(vals, &st);
-    st2 = (unsigned char *) malloc(st_len + 1);
+    st2 = malloc(st_len + 1);
+    if (st2 == NULL) {
+	free(st);
+	return KADM_NOMEM;
+    }
     *st2 = DEL_ENT;       /* here's the opcode */
     memcpy(st2 + 1, st, st_len);	/* append st on */
+    free (st);
+
+    if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	free(st2);
+	return(retc);
+    }
     retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
-    free(st);
     free(st2);
     kadm_cli_disconn();
     return(retc);
@@ -523,16 +596,23 @@ kadm_get(Kadm_vals *vals, u_char *fl)
 	u_char *ret_st;
 	int ret_sz;
 
-	if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
-	    return(retc);
 	st_len = vals_to_stream(vals, &st);
-	st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ));
+	st2 = malloc(1 + st_len + FLDSZ);
+	if (st2 == NULL) {
+	    free(st);
+	    return KADM_NOMEM;
+	}
 	*st2 = (u_char) GET_ENT;       /* here's the opcode */
 	memcpy((char *)st2 + 1, st, st_len); /* append st on */
+	free(st);
 	for (loop = FLDSZ - 1; loop >= 0; loop--)
 		*(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
+
+	if ((retc = kadm_cli_conn()) != KADM_SUCCESS) {
+	    free(st2);
+	    return(retc);
+	}
 	retc = kadm_cli_send(st2, st_len + 1 + FLDSZ,  &ret_st, &ret_sz);
-	free(st);
 	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et
index 0a7c7b6..7a247c5 100644
--- a/crypto/kerberosIV/lib/kadm/kadm_err.et
+++ b/crypto/kerberosIV/lib/kadm/kadm_err.et
@@ -1,5 +1,4 @@
-#	$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $
-#	$Author: bg $
+# $Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $
 #
 # Copyright 1988 by the Massachusetts Institute of Technology.
 #
@@ -12,7 +11,7 @@
 
 # KADM_SUCCESS, as all success codes should be, is zero
 
-ec KADM_RCSID,		"$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $"
+ec KADM_RCSID,		"$Id: kadm_err.et,v 1.5 1998/01/16 23:11:27 joda Exp $"
 # /* Building and unbuilding the packet errors */
 ec KADM_NO_REALM,	"Cannot fetch local realm"
 ec KADM_NO_CRED,	"Unable to fetch credentials"
@@ -56,4 +55,11 @@ ec KADM_PW_MISMATCH,    "Cleartext password and DES key did not match"
 
 ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
 ec KADM_IMMUTABLE,	"Attempt do delete immutable principal"
+# password quality basically stolen from OV libkadm5
+index 64
+prefix KADM_PASS_Q
+ec NULL,		"Null passwords are not allowed"
+ec TOOSHORT,		"Password is too short"
+ec CLASS,		"Too few character classes in password"
+ec DICT,		"Password is in the password dictionary"
 end
diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h
index e6e374b..da73df9 100644
--- a/crypto/kerberosIV/lib/kadm/kadm_locl.h
+++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */
+/* $Id: kadm_locl.h,v 1.11 1998/10/05 13:56:42 joda Exp $ */
 
 #include "config.h"
 #include "protos.h"
@@ -44,6 +44,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -66,6 +67,9 @@
 
 #ifdef SOCKS
 #include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
 #endif
 
 #include <roken.h>
diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c
index 33fe177..d890164 100644
--- a/crypto/kerberosIV/lib/kadm/kadm_stream.c
+++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c
@@ -37,23 +37,23 @@ or implied warranty.
 
 #include "kadm_locl.h"
 
-RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $");
+RCSID("$Id: kadm_stream.c,v 1.13 1998/10/22 15:38:01 joda Exp $");
 
 static int
-build_field_header(u_char *cont, u_char **st)
-             			/* container for fields data */
-            			/* stream */
+build_field_header(u_char *cont, /* container for fields data */
+		   u_char **st)	/* stream */
 {
-  *st = (u_char *) malloc (4);
+  *st = malloc (4);
+  if (*st == NULL)
+      return -1;
   memcpy(*st, cont, 4);
   return 4;			/* return pointer to current stream location */
 }
 
 static int
-check_field_header(u_char *st, u_char *cont, int maxlen)
-           			/* stream */
-             			/* container for fields data */
-           
+check_field_header(u_char *st,	/* stream */
+		   u_char *cont, /* container for fields data */
+		   int maxlen)
 {
   if (4 > maxlen)
       return(-1);
@@ -62,28 +62,31 @@ check_field_header(u_char *st, u_char *cont, int maxlen)
 }
 
 int
-vts_string(char *dat, u_char **st, int loc)
-          			/* a string to put on the stream */
-            			/* base pointer to the stream */
-        			/* offset into the stream for current data */
+vts_string(char *dat,		/* a string to put on the stream */
+	   u_char **st,		/* base pointer to the stream */
+	   int loc)		/* offset into the stream for current data */
 {
-  *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1));
-  memcpy(*st + loc, dat, strlen(dat)+1);
+  void *tmp;
+
+  tmp = realloc(*st, loc + strlen(dat) + 1);
+  if(tmp == NULL)
+    return -1;
+  memcpy((char *)tmp + loc, dat, strlen(dat)+1);
+  *st = tmp;
   return strlen(dat)+1;
 }
 
 
 static int
-vts_short(u_int16_t dat, u_char **st, int loc)
-            			/* the attributes field */
-            			/* a base pointer to the stream */
-        			/* offset into the stream for current data */
+vts_short(u_int16_t dat,	/* the attributes field */
+	  u_char **st,		/* a base pointer to the stream */
+	  int loc)		/* offset into the stream for current data */
 {
     unsigned char *p;
+
     p = realloc(*st, loc + 2);
-    if(p == NULL){
-	abort();
-    }
+    if(p == NULL)
+	return -1;
     p[loc] = (dat >> 8) & 0xff;
     p[loc+1] = dat & 0xff;
     *st = p;
@@ -91,30 +94,31 @@ vts_short(u_int16_t dat, u_char **st, int loc)
 }
 
 static int
-vts_char(u_char dat, u_char **st, int loc)
-           			/* the attributes field */
-            			/* a base pointer to the stream */
-        			/* offset into the stream for current data */
+vts_char(u_char dat,		/* the attributes field */
+	 u_char **st,		/* a base pointer to the stream */
+	 int loc)		/* offset into the stream for current data */
 {
-    unsigned char *p = realloc(*st, loc + 1);
-    if(p == NULL){
-	abort();
-    }
+    unsigned char *p;
+
+    p = realloc(*st, loc + 1);
+
+    if(p == NULL)
+	return -1;
     p[loc] = dat;
     *st = p;
     return 1;
 }
 
 int
-vts_long(u_int32_t dat, u_char **st, int loc)
-           			/* the attributes field */
-            			/* a base pointer to the stream */
-        			/* offset into the stream for current data */
+vts_long(u_int32_t dat,		/* the attributes field */
+	 u_char **st,		/* a base pointer to the stream */
+	 int loc)		/* offset into the stream for current data */
 {
-    unsigned char *p = realloc(*st, loc + 4);
-    if(p == NULL){
-	abort();
-    }
+    unsigned char *p;
+
+    p = realloc(*st, loc + 4);
+    if(p == NULL)
+	return -1;
     p[loc] = (dat >> 24) & 0xff;
     p[loc+1] = (dat >> 16) & 0xff;
     p[loc+2] = (dat >> 8) & 0xff;
@@ -131,25 +135,28 @@ stv_string(u_char *st,		/* base pointer to the stream */
 	   int maxlen)		/* max length of input stream */
 {
   int maxcount;				/* max count of chars to copy */
+  int len;
 
   maxcount = min(maxlen - loc, stlen);
 
   if(maxcount <= 0)
       return -1;
 
-  strncpy(dat, (char *)st + loc, maxcount);
+  len = strnlen ((char *)st + loc, maxlen - loc);
 
-  if (dat[maxcount-1]) /* not null-term --> not enuf room */
-      return(-1);
-  return strlen(dat)+1;
+  if (len >= stlen)
+      return -1;
+
+  memcpy(dat, st + loc, len);
+  dat[len] = '\0';
+  return len + 1;
 }
 
 static int
-stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen)
-           			/* a base pointer to the stream */
-             			/* the attributes field */
-        			/* offset into the stream for current data */
-           
+stv_short(u_char *st,		/* a base pointer to the stream */
+	  u_int16_t *dat,	/* the attributes field */
+	  int loc,		/* offset into the stream for current data */
+	  int maxlen)
 {
   if (maxlen - loc < 2)
       return -1;
@@ -159,11 +166,10 @@ stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen)
 }
 
 int
-stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen)
-           			/* a base pointer to the stream */
-            			/* the attributes field */
-        			/* offset into the stream for current data */
-           			/* maximum length of st */
+stv_long(u_char *st,		/* a base pointer to the stream */
+	 u_int32_t *dat,	/* the attributes field */
+	 int loc,		/* offset into the stream for current data */
+	 int maxlen)		/* maximum length of st */
 {
   if (maxlen - loc < 4)
       return -1;
@@ -173,11 +179,10 @@ stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen)
 }
     
 static int
-stv_char(u_char *st, u_char *dat, int loc, int maxlen)
-           			/* a base pointer to the stream */
-            			/* the attributes field */
-        			/* offset into the stream for current data */
-           
+stv_char(u_char *st,		/* a base pointer to the stream */
+	 u_char *dat,		/* the attributes field */
+	 int loc,		/* offset into the stream for current data */
+	 int maxlen)
 {
   if (maxlen - loc < 1)
       return -1;
@@ -199,32 +204,56 @@ vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
   int vsloop, stsize;		/* loop counter, stream size */
 
   stsize = build_field_header(dt_in->fields, dt_out);
+  if (stsize < 0)
+      return stsize;
   for (vsloop=31; vsloop>=0; vsloop--)
     if (IS_FIELD(vsloop,dt_in->fields)) {
+      int tmp = 0;
+
       switch (vsloop) {
       case KADM_NAME:
-	  stsize+=vts_string(dt_in->name, dt_out, stsize);
+	  tmp = vts_string(dt_in->name, dt_out, stsize);
 	  break;
       case KADM_INST:
-	  stsize+=vts_string(dt_in->instance, dt_out, stsize);
+	  tmp = vts_string(dt_in->instance, dt_out, stsize);
 	  break;
       case KADM_EXPDATE:
-	  stsize+=vts_long(dt_in->exp_date, dt_out, stsize);
+	  tmp = vts_long(dt_in->exp_date, dt_out, stsize);
 	  break;
       case KADM_ATTR:
-	  stsize+=vts_short(dt_in->attributes, dt_out, stsize);
+	  tmp = vts_short(dt_in->attributes, dt_out, stsize);
 	  break;
       case KADM_MAXLIFE:
-	  stsize+=vts_char(dt_in->max_life, dt_out, stsize);
+	  tmp = vts_char(dt_in->max_life, dt_out, stsize);
 	  break;
       case KADM_DESKEY: 
-	  stsize+=vts_long(dt_in->key_high, dt_out, stsize); 
-	  stsize+=vts_long(dt_in->key_low, dt_out, stsize); 
+	  tmp = vts_long(dt_in->key_high, dt_out, stsize);
+	  if(tmp > 0)
+	      tmp += vts_long(dt_in->key_low, dt_out, stsize + tmp);
 	  break;
+#ifdef EXTENDED_KADM
+      case KADM_MODDATE:
+	  tmp = vts_long(dt_in->mod_date, dt_out, stsize);
+	  break;
+      case KADM_MODNAME:
+	  tmp = vts_string(dt_in->mod_name, dt_out, stsize);
+	  break;
+      case KADM_MODINST:
+	  tmp = vts_string(dt_in->mod_instance, dt_out, stsize);
+	  break;
+      case KADM_KVNO:
+	  tmp = vts_char(dt_in->key_version, dt_out, stsize);
+	  break;
+#endif
       default:
 	  break;
       }
-}
+      if (tmp < 0) {
+	  free(*dt_out);
+	  return tmp;
+      }
+      stsize += tmp;
+    }
   return(stsize);
 }  
 
@@ -236,64 +265,89 @@ stream_to_vals
 this decodes a byte stream represntation of a vals struct into kadm_vals
 */
 int
-stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen)
-              
-                  
-           				/* max length to use */
+stream_to_vals(u_char *dt_in,
+	       Kadm_vals *dt_out,
+	       int maxlen)	/* max length to use */
 {
-  int vsloop, stsize;		/* loop counter, stream size */
-  int status;
+    int vsloop, stsize;		/* loop counter, stream size */
+    int status;
 
-  memset(dt_out, 0, sizeof(*dt_out));
+    memset(dt_out, 0, sizeof(*dt_out));
 
-  stsize = check_field_header(dt_in, dt_out->fields, maxlen);
-  if (stsize < 0)
-      return(-1);
-  for (vsloop=31; vsloop>=0; vsloop--)
-    if (IS_FIELD(vsloop,dt_out->fields))
-      switch (vsloop) {
-      case KADM_NAME:
-	  if ((status = stv_string(dt_in, dt_out->name, stsize,
-				   sizeof(dt_out->name), maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      case KADM_INST:
-	  if ((status = stv_string(dt_in, dt_out->instance, stsize,
-				   sizeof(dt_out->instance), maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      case KADM_EXPDATE:
-	  if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
-				 maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      case KADM_ATTR:
-	  if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
-				  maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      case KADM_MAXLIFE:
-	  if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
-				 maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      case KADM_DESKEY:
-	  if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
-				    maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
-				    maxlen)) < 0)
-	      return(-1);
-	  stsize += status;
-	  break;
-      default:
-	  break;
-      }
-  return stsize;
+    stsize = check_field_header(dt_in, dt_out->fields, maxlen);
+    if (stsize < 0)
+	return(-1);
+    for (vsloop=31; vsloop>=0; vsloop--)
+	if (IS_FIELD(vsloop,dt_out->fields))
+	    switch (vsloop) {
+	    case KADM_NAME:
+		if ((status = stv_string(dt_in, dt_out->name, stsize,
+					 sizeof(dt_out->name), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_INST:
+		if ((status = stv_string(dt_in, dt_out->instance, stsize,
+					 sizeof(dt_out->instance), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_EXPDATE:
+		if ((status = stv_long(dt_in, &dt_out->exp_date, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_ATTR:
+		if ((status = stv_short(dt_in, &dt_out->attributes, stsize,
+					maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MAXLIFE:
+		if ((status = stv_char(dt_in, &dt_out->max_life, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_DESKEY:
+		if ((status = stv_long(dt_in, &dt_out->key_high, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		if ((status = stv_long(dt_in, &dt_out->key_low, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+#ifdef EXTENDED_KADM
+	    case KADM_MODDATE:
+		if ((status = stv_long(dt_in, &dt_out->mod_date, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MODNAME:
+		if ((status = stv_string(dt_in, dt_out->mod_name, stsize,
+					 sizeof(dt_out->mod_name), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_MODINST:
+		if ((status = stv_string(dt_in, dt_out->mod_instance, stsize,
+					 sizeof(dt_out->mod_instance), maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+	    case KADM_KVNO:
+		if ((status = stv_char(dt_in, &dt_out->key_version, stsize,
+				       maxlen)) < 0)
+		    return(-1);
+		stsize += status;
+		break;
+#endif
+	    default:
+		break;
+	    }
+    return stsize;
 }  
diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c
index 9845267..0c403eb 100644
--- a/crypto/kerberosIV/lib/kadm/kadm_supp.c
+++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c
@@ -35,7 +35,13 @@ or implied warranty.
 
 #include "kadm_locl.h"
     
-RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $");
+RCSID("$Id: kadm_supp.c,v 1.13 1999/03/16 09:41:20 assar Exp $");
+
+static void
+time2str(char *buf, size_t len, time_t t)
+{
+    strftime(buf, len, "%Y-%m-%d %H:%M:%S", localtime(&t));
+}
 
 /*
 prin_vals:
@@ -44,14 +50,57 @@ prin_vals:
 void
 prin_vals(Kadm_vals *vals)
 {
-   printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
-   printf("   Max Life: %d (%s)   Exp Date: %s\n",
-	  vals->max_life,
-	  krb_life_to_atime(vals->max_life), 
-	  asctime(k_localtime(&vals->exp_date)));
-   printf("   Attribs: %.2x  key: %#lx %#lx\n",
-	  vals->attributes,
-	  (long)vals->key_low, (long)vals->key_high);
+    char date[32];
+    if(IS_FIELD(KADM_NAME, vals->fields) && IS_FIELD(KADM_INST, vals->fields))
+	printf("%20s: %s\n", "Principal", 
+	       krb_unparse_name_long(vals->name, vals->instance, NULL));
+    else {
+	printf("Dump of funny entry:\n");
+	if(IS_FIELD(KADM_NAME, vals->fields))
+	    printf("%20s: %s\n", "Name", vals->name);
+	if(IS_FIELD(KADM_INST, vals->fields))
+	    printf("%20s: %s\n", "Instance", vals->instance);
+    }
+    if(IS_FIELD(KADM_MAXLIFE, vals->fields))
+	printf("%20s: %d (%s)\n", "Max ticket life", 
+	       vals->max_life, 
+	       krb_life_to_atime(vals->max_life));
+    if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
+	time2str(date, sizeof(date), vals->exp_date);
+	printf("%20s: %s\n", "Expiration date", date);
+    }
+    if(IS_FIELD(KADM_ATTR, vals->fields))
+	printf("%20s: %d\n", "Attributes",
+	       vals->attributes);
+    if(IS_FIELD(KADM_DESKEY, vals->fields))
+	printf("%20s: %#lx %#lx\n", "Key",
+	       (unsigned long)vals->key_low,
+	       (unsigned long)vals->key_high);
+
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,vals->fields)) {
+	time2str(date, sizeof(date), vals->mod_date);
+	printf("%20s: %s\n", "Modification date", date);
+    }
+    if (IS_FIELD(KADM_MODNAME,vals->fields) && 
+	IS_FIELD(KADM_MODINST,vals->fields))
+	printf("%20s: %s\n", "Modifier", 
+	       krb_unparse_name_long(vals->mod_name, vals->mod_instance, NULL));
+    if (IS_FIELD(KADM_KVNO,vals->fields))
+	printf("%20s: %d\n", "Key version", vals->key_version);
+#endif
+
+#if 0
+    printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
+    printf("   Max Life: %d (%s)   Exp Date: %s\n",
+	   vals->max_life,
+	   krb_life_to_atime(vals->max_life), 
+	   asctime(k_localtime(&vals->exp_date)));
+    printf("   Attribs: %.2x  key: %#lx %#lx\n",
+	   vals->attributes,
+	   (unsigned long)vals->key_low,
+	   (unsigned long)vals->key_high);
+#endif
 }
 
 /* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
@@ -61,51 +110,79 @@ prin_vals(Kadm_vals *vals)
 void
 kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old)
 {
-  memset(new, 0, sizeof(*new));
-  if (IS_FIELD(KADM_NAME,fields)) {
-      strncpy(new->name, old->name, ANAME_SZ); 
-      SET_FIELD(KADM_NAME, new->fields);
-  }
-  if (IS_FIELD(KADM_INST,fields)) {
-      strncpy(new->instance, old->instance, INST_SZ); 
-      SET_FIELD(KADM_INST, new->fields);
-  }      
-  if (IS_FIELD(KADM_EXPDATE,fields)) {
-      new->exp_date   = old->exp_date; 
-      SET_FIELD(KADM_EXPDATE, new->fields);
-  }      
-  if (IS_FIELD(KADM_ATTR,fields)) {
-    new->attributes = old->attributes; 
-      SET_FIELD(KADM_ATTR, new->fields);
-  }      
-  if (IS_FIELD(KADM_MAXLIFE,fields)) {
-    new->max_life   = old->max_life; 
-      SET_FIELD(KADM_MAXLIFE, new->fields);
-  }      
-  if (IS_FIELD(KADM_DESKEY,fields)) {
-    new->key_low    = old->key_low; 
-    new->key_high   = old->key_high; 
-    SET_FIELD(KADM_DESKEY, new->fields);
-  }
+    memset(new, 0, sizeof(*new));
+    if (IS_FIELD(KADM_NAME,fields)) {
+	strcpy_truncate(new->name, old->name, ANAME_SZ); 
+	SET_FIELD(KADM_NAME, new->fields);
+    }
+    if (IS_FIELD(KADM_INST,fields)) {
+	strcpy_truncate(new->instance, old->instance, INST_SZ); 
+	SET_FIELD(KADM_INST, new->fields);
+    }      
+    if (IS_FIELD(KADM_EXPDATE,fields)) {
+	new->exp_date   = old->exp_date; 
+	SET_FIELD(KADM_EXPDATE, new->fields);
+    }      
+    if (IS_FIELD(KADM_ATTR,fields)) {
+	new->attributes = old->attributes; 
+	SET_FIELD(KADM_ATTR, new->fields);
+    }      
+    if (IS_FIELD(KADM_MAXLIFE,fields)) {
+	new->max_life   = old->max_life; 
+	SET_FIELD(KADM_MAXLIFE, new->fields);
+    }      
+    if (IS_FIELD(KADM_DESKEY,fields)) {
+	new->key_low    = old->key_low; 
+	new->key_high   = old->key_high; 
+	SET_FIELD(KADM_DESKEY, new->fields);
+    }
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,fields)) {
+	new->mod_date = old->mod_date;
+	SET_FIELD(KADM_MODDATE, new->fields);
+    }
+    if (IS_FIELD(KADM_MODNAME,fields)) {
+	strcpy_truncate(new->mod_name, old->mod_name, ANAME_SZ);
+	SET_FIELD(KADM_MODNAME, new->fields);
+    }
+    if (IS_FIELD(KADM_MODINST,fields)) {
+	strcpy_truncate(new->mod_instance, old->mod_instance, ANAME_SZ);
+	SET_FIELD(KADM_MODINST, new->fields);
+    }
+    if (IS_FIELD(KADM_KVNO,fields)) {
+	new->key_version = old->key_version;
+	SET_FIELD(KADM_KVNO, new->fields);
+    }
+#endif
 }
 
 void
 kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old)
 {
 
-  memset(new, 0, sizeof(*new));
-  if (IS_FIELD(KADM_NAME,fields))
-    strncpy(new->name, old->name, ANAME_SZ); 
-  if (IS_FIELD(KADM_INST,fields))
-    strncpy(new->instance, old->instance, INST_SZ); 
-  if (IS_FIELD(KADM_EXPDATE,fields))
-    new->exp_date   = old->exp_date; 
-  if (IS_FIELD(KADM_ATTR,fields))
-    new->attributes = old->attributes; 
-  if (IS_FIELD(KADM_MAXLIFE,fields))
-    new->max_life   = old->max_life; 
-  if (IS_FIELD(KADM_DESKEY,fields)) {
-    new->key_low    = old->key_low; 
-    new->key_high   = old->key_high; 
-  }
+    memset(new, 0, sizeof(*new));
+    if (IS_FIELD(KADM_NAME,fields))
+	strcpy_truncate(new->name, old->name, ANAME_SZ); 
+    if (IS_FIELD(KADM_INST,fields))
+	strcpy_truncate(new->instance, old->instance, INST_SZ); 
+    if (IS_FIELD(KADM_EXPDATE,fields))
+	new->exp_date   = old->exp_date; 
+    if (IS_FIELD(KADM_ATTR,fields))
+	new->attributes = old->attributes; 
+    if (IS_FIELD(KADM_MAXLIFE,fields))
+	new->max_life   = old->max_life; 
+    if (IS_FIELD(KADM_DESKEY,fields)) {
+	new->key_low    = old->key_low; 
+	new->key_high   = old->key_high; 
+    }
+#ifdef EXTENDED_KADM
+    if (IS_FIELD(KADM_MODDATE,fields))
+	new->mod_date = old->mod_date;
+    if (IS_FIELD(KADM_MODNAME,fields))
+	strcpy_truncate(new->mod_name, old->mod_name, ANAME_SZ);
+    if (IS_FIELD(KADM_MODINST,fields))
+	strcpy_truncate(new->mod_instance, old->mod_instance, ANAME_SZ);
+    if (IS_FIELD(KADM_KVNO,fields))
+	new->key_version = old->key_version;
+#endif
 }
diff --git a/crypto/kerberosIV/lib/kafs/ChangeLog b/crypto/kerberosIV/lib/kafs/ChangeLog
new file mode 100644
index 0000000..e32b7ed
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/ChangeLog
@@ -0,0 +1,117 @@
+1999-07-22  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
+
+1999-07-07  Assar Westerlund  <assar@sics.se>
+
+	* afskrb5.c (krb5_realm_of_cell): new function
+
+	* afskrb.c (krb_realm_of_cell): new function
+	(afslog_uid_int): call krb_get_lrealm correctly
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
+ 	un-staticize
+
+Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
+ 	1.4)
+
+Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: set AIX_SRC also if !AIX
+
+Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: fix AIX linkage
+
+Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* afskrb5.c: add homedir support
+
+Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
+
+	* add new functionality for specifying the homedir to krb_afslog
+ 	et al
+
+Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: reorganize order of definitions.
+	(try_one, try_two): conditionalize
+
+Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c (realm_of_cell): make the dns fallback work
+
+Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c (map_syscall_name_to_number): new function for finding
+ 	the number of a syscall given the name on solaris
+	(k_hasafs): try using map_syscall_name_to_number
+
+Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssys.c: rewrite and add support for environment variable
+ 	AFS_SYSCALL
+
+	* Makefile.in (distclean): don't remove roken_rename.h
+
+Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (roken_rename.h): remove dependency
+
+Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: add arla paths
+
+	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
+	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
+
+Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* common.c: Don't store expired tokens (this broke when using
+ 	pag-less rsh-sessions, and `non-standard' ticket files).
+
+Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.in: Install/uninstall one library at a time.
+
+Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (install): one library at a time.
+
+Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
+
+	* common.c (find_cells): ignore empty lines
+
+Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
+
+	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
+
+Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
+
+	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
+
+	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.am b/crypto/kerberosIV/lib/kafs/Makefile.am
new file mode 100644
index 0000000..f6afbc7
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/Makefile.am
@@ -0,0 +1,69 @@
+# $Id: Makefile.am,v 1.13 1999/03/21 14:08:14 joda Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS)
+
+if KRB4
+AFSLIBS = libkafs.la
+else
+AFSLIBS = 
+endif
+
+if AIX
+AFSL_EXP = $(srcdir)/afsl.exp
+
+if AIX4
+AFS_EXTRA_LD = -bnoentry
+else
+AFS_EXTRA_LD = -e _nostart
+endif
+
+if AIX_DYNAMIC_AFS
+if HAVE_DLOPEN
+AIX_SRC = 
+else
+AIX_SRC = dlfcn.c
+endif
+AFS_EXTRA_LIBS = afslib.so
+AFS_EXTRA_DEFS =
+else
+AIX_SRC = afslib.c
+AFS_EXTRA_LIBS = 
+AFS_EXTRA_DEFS = -DSTATIC_AFS
+endif
+
+else
+AFSL_EXP =
+AIX_SRC =
+endif # AIX
+
+
+lib_LTLIBRARIES = $(AFSLIBS)
+libkafs_la_LDFLAGS = -version-info 0:0:0
+foodir = $(libdir)
+foo_DATA = $(AFS_EXTRA_LIBS)
+# EXTRA_DATA = afslib.so
+
+CLEANFILES= $(AFS_EXTRA_LIBS)
+
+include_HEADERS = kafs.h
+
+if KRB5
+afskrb5_c = afskrb5.c
+endif
+
+libkafs_la_SOURCES = afssys.c afskrb.c $(afskrb5_c) common.c $(AIX_SRC) kafs_locl.h afssysdefs.h
+#afslib_so_SOURCES = afslib.c
+
+EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
+
+EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
+
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
+
+$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in
index e9c9121..3a44f79 100644
--- a/crypto/kerberosIV/lib/kafs/Makefile.in
+++ b/crypto/kerberosIV/lib/kafs/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $
+# $Id: Makefile.in,v 1.49 1999/03/10 19:01:15 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -8,10 +8,13 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
-DEFS = @DEFS@ -DLIBDIR='"$(libdir)"'
-CFLAGS = @CFLAGS@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME -DLIBDIR='"$(libdir)"' @AFS_EXTRA_DEFS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -23,17 +26,26 @@ libdir = @libdir@
 
 PICFLAGS = @PICFLAGS@
  
+LIB_DEPS = @lib_deps_yes@ -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
 LIBNAME = $(LIBPREFIX)kafs
 LIBEXT = @LIBEXT@
 SHLIBEXT = @SHLIBEXT@
 LIBPREFIX = @LIBPREFIX@
 LDSHARED = @LDSHARED@
+AFS_EXTRA_OBJS	= @AFS_EXTRA_OBJS@
 AFS_EXTRA_LIBS	= @AFS_EXTRA_LIBS@
 LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS)
 
-SOURCES = afssys.c afskrb.c afslib.c
+SOURCES = afssys.c afskrb.c common.c afslib.c
+
+EXTRA_SOURCE = issuid.c strcpy_truncate.c strcat_truncate.c
+
+EXTRA_OBJECT = issuid.o strcpy_truncate.o strcat_truncate.o
 
-OBJECTS = afssys.o afskrb.o
+OBJECTS = afssys.o afskrb.o common.o $(EXTRA_OBJECT) $(AFS_EXTRA_OBJS)
 
 all: $(LIB)
 
@@ -41,14 +53,19 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	@for i in $(LIB); do \
+	echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
+	$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
+	@install_symlink_command@
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	@for i in $(LIB); do \
+	echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\
+	rm -f $(DESTDIR)$(libdir)/$$i ; done
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -56,35 +73,45 @@ TAGS: $(SOURCES)
 check:
 
 clean:
-	rm -f $(LIB) *.o *.a
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations $(EXTRA_SOURCE)
 
 mostlyclean: clean
 
 distclean: clean
-	rm -f Makefile *.tab.c *~
+	rm -f Makefile *.tab.c *~ roken_rename.h
 
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
-$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@
+$(LIBNAME).a: $(OBJECTS)
 	rm -f $@
-	$(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@
+	$(AR) cr $@ $(OBJECTS)
 	-$(RANLIB) $@
 
 
 $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS)
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
 
 # AIX: this almost works with gcc, but somehow it fails to use the
 # correct ld, use ld instead
 afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o
+	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp @AFS_EXTRA_LD@ afslib.o -lc
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
+
+issuid.c:
+	$(LN_S) $(srcdir)/../roken/issuid.c .
+
+strcat_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcat_truncate.c .
+
+strcpy_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcpy_truncate.c .
 
-$(OBJECTS): ../../include/config.h
diff --git a/crypto/kerberosIV/lib/kafs/README.dlfcn b/crypto/kerberosIV/lib/kafs/README.dlfcn
new file mode 100644
index 0000000..cee1b75
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/README.dlfcn
@@ -0,0 +1,246 @@
+Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
+Not derived from licensed software.
+
+Permission is granted to freely use, copy, modify, and redistribute
+this software, provided that the author is not construed to be liable
+for any results of using the software, alterations are clearly marked
+as such, and this notice is not modified.
+
+libdl.a
+-------
+
+This is an emulation library to emulate the SunOS/System V.4 functions
+to access the runtime linker. The functions are emulated by using the
+AIX load() function and by reading the .loader section of the loaded
+module to find the exports. The to be loaded module should be linked as
+follows (if using AIX 3):
+
+	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
+
+For AIX 4:
+
+	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
+
+If you want to reference symbols from the main part of the program in a
+loaded module, you will have to link against the export file of the
+main part:
+
+	cc -o main -bE:main.exp $(MAIN_OBJS)
+	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
+
+Note that you explicitely have to specify what functions are supposed
+to be accessible from your loaded modules, this is different from
+SunOS/System V.4 where any global is automatically exported. If you
+want to export all globals, the following script might be of help:
+
+#!/bin/sh
+/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
+
+The module export file contains the symbols to be exported. Because
+this library uses the loader section, the final module.so file can be
+stripped. C++ users should build their shared objects using the script
+makeC++SharedLib (part of the IBM C++ compiler), this will make sure
+that constructors and destructors for static and global objects will be
+called upon loading and unloading the module. GNU C++ users should use
+the -shared option to g++ to link the shared object:
+
+	g++ -o module.so -shared $(OBJS)
+
+If the shared object does have permissions for anybody, the shared
+object will be loaded into the shared library segment and it will stay
+there even if the main application terminates. If you rebuild your
+shared object after a bugfix and you want to make sure that you really
+get the newest version you will have to use the "slibclean" command
+before starting the application again to garbage collect the shared
+library segment. If the performance utilities (bosperf) are installed
+you can use the following command to see what shared objects are
+loaded:
+
+/usr/lpp/bosperf/genkld | sort | uniq
+
+For easier debugging you can avoid loading the shared object into the
+shared library segment alltogether by removing permissions for others
+from the module.so file:
+
+chmod o-rwx module.so
+
+This will ensure you get a fresh copy of the shared object for every
+dlopen() call which is loaded into the application's data segment.
+
+Usage
+-----
+
+void *dlopen(const char *path, int mode);
+
+This routine loads the module pointed to by path and reads its export
+table. If the path does not contain a '/' character, dlopen will search
+for the module using the LIBPATH environment variable. It returns an
+opaque handle to the module or NULL on error. The mode parameter can be
+either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
+function binding. The AIX implementation currently does treat RTLD_NOW
+the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
+mode parameter to allow loaded modules to bind to global variables or
+functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
+not specified, only globals from the main part of the executable or
+shared libraries are used to look for undefined symbols in loaded
+modules.
+
+
+void *dlsym(void *handle, const char *symbol);
+
+This routine searches for the symbol in the module referred to by
+handle and returns its address. If the symbol could not be found, the
+function returns NULL. The return value must be casted to a proper
+function pointer before it can be used. SunOS/System V.4 allows handle
+to be a NULL pointer to refer to the module the call is made from, this
+is not implemented.
+
+int dlclose(void *handle);
+
+This routine unloads the module referred to by the handle and disposes
+of any local storage. this function returns -1 on failure. Any function
+pointers obtained through dlsym() should be considered invalid after
+closing a module.
+
+As AIX caches shared objects in the shared library segment, function
+pointers obtained through dlsym() might still work even though the
+module has been unloaded. This can introduce subtle bugs that will
+segment fault later if AIX garbage collects or immediatly on
+SunOS/System V.4 as the text segment is unmapped.
+
+char *dlerror(void);
+
+This routine can be used to retrieve a text message describing the most
+recent error that occured on on of the above routines. This function
+returns NULL if there is no error information.
+
+Initialization and termination handlers
+---------------------------------------
+
+The emulation provides for an initialization and a termination
+handler.  The dlfcn.h file contains a structure declaration named
+dl_info with following members:
+
+	void (*init)(void);
+	void (*fini)(void);
+
+The init function is called upon first referencing the library. The
+fini function is called at dlclose() time or when the process exits.
+The module should declare a variable named dl_info that contains this
+structure which must be exported.  These functions correspond to the
+documented _init() and _fini() functions of SunOS 4.x, but these are
+appearently not implemented in SunOS.  When using SunOS 5.0, these
+correspond to #pragma init and #pragma fini respectively. At the same
+time any static or global C++ object's constructors or destructors will
+be called.
+
+BUGS
+----
+
+Please note that there is currently a problem with implicitely loaded
+shared C++ libaries: if you refer to a shared C++ library from a loaded
+module that is not yet used by the main program, the dlopen() emulator
+does not notice this and does not call the static constructors for the
+implicitely loaded library. This can be easily demonstrated by
+referencing the C++ standard streams from a loaded module if the main
+program is a plain C program.
+
+Jens-Uwe Mager
+
+HELIOS Software GmbH
+Lavesstr. 80
+30159 Hannover
+Germany
+
+Phone:		+49 511 36482-0
+FAX:		+49 511 36482-69
+AppleLink:	helios.de/jum
+Internet:	jum@helios.de
+
+Revison History
+---------------
+
+SCCS/s.dlfcn.h:
+
+D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
+MRs:
+COMMENTS:
+added RTLD_GLOBAL, include and C++ guards
+
+D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
+MRs:
+COMMENTS:
+we always have prototypes on RS/6000
+
+D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
+MRs:
+COMMENTS:
+added dl_info structure to implement initialize and terminate functions
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
+SCCS/s.dlfcn.c:
+
+D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
+MRs:
+COMMENTS:
+Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
+g++ generated shared objects.
+
+D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
+MRs:
+COMMENTS:
+the C++ constructor and destructor chains are now called properly for either
+xlC 2 or xlC 3 (CSet++).
+
+D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
+MRs:
+COMMENTS:
+Fix version number
+
+D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
+MRs:
+COMMENTS:
+Added version number for dl lib
+
+D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
+MRs:
+COMMENTS:
+Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
+shared objects generated under AIX 4. Fixed bug that symbols with exactly
+8 characters would use garbage characters from the following symbol value.
+
+D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
+MRs:
+COMMENTS:
+added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
+
+D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
+MRs:
+COMMENTS:
+added path to dlopen error message to make clear where there error occured.
+
+D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
+MRs:
+COMMENTS:
+to allow calling symbols in the main module call load with L_NOAUTODEFER and 
+do a loadbind later with the main module.
+
+D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
+MRs:
+COMMENTS:
+added search by L_GETINFO if module got loaded by LIBPATH
+
+D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
+MRs:
+COMMENTS:
+implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
+
+D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c
index d979ac5..4da459c 100644
--- a/crypto/kerberosIV/lib/kafs/afskrb.c
+++ b/crypto/kerberosIV/lib/kafs/afskrb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,336 +38,104 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $");
+RCSID("$Id: afskrb.c,v 1.11 1999/07/07 12:29:33 assar Exp $");
 
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void
-foldup(char *a, const char *b)
-{
-  for (; *b; a++, b++)
-    if (IsAsciiLower(*b))
-      *a = ToAsciiUpper(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
+struct krb_kafs_data {
+    const char *realm;
+};
 
 static int
-get_cred(const char *princ, const char *inst, const char *krealm, 
-	 CREDENTIALS *c, KTEXT_ST *tkt)
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
 {
-  int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
-
-  if (k_errno != KSUCCESS)
-    {
-      k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0);
-      if (k_errno == KSUCCESS)
-	k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c);
+    KTEXT_ST tkt;
+    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
+    
+    if (ret) {
+	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+	if (ret == KSUCCESS)
+	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c);
     }
-  return k_errno;
-}
-
-
-/* Convert a string to a 32 bit ip number in network byte order. 
-   Return 0 on error
-   */
-
-static u_int32_t
-ip_aton(char *ip)
-{
-  u_int32_t addr;
-  unsigned int a, b, c, d;
-
-  if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4)
-      return 0;
-  if((a | b | c | d) > 255)
-      return 0;
-  addr = (a << 24) | (b << 16) | (c << 8) | d;
-  addr = htonl(addr);
-  return addr;
+    return ret;
 }
 
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
 static int
-dns_find_cell(const char *cell, char *dbserver)
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid,
+	       const char *homedir)
 {
-    struct dns_reply *r;
-    int ok = -1;
-    r = dns_lookup(cell, "afsdb");
-    if(r){
-	struct resource_record *rr = r->head;
-	while(rr){
-	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
-		strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen);
-		dbserver[MaxHostNameLen - 1] = 0;
-		ok = 0;
-		break;
-	    }
-	    rr = rr->next;
-	}
-	dns_free_data(r);
-    }
-    return ok;
-}
-
+    int ret;
+    CREDENTIALS c;
+    struct krb_kafs_data *d = data->data;
+    char realm[REALM_SZ], *lrealm;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
 
-/* Find the realm associated with cell. Do this by opening
-   /usr/vice/etc/CellServDB and getting the realm-of-host for the
-   first VL-server for the cell.
+    ret = krb_get_lrealm(realm, 1);
+    if(ret == KSUCCESS && (d->realm == NULL || strcmp(d->realm, realm)))
+	lrealm = realm;
+    else
+	lrealm = NULL;
 
-   This does not work when the VL-server is living in one cell, but
-   the cell it is serving is living in another cell.
-   */
+    ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
 
-static char*
-realm_of_cell(const char *cell)
+static char *
+get_realm(kafs_data *data, const char *host)
 {
-    FILE *F;
-    char buf[1024];
-    u_int32_t addr;
-    struct hostent *hp;
-    char *realm = NULL;
-
-    if((F = fopen(_PATH_CELLSERVDB, "r"))){
-	while(fgets(buf, sizeof(buf), F)){
-	    if(buf[0] != '>')
-		continue;
-	    if(strncmp(buf + 1, cell, strlen(cell)) == 0){
-		if(fgets(buf, sizeof(buf), F) == NULL)
-		    break;
-		addr = ip_aton(buf);
-		if(addr == 0)
-		    break;
-		hp = gethostbyaddr((char*)&addr, 4, AF_INET);
-		if(hp == NULL)
-		    break;
-		strncpy (buf, hp->h_name, sizeof(buf));
-		buf[sizeof(buf) - 1] = '\0';
-		realm = krb_realmofhost(buf);
-		break;
-	    }
-	}
-	fclose(F);
-    }
-    if(realm == NULL){
-	if(dns_find_cell(cell, buf) == 0)
-	    realm = krb_realmofhost(buf);
-    }
-    return realm;
+    char *r = krb_realmofhost(host);
+    if(r != NULL)
+	return strdup(r);
+    else
+	return NULL;
 }
 
-/*
- * Get tokens for all cells[]
- */
-static int
-k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid)
+int
+krb_afslog_uid_home(const char *cell, const char *realm, uid_t uid,
+		    const char *homedir)
 {
-    int err = KSUCCESS;
-    int i;
-    for(i = 0; i < max; i++)
-	err = k_afsklog_uid(cells[i], krealm, uid);
-    return err;
+    kafs_data kd;
+    struct krb_kafs_data d;
+
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, uid, homedir);
 }
 
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-k_find_cells(char *file, char *cells[], int size, int *index)
+int
+krb_afslog_uid(const char *cell, const char *realm, uid_t uid)
 {
-    FILE *f;
-    char cell[64];
-    int i;
-    f = fopen(file, "r");
-    if (f == NULL)
-	return;
-    while (*index < size && fgets(cell, sizeof(cell), f)) {
-	char *nl = strchr(cell, '\n');
-	if (nl) *nl = 0;
-	for(i = 0; i < *index; i++)
-	    if(strcmp(cells[i], cell) == 0)
-		break;
-	if(i == *index)
-	    cells[(*index)++] = strdup(cell);
-    }
-    fclose(f);
+    return krb_afslog_uid_home (cell, realm, uid, NULL);
 }
 
-static int
-k_afsklog_all_local_cells(const char *krealm, uid_t uid)
+int
+krb_afslog(const char *cell, const char *realm)
 {
-    int err;
-    char *cells[32]; /* XXX */
-    int num_cells = sizeof(cells) / sizeof(cells[0]);
-    int index = 0;
-
-    char *p;
-    
-    if ((p = getenv("HOME"))) {
-	char home[MaxPathLen];
-
-	if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0)
-	    k_find_cells(home, cells, num_cells, &index);
-    }
-    k_find_cells(_PATH_THESECELLS, cells, num_cells, &index);
-    k_find_cells(_PATH_THISCELL, cells, num_cells, &index);
-    
-    err = k_afslog_cells(cells, index, krealm, uid);
-    while(index > 0)
-	free(cells[--index]);
-    return err;
+    return krb_afslog_uid (cell, realm, getuid());
 }
 
 int
-k_afsklog_uid(const char *cell, const char *krealm, uid_t uid)
+krb_afslog_home(const char *cell, const char *realm, const char *homedir)
 {
-  int k_errno;
-  CREDENTIALS c;
-  KTEXT_ST ticket;
-  char realm[REALM_SZ];
-  char *vl_realm; /* realm of vl-server */
-  char *lrealm; /* local realm */
-  char CELL[64];
-
-  if (cell == 0 || cell[0] == 0)
-    return k_afsklog_all_local_cells (krealm, uid);
-  foldup(CELL, cell);
-
-  k_errno = krb_get_lrealm(realm , 0);
-  if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm)))
-    lrealm = realm;
-  else
-    lrealm = NULL;
-
-  /* We're about to find the the realm that holds the key for afs in
-   * the specified cell. The problem is that null-instance
-   * afs-principals are common and that hitting the wrong realm might
-   * yield the wrong afs key. The following assumptions were made.
-   *
-   * Any realm passed to us is preferred.
-   *
-   * If there is a realm with the same name as the cell, it is most
-   * likely the correct realm to talk to.
-   *
-   * In most (maybe even all) cases the database servers of the cell
-   * will live in the realm we are looking for.
-   *
-   * Try the local realm, but if the previous cases fail, this is
-   * really a long shot.
-   *
-   */
-  
-  /* comments on the ordering of these tests */
-
-  /* If the user passes a realm, she probably knows something we don't
-   * know and we should try afs@krealm (otherwise we're talking with a
-   * blondino and she might as well have it.)
-   */
-  
-  k_errno = -1;
-  if(krealm){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket);
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket);
-  }
-
-  if(k_errno)
-    k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket);
-  if(k_errno)
-    k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket);
-  
-  /* this might work in some conditions */
-  if(k_errno && (vl_realm = realm_of_cell(cell))){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket);
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket);
-  }
-  
-  if(k_errno && lrealm){
-    k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket);
-#if 0
-    /* this is most likely never right anyway, but won't fail */
-    if(k_errno)
-      k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket);
-#endif
-  }
-  
-  if (k_errno == KSUCCESS)
-    {
-      struct ViceIoctl parms;
-      struct ClearToken ct;
-      int32_t sizeof_x;
-      char buf[2048], *t;
-
-      /*
-       * Build a struct ClearToken
-       */
-      ct.AuthHandle = c.kvno;
-      memcpy (ct.HandShakeKey, c.session, sizeof(c.session));
-      ct.ViceId = uid;	/* is this always valid? */
-      ct.BeginTimestamp = 1 + c.issue_date;
-      ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime);
-
-#define ODD(x) ((x) & 1)
-      /* If we don't know the numerical ID lifetime should be even? */
-      if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp))
-	ct.BeginTimestamp--;
-
-      t = buf;
-      /*
-       * length of secret token followed by secret token
-       */
-      sizeof_x = c.ticket_st.length;
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      memcpy(t, c.ticket_st.dat, sizeof_x);
-      t += sizeof_x;
-      /*
-       * length of clear token followed by clear token
-       */
-      sizeof_x = sizeof(ct);
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      memcpy(t, &ct, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * do *not* mark as primary cell
-       */
-      sizeof_x = 0;
-      memcpy(t, &sizeof_x, sizeof(sizeof_x));
-      t += sizeof(sizeof_x);
-      /*
-       * follow with cell name
-       */
-      sizeof_x = strlen(cell) + 1;
-      memcpy(t, cell, sizeof_x);
-      t += sizeof_x;
-
-      /*
-       * Build argument block
-       */
-      parms.in = buf;
-      parms.in_size = t - buf;
-      parms.out = 0;
-      parms.out_size = 0;
-      k_pioctl(0, VIOCSETTOK, &parms, 0);
-    }
-  return k_errno;
+    return krb_afslog_uid_home (cell, realm, getuid(), homedir);
 }
 
+/*
+ *
+ */
+
 int
-k_afsklog(const char *cell, const char *krealm)
+krb_realm_of_cell(const char *cell, char **realm)
 {
-  return k_afsklog_uid (cell, krealm, getuid());
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
 }
diff --git a/crypto/kerberosIV/lib/kafs/afskrb5.c b/crypto/kerberosIV/lib/kafs/afskrb5.c
new file mode 100644
index 0000000..a25dd7e
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/afskrb5.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb5.c,v 1.7 1999/07/07 12:30:06 assar Exp $");
+
+struct krb5_kafs_data {
+    krb5_context context;
+    krb5_ccache id;
+    krb5_const_realm realm;
+};
+
+static int
+get_cred(kafs_data *data, const char *name, const char *inst, 
+	 const char *realm, CREDENTIALS *c)
+{
+    krb5_error_code ret;
+    krb5_creds in_creds, *out_creds;
+    struct krb5_kafs_data *d = data->data;
+
+    memset(&in_creds, 0, sizeof(in_creds));
+    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
+				  &in_creds.server);
+    if(ret)
+	return ret;
+    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
+    if(ret){
+	krb5_free_principal(d->context, in_creds.server);
+	return ret;
+    }
+    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
+    krb5_free_principal(d->context, in_creds.server);
+    krb5_free_principal(d->context, in_creds.client);
+    if(ret)
+	return ret;
+    ret = krb524_convert_creds_kdc(d->context, out_creds, c);
+    krb5_free_creds(d->context, out_creds);
+    return ret;
+}
+
+static krb5_error_code
+afslog_uid_int(kafs_data *data, const char *cell, uid_t uid,
+	       const char *homedir)
+{
+    krb5_error_code ret;
+    CREDENTIALS c;
+    krb5_realm lrealm; /* local realm */
+    struct krb5_kafs_data *d = data->data;
+    
+    if (cell == 0 || cell[0] == 0)
+	return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+    ret = krb5_get_default_realm(d->context, &lrealm);
+    if(ret || (d->realm && strcmp(d->realm, lrealm) == 0)){
+	free(lrealm);
+	lrealm = NULL;
+    }
+
+    ret = _kafs_get_cred(data, cell, d->realm, lrealm, &c);
+    if(lrealm)
+	free(lrealm);
+    
+    if(ret == 0)
+	ret = kafs_settoken(cell, uid, &c);
+    return ret;
+}
+
+static char *
+get_realm(kafs_data *data, const char *host)
+{
+    struct krb5_kafs_data *d = data->data;
+    krb5_realm *realms;
+    char *r;
+    if(krb5_get_host_realm(d->context, host, &realms))
+	return NULL;
+    r = strdup(realms[0]);
+    krb5_free_host_realm(d->context, realms);
+    return r;
+}
+
+krb5_error_code
+krb5_afslog_uid_home(krb5_context context,
+		     krb5_ccache id,
+		     const char *cell,
+		     krb5_const_realm realm,
+		     uid_t uid,
+		     const char *homedir)
+{
+    kafs_data kd;
+    struct krb5_kafs_data d;
+    kd.afslog_uid = afslog_uid_int;
+    kd.get_cred = get_cred;
+    kd.get_realm = get_realm;
+    kd.data = &d;
+    d.context = context;
+    d.id = id;
+    d.realm = realm;
+    return afslog_uid_int(&kd, cell, uid, homedir);
+}
+
+krb5_error_code
+krb5_afslog_uid(krb5_context context,
+		krb5_ccache id,
+		const char *cell,
+		krb5_const_realm realm,
+		uid_t uid)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
+}
+
+krb5_error_code
+krb5_afslog(krb5_context context,
+	    krb5_ccache id, 
+	    const char *cell,
+	    krb5_const_realm realm)
+{
+    return krb5_afslog_uid (context, id, cell, realm, getuid());
+}
+
+krb5_error_code
+krb5_afslog_home(krb5_context context,
+		 krb5_ccache id, 
+		 const char *cell,
+		 krb5_const_realm realm,
+		 const char *homedir)
+{
+    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_realm_of_cell(const char *cell, char **realm)
+{
+    kafs_data kd;
+
+    kd.get_realm = get_realm;
+    return _kafs_realm_of_cell(&kd, cell, realm);
+}
diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c
index 741225c..2c6e3af 100644
--- a/crypto/kerberosIV/lib/kafs/afssys.c
+++ b/crypto/kerberosIV/lib/kafs/afssys.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,28 +38,34 @@
 
 #include "kafs_locl.h"
 
-RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $");
+RCSID("$Id: afssys.c,v 1.63 1999/05/08 02:24:32 assar Exp $");
+
+int _kafs_debug; /* this should be done in a better way */
+
+#define NO_ENTRY_POINT		0
+#define SINGLE_ENTRY_POINT	1
+#define MULTIPLE_ENTRY_POINT	2
+#define SINGLE_ENTRY_POINT2	3
+#define SINGLE_ENTRY_POINT3	4
+#define AIX_ENTRY_POINTS	5
+#define UNKNOWN_ENTRY_POINT	6
+static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
 
 /* Magic to get AIX syscalls to work */
 #ifdef _AIX
 
-static int (*Pioctl)(char*, int, void*, int);
+static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
 static int (*Setpag)(void);
 
 #include "dlfcn.h"
 
-static int
-isSuid()
-{
-    int uid = getuid();
-    int gid = getgid();
-    int euid = getegid();
-    int egid = getegid();
-    return (uid != euid) || (gid != egid);
-}
+/*
+ *
+ */
 
 static int
-aix_setup(void)
+try_aix(void)
 {
 #ifdef STATIC_AFS_SYSCALLS
     Pioctl = aix_pioctl;
@@ -70,30 +76,63 @@ aix_setup(void)
     /*
      * If we are root or running setuid don't trust AFSLIBPATH!
      */
-    if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
-	strcpy(path, p);
+    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+	strcpy_truncate(path, p, sizeof(path));
     else
 	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
 	
-    ptr = dlopen(path, 0);
-    if(ptr){
-	Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
-	Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl");
+    ptr = dlopen(path, RTLD_NOW);
+    if(ptr == NULL) {
+	if(_kafs_debug) {
+	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
+		fprintf(stderr, "dlopen(%s): %s\n", path, p);
+	    else if (errno != ENOENT)
+		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
+	}
+	return 1;
     }
+    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
+    Pioctl = (int (*)(char*, int, 
+		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
 #endif
+    afs_entry_point = AIX_ENTRY_POINTS;
+    return 0;
 }
 #endif /* _AIX */
 
-#define NO_ENTRY_POINT		0
-#define SINGLE_ENTRY_POINT	1
-#define MULTIPLE_ENTRY_POINT	2
-#define SINGLE_ENTRY_POINT2	3
-#define SINGLE_ENTRY_POINT3	4
-#define AIX_ENTRY_POINTS	5
-#define UNKNOWN_ENTRY_POINT	6
-static int afs_entry_point = UNKNOWN_ENTRY_POINT;
-static int afs_syscalls[2];
+/* 
+ * This probably only works under Solaris and could get confused if
+ * there's a /etc/name_to_sysnum file.  
+ */
+
+#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
 
+static int
+map_syscall_name_to_number (const char *str, int *res)
+{
+    FILE *f;
+    char buf[256];
+    size_t str_len = strlen (str);
+
+    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
+    if (f == NULL)
+	return -1;
+    while (fgets (buf, sizeof(buf), f) != NULL) {
+	if (strncmp (str, buf, str_len) == 0) {
+	    char *begptr = buf + str_len;
+	    char *endptr;
+	    long val = strtol (begptr, &endptr, 0);
+
+	    if (val != 0 && endptr != begptr) {
+		fclose (f);
+		*res = val;
+		return 0;
+	    }
+	}
+    }
+    fclose (f);
+    return -1;
+}
 
 int
 k_pioctl(char *a_path,
@@ -191,12 +230,65 @@ SIGSYS_handler(int sig)
 
 #endif
 
+/*
+ * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
+ */
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+static int
+try_one (int syscall_num)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_num, AFSCALL_PIOCTL,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = SINGLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_num;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
+/*
+ * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
+ * succesful.
+ *
+ */
+
+#ifdef AFS_PIOCTL
+static int
+try_two (int syscall_pioctl, int syscall_setpag)
+{
+    struct ViceIoctl parms;
+    memset(&parms, 0, sizeof(parms));
+
+    if (setjmp(catch_SIGSYS) == 0) {
+	syscall(syscall_pioctl,
+		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+	if (errno == EINVAL) {
+	    afs_entry_point = MULTIPLE_ENTRY_POINT;
+	    afs_syscalls[0] = syscall_pioctl;
+	    afs_syscalls[1] = syscall_setpag;
+	    return 0;
+	}
+    }
+    return 1;
+}
+#endif
+
 int
 k_hasafs(void)
 {
-    int saved_errno;
+#if !defined(NO_AFS) && defined(SIGSYS)
     RETSIGTYPE (*saved_func)();
-    struct ViceIoctl parms;
+#endif
+    int saved_errno;
+    char *env = getenv ("AFS_SYSCALL");
   
     /*
      * Already checked presence of AFS syscalls?
@@ -210,7 +302,6 @@ k_hasafs(void)
      * If the syscall is absent we recive a SIGSYS.
      */
     afs_entry_point = NO_ENTRY_POINT;
-    memset(&parms, 0, sizeof(parms));
   
     saved_errno = errno;
 #ifndef NO_AFS
@@ -218,69 +309,85 @@ k_hasafs(void)
     saved_func = signal(SIGSYS, SIGSYS_handler);
 #endif
 
-#ifdef AFS_SYSCALL
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT;
-		    afs_syscalls[0] = AFS_SYSCALL;
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+    {
+	int tmp;
+
+	if (env != NULL) {
+	    if (sscanf (env, "%d", &tmp) == 1) {
+		if (try_one (tmp) == 0)
 		    goto done;
+	    } else {
+		char *end = NULL;
+		char *p;
+		char *s = strdup (env);
+
+		if (s != NULL) {
+		    for (p = strtok_r (s, ",", &end);
+			 p != NULL;
+			 p = strtok_r (NULL, ",", &end)) {
+			if (map_syscall_name_to_number (p, &tmp) == 0)
+			    if (try_one (tmp) == 0) {
+				free (s);
+				goto done;
+			    }
+		    }
+		    free (s);
 		}
+	    }
 	}
+    }
+#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
+
+#ifdef AFS_SYSCALL
+    if (try_one (AFS_SYSCALL) == 0)
+	goto done;
 #endif /* AFS_SYSCALL */
 
 #ifdef AFS_PIOCTL
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = MULTIPLE_ENTRY_POINT;
-		    afs_syscalls[0] = AFS_PIOCTL;
-		    afs_syscalls[1] = AFS_SETPAG;
-		    goto done;
-		}
-	}
+    {
+	int tmp[2];
+
+	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
+	    if (try_two (tmp[0], tmp[1]) == 2)
+		goto done;
+    }
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_PIOCTL
+    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
+	goto done;
 #endif /* AFS_PIOCTL */
 
 #ifdef AFS_SYSCALL2
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL2, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT2;
-		    afs_syscalls[0] = AFS_SYSCALL2;
-		    goto done;
-		}
-	}
-#endif /* AFS_SYSCALL */
+    if (try_one (AFS_SYSCALL2) == 0)
+	goto done;
+#endif /* AFS_SYSCALL2 */
 
 #ifdef AFS_SYSCALL3
-    if (setjmp(catch_SIGSYS) == 0)
-	{
-	    syscall(AFS_SYSCALL3, AFSCALL_PIOCTL,
-		    0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	    if (errno == EINVAL)
-		{
-		    afs_entry_point = SINGLE_ENTRY_POINT3;
-		    afs_syscalls[0] = AFS_SYSCALL3;
+    if (try_one (AFS_SYSCALL3) == 0)
+	goto done;
+#endif /* AFS_SYSCALL3 */
+
+#ifdef _AIX
+#if 0
+    if (env != NULL) {
+	char *pos = NULL;
+	char *pioctl_name;
+	char *setpag_name;
+
+	pioctl_name = strtok_r (env, ", \t", &pos);
+	if (pioctl_name != NULL) {
+	    setpag_name = strtok_r (NULL, ", \t", &pos);
+	    if (setpag_name != NULL)
+		if (try_aix (pioctl_name, setpag_name) == 0)
 		    goto done;
-		}
 	}
-#endif /* AFS_SYSCALL */
+    }
+#endif
 
-#ifdef _AIX
-    aix_setup();
-    if(Pioctl != NULL && Setpag != NULL){
-	afs_entry_point = AIX_ENTRY_POINTS;
+    if(try_aix() == 0)
 	goto done;
-    }
 #endif
 
 done:
diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h
index 028f9b3..7193eea 100644
--- a/crypto/kerberosIV/lib/kafs/afssysdefs.h
+++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */
+/* $Id: afssysdefs.h,v 1.19.4.1 1999/07/22 03:21:43 assar Exp $ */
 
 /*
  * This section is for machines using single entry point AFS syscalls!
@@ -47,17 +47,22 @@
  * entry point syscalls.
  */
 
-#if SunOS == 4
+#if SunOS == 40
 #define AFS_SYSCALL	31
 #endif
 
-#if SunOS == 5
+#if SunOS >= 50 && SunOS < 57
 #define AFS_SYSCALL	105
 #endif
 
+#if SunOS == 57
+#define AFS_SYSCALL	73
+#endif
+
 #if defined(__hpux)
 #define AFS_SYSCALL	50
 #define AFS_SYSCALL2	49
+#define AFS_SYSCALL3	48
 #endif
 
 #if defined(_AIX)
@@ -78,7 +83,7 @@
 #define AFS_SYSCALL	31
 #endif
 
-#if defined(__NetBSD__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 #define AFS_SYSCALL 210
 #endif
 
diff --git a/crypto/kerberosIV/lib/kafs/common.c b/crypto/kerberosIV/lib/kafs/common.c
new file mode 100644
index 0000000..54d7b1b
--- /dev/null
+++ b/crypto/kerberosIV/lib/kafs/common.c
@@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: common.c,v 1.15 1999/06/09 22:41:41 assar Exp $");
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void
+foldup(char *a, const char *b)
+{
+  for (; *b; a++, b++)
+    if (IsAsciiLower(*b))
+      *a = ToAsciiUpper(*b);
+    else
+      *a = *b;
+  *a = '\0';
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+    struct ViceIoctl parms;
+    struct ClearToken ct;
+    int32_t sizeof_x;
+    char buf[2048], *t;
+    int ret;
+    
+    /*
+     * Build a struct ClearToken
+     */
+    ct.AuthHandle = c->kvno;
+    memcpy (ct.HandShakeKey, c->session, sizeof(c->session));
+    ct.ViceId = uid;
+    ct.BeginTimestamp = c->issue_date;
+    ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+    if(ct.EndTimestamp < time(NULL))
+	return 0; /* don't store tokens that has expired (and possibly
+		     overwriting valid tokens)*/
+
+#define ODD(x) ((x) & 1)
+    /* According to Transarc conventions ViceId is valid iff
+     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
+     * the transformations:
+     *
+     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
+     * preserves the original values.
+     */
+    if (uid != 0)		/* valid ViceId */
+      {
+	if (!ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+    else			/* not valid ViceId */
+      {
+	if (ODD(ct.EndTimestamp - ct.BeginTimestamp))
+	  ct.EndTimestamp--;
+      }
+
+    t = buf;
+    /*
+     * length of secret token followed by secret token
+     */
+    sizeof_x = c->ticket_st.length;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, c->ticket_st.dat, sizeof_x);
+    t += sizeof_x;
+    /*
+     * length of clear token followed by clear token
+     */
+    sizeof_x = sizeof(ct);
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    memcpy(t, &ct, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * do *not* mark as primary cell
+     */
+    sizeof_x = 0;
+    memcpy(t, &sizeof_x, sizeof(sizeof_x));
+    t += sizeof(sizeof_x);
+    /*
+     * follow with cell name
+     */
+    sizeof_x = strlen(cell) + 1;
+    memcpy(t, cell, sizeof_x);
+    t += sizeof_x;
+
+    /*
+     * Build argument block
+     */
+    parms.in = buf;
+    parms.in_size = t - buf;
+    parms.out = 0;
+    parms.out_size = 0;
+    ret = k_pioctl(0, VIOCSETTOK, &parms, 0);
+    return ret;
+}
+
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver, size_t len)
+{
+    struct dns_reply *r;
+    int ok = -1;
+    r = dns_lookup(cell, "afsdb");
+    if(r){
+	struct resource_record *rr = r->head;
+	while(rr){
+	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+		strcpy_truncate(dbserver,
+				rr->u.afsdb->domain,
+				len);
+		ok = 0;
+		break;
+	    }
+	    rr = rr->next;
+	}
+	dns_free_data(r);
+    }
+    return ok;
+}
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(char *file, char ***cells, int *index)
+{
+    FILE *f;
+    char cell[64];
+    int i;
+    int ind = *index;
+
+    f = fopen(file, "r");
+    if (f == NULL)
+	return;
+    while (fgets(cell, sizeof(cell), f)) {
+	char *nl = strchr(cell, '\n');
+	if (nl)
+	    *nl = '\0';
+	if (cell[0] == '\0')
+	    continue;
+	for(i = 0; i < ind; i++)
+	    if(strcmp((*cells)[i], cell) == 0)
+		break;
+	if(i == ind){
+	    char **tmp;
+
+	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
+	    if (tmp == NULL)
+		break;
+	    *cells = tmp;
+	    (*cells)[ind] = strdup(cell);
+	    if ((*cells)[ind] == NULL)
+		break;
+	    ++ind;
+	}
+    }
+    fclose(f);
+    *index = ind;
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(kafs_data *data, char **cells, int max, uid_t uid,
+	     const char *homedir)
+{
+    int ret = 0;
+    int i;
+    for(i = 0; i < max; i++)
+	ret = (*data->afslog_uid)(data, cells[i], uid, homedir);
+    return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir)
+{
+    int ret;
+    char **cells = NULL;
+    int index = 0;
+
+    if (homedir == NULL)
+	homedir = getenv("HOME");
+    if (homedir != NULL) {
+	char home[MaxPathLen];
+	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
+	find_cells(home, &cells, &index);
+    }
+    find_cells(_PATH_THESECELLS, &cells, &index);
+    find_cells(_PATH_THISCELL, &cells, &index);
+    find_cells(_PATH_ARLA_THESECELLS, &cells, &index);
+    find_cells(_PATH_ARLA_THISCELL, &cells, &index);
+    
+    ret = afslog_cells(data, cells, index, uid, homedir);
+    while(index > 0)
+	free(cells[--index]);
+    free(cells);
+    return ret;
+}
+
+
+/* Find the realm associated with cell. Do this by opening
+   /usr/vice/etc/CellServDB and getting the realm-of-host for the
+   first VL-server for the cell.
+
+   This does not work when the VL-server is living in one realm, but
+   the cell it is serving is living in another realm.
+
+   Return 0 on success, -1 otherwise.
+   */
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm)
+{
+    FILE *F;
+    char buf[1024];
+    char *p;
+    int ret = -1;
+
+    if ((F = fopen(_PATH_CELLSERVDB, "r"))
+	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) {
+	while (fgets(buf, sizeof(buf), F)) {
+	    if (buf[0] != '>')
+		continue; /* Not a cell name line, try next line */
+	    if (strncmp(buf + 1, cell, strlen(cell)) == 0) {
+		/*
+		 * We found the cell name we're looking for.
+		 * Read next line on the form ip-address '#' hostname
+		 */
+		if (fgets(buf, sizeof(buf), F) == NULL)
+		    break;	/* Read failed, give up */
+		p = strchr(buf, '#');
+		if (p == NULL)
+		    break;	/* No '#', give up */
+		p++;
+		if (buf[strlen(buf) - 1] == '\n')
+		    buf[strlen(buf) - 1] = '\0';
+		*realm = (*data->get_realm)(data, p);
+		if (*realm && **realm != '\0')
+		    ret = 0;
+		break;		/* Won't try any more */
+	    }
+	}
+	fclose(F);
+    }
+    if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0) {
+	*realm = strdup(krb_realmofhost(buf));
+	if(*realm != NULL)
+	    ret = 0;
+    }
+    return ret;
+}
+
+int
+_kafs_get_cred(kafs_data *data,
+	      const char *cell, 
+	      const char *krealm, 
+	      const char *lrealm,
+	      CREDENTIALS *c)
+{
+    int ret = -1;
+    char *vl_realm;
+    char CELL[64];
+
+    /* We're about to find the the realm that holds the key for afs in
+     * the specified cell. The problem is that null-instance
+     * afs-principals are common and that hitting the wrong realm might
+     * yield the wrong afs key. The following assumptions were made.
+     *
+     * Any realm passed to us is preferred.
+     *
+     * If there is a realm with the same name as the cell, it is most
+     * likely the correct realm to talk to.
+     *
+     * In most (maybe even all) cases the database servers of the cell
+     * will live in the realm we are looking for.
+     *
+     * Try the local realm, but if the previous cases fail, this is
+     * really a long shot.
+     *
+     */
+  
+    /* comments on the ordering of these tests */
+
+    /* If the user passes a realm, she probably knows something we don't
+     * know and we should try afs@krealm (otherwise we're talking with a
+     * blondino and she might as well have it.)
+     */
+  
+    if (krealm) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, krealm, c);
+	if (ret == 0) return 0;
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", krealm, c);
+    }
+    if (ret == 0) return 0;
+
+    foldup(CELL, cell);
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c);
+    if (ret == 0) return 0;
+
+    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c);
+    if (ret == 0) return 0;
+    
+    /* this might work in some cases */
+    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0) {
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c);
+	if (ret)
+	    ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c);
+	free(vl_realm);
+	if (ret == 0) return 0;
+    }
+    
+    if (lrealm)
+	ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, lrealm, c);
+    return ret;
+}
+
+
diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c
index 3f4de92..98e081c 100644
--- a/crypto/kerberosIV/lib/kafs/dlfcn.c
+++ b/crypto/kerberosIV/lib/kafs/dlfcn.c
@@ -115,14 +115,12 @@ void *dlopen(const char *path, int mode)
 		}
 	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "calloc: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, "calloc: %s", strerror(errno));
 		return NULL;
 	}
 	if ((mp->name = strdup(path)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "strdup: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, "strdup: %s", strerror(errno));
 		free(mp);
 		return NULL;
 	}
@@ -134,9 +132,8 @@ void *dlopen(const char *path, int mode)
 		free(mp->name);
 		free(mp);
 		errvalid++;
-		strcpy(errbuf, "dlopen: ");
-		strcat(errbuf, path);
-		strcat(errbuf, ": ");
+		snprintf (errbuf, sizeof(errbuf),
+			  "dlopen: %s: ", path);
 		/*
 		 * If AIX says the file is not executable, the error
 		 * can be further described by querying the loader about
@@ -145,14 +142,18 @@ void *dlopen(const char *path, int mode)
 		if (errno == ENOEXEC) {
 			char *tmp[BUFSIZ/sizeof(char *)];
 			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
-				strcpy(errbuf, strerror(errno));
+				strcpy_truncate(errbuf,
+						strerror(errno),
+						sizeof(errbuf));
 			else {
 				char **p;
 				for (p = tmp; *p; p++)
 					caterr(*p);
 			}
 		} else
-			strcat(errbuf, strerror(errno));
+			strcat_truncate(errbuf,
+					strerror(errno),
+					sizeof(errbuf));
 		return NULL;
 	}
 	mp->refCnt = 1;
@@ -161,8 +162,8 @@ void *dlopen(const char *path, int mode)
 	if (loadbind(0, mainModule, mp->entry) == -1) {
 		dlclose(mp);
 		errvalid++;
-		strcpy(errbuf, "loadbind: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "loadbind: %s", strerror(errno));
 		return NULL;
 	}
 	/*
@@ -175,8 +176,9 @@ void *dlopen(const char *path, int mode)
 			if (loadbind(0, mp1->entry, mp->entry) == -1) {
 				dlclose(mp);
 				errvalid++;
-				strcpy(errbuf, "loadbind: ");
-				strcat(errbuf, strerror(errno));
+				snprintf (errbuf, sizeof(errbuf),
+					  "loadbind: %s",
+					  strerror(errno));
 				return NULL;
 			}
 	}
@@ -229,29 +231,29 @@ static void caterr(char *s)
 		p++;
 	switch(atoi(s)) {
 	case L_ERROR_TOOMANY:
-		strcat(errbuf, "to many errors");
+		strcat_truncate(errbuf, "to many errors", sizeof(errbuf));
 		break;
 	case L_ERROR_NOLIB:
-		strcat(errbuf, "can't load library");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "can't load library", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_UNDEF:
-		strcat(errbuf, "can't find symbol");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "can't find symbol", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_RLDBAD:
-		strcat(errbuf, "bad RLD");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "bad RLD", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_FORMAT:
-		strcat(errbuf, "bad exec format in");
-		strcat(errbuf, p);
+		strcat_truncate(errbuf, "bad exec format in", sizeof(errbuf));
+		strcat_truncate(errbuf, p, sizeof(errbuf));
 		break;
 	case L_ERROR_ERRNO:
-		strcat(errbuf, strerror(atoi(++p)));
+		strcat_truncate(errbuf, strerror(atoi(++p)), sizeof(errbuf));
 		break;
 	default:
-		strcat(errbuf, s);
+		strcat_truncate(errbuf, s, sizeof(errbuf));
 		break;
 	}
 }
@@ -270,8 +272,8 @@ void *dlsym(void *handle, const char *symbol)
 		if (strcmp(ep->name, symbol) == 0)
 			return ep->addr;
 	errvalid++;
-	strcpy(errbuf, "dlsym: undefined symbol ");
-	strcat(errbuf, symbol);
+	snprintf (errbuf, sizeof(errbuf),
+		  "dlsym: undefined symbol %s", symbol);		  
 	return NULL;
 }
 
@@ -311,7 +313,8 @@ int dlclose(void *handle)
 	result = unload(mp->entry);
 	if (result == -1) {
 		errvalid++;
-		strcpy(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "%s", strerror(errno));
 	}
 	if (mp->exports) {
 		ExportPtr ep;
@@ -360,8 +363,9 @@ static int readExports(ModulePtr mp)
 		int size = 4*1024;
 		if (errno != ENOENT) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			return -1;
 		}
 		/*
@@ -371,8 +375,9 @@ static int readExports(ModulePtr mp)
 		 */
 		if ((buf = malloc(size)) == NULL) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			return -1;
 		}
 		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
@@ -380,15 +385,17 @@ static int readExports(ModulePtr mp)
 			size += 4*1024;
 			if ((buf = malloc(size)) == NULL) {
 				errvalid++;
-				strcpy(errbuf, "readExports: ");
-				strcat(errbuf, strerror(errno));
+				snprintf(errbuf, sizeof(errbuf),
+					 "readExports: %s",
+					 strerror(errno));
 				return -1;
 			}
 		}
 		if (i == -1) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf(errbuf, sizeof(errbuf),
+				 "readExports: %s",
+				 strerror(errno));
 			free(buf);
 			return -1;
 		}
@@ -411,14 +418,14 @@ static int readExports(ModulePtr mp)
 		free(buf);
 		if (!ldp) {
 			errvalid++;
-			strcpy(errbuf, "readExports: ");
-			strcat(errbuf, strerror(errno));
+			snprintf (errbuf, sizeof(errbuf),
+				  "readExports: %s", strerror(errno));
 			return -1;
 		}
 	}
 	if (TYPE(ldp) != U802TOCMAGIC) {
 		errvalid++;
-		strcpy(errbuf, "readExports: bad magic");
+		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
@@ -430,14 +437,16 @@ static int readExports(ModulePtr mp)
 	 */
 	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read data section header");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read data section header");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
 	}
 	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read loader section header");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section header");
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
@@ -448,15 +457,16 @@ static int readExports(ModulePtr mp)
 	 */
 	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "readExports: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
 		while(ldclose(ldp) == FAILURE)
 			;
 		return -1;
 	}
 	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot seek to loader section");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot seek to loader section");
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -464,7 +474,8 @@ static int readExports(ModulePtr mp)
 	}
 	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
 		errvalid++;
-		strcpy(errbuf, "readExports: cannot read loader section");
+		snprintf(errbuf, sizeof(errbuf),
+			 "readExports: cannot read loader section");
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -482,8 +493,8 @@ static int readExports(ModulePtr mp)
 	}
 	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "readExports: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "readExports: %s", strerror(errno));
 		free(ldbuf);
 		while(ldclose(ldp) == FAILURE)
 			;
@@ -508,8 +519,8 @@ static int readExports(ModulePtr mp)
 			 * must copy the first SYMNMLEN chars and make
 			 * sure we have a zero byte at the end.
 			 */
-			strncpy(tmpsym, ls->l_name, SYMNMLEN);
-			tmpsym[SYMNMLEN] = '\0';
+		        strcpy_truncate (tmpsym, ls->l_name,
+					 SYMNMLEN + 1);
 			symname = tmpsym;
 		}
 		ep->name = strdup(symname);
@@ -537,8 +548,8 @@ static void * findMain(void)
 
 	if ((buf = malloc(size)) == NULL) {
 		errvalid++;
-		strcpy(errbuf, "findMain: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
 		return NULL;
 	}
 	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
@@ -546,15 +557,15 @@ static void * findMain(void)
 		size += 4*1024;
 		if ((buf = malloc(size)) == NULL) {
 			errvalid++;
-			strcpy(errbuf, "findMain: ");
-			strcat(errbuf, strerror(errno));
+			snprintf (errbuf, sizeof(errbuf),
+				  "findMail: %s", strerror(errno));
 			return NULL;
 		}
 	}
 	if (i == -1) {
 		errvalid++;
-		strcpy(errbuf, "findMain: ");
-		strcat(errbuf, strerror(errno));
+		snprintf (errbuf, sizeof(errbuf),
+			  "findMail: %s", strerror(errno));
 		free(buf);
 		return NULL;
 	}
diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h
index 6ada6ab..6174f74 100644
--- a/crypto/kerberosIV/lib/kafs/kafs_locl.h
+++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,13 +36,14 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */
+/* $Id: kafs_locl.h,v 1.12.2.1 1999/07/22 03:22:05 assar Exp $ */
 
 #ifndef __KAFS_LOCL_H__
 #define __KAFS_LOCL_H__
 
+#ifdef HAVE_CONFIG_H
 #include <config.h>
-#include <protos.h>
+#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -57,7 +58,7 @@
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 #ifdef HAVE_SYS_FILIO_H
@@ -73,6 +74,13 @@
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
@@ -85,12 +93,45 @@
 #endif
 #include <roken.h>
 
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
 #include <krb.h>
+#endif
 #include <kafs.h>
 
 #include <resolve.h>
 
 #include "afssysdefs.h"
 
+struct kafs_data;
+typedef int (*afslog_uid_func_t)(struct kafs_data*, const char*, uid_t,
+				 const char *);
+
+typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
+				    const char*, CREDENTIALS*);
+
+typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
+
+typedef struct kafs_data {
+    afslog_uid_func_t afslog_uid;
+    get_cred_func_t get_cred;
+    get_realm_func_t get_realm;
+    void *data;
+} kafs_data;
+
+int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*);
+
+int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, 
+		  CREDENTIALS*);
+
+int
+_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm);
+
+#ifdef _AIX
+int aix_pioctl(char*, int, struct ViceIoctl*, int);
+int aix_setpag(void);
+#endif
 
 #endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in
index f6fb962..ac90e05 100644
--- a/crypto/kerberosIV/lib/kdb/Makefile.in
+++ b/crypto/kerberosIV/lib/kdb/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $
+# $Id: Makefile.in,v 1.40 1999/03/10 19:01:15 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -8,10 +8,13 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
-DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -23,6 +26,11 @@ libdir = @libdir@
 
 PICFLAGS = @PICFLAGS@
  
+LIB_DBM  = @LIB_DBM@
+LIB_DEPS = @lib_deps_yes@ $(LIB_DBM) -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+
 LIBNAME = $(LIBPREFIX)kdb
 LIBEXT = @LIBEXT@
 SHLIBEXT = @SHLIBEXT@
@@ -30,9 +38,11 @@ LIBPREFIX = @LIBPREFIX@
 LDSHARED = @LDSHARED@
 LIB = $(LIBNAME).$(LIBEXT)
 
-SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c
+SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c \
+	krb_dbm.c print_princ.c
 
-OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o
+OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o \
+	krb_dbm.o print_princ.o
 
 all: $(LIB)
 
@@ -40,14 +50,15 @@ Wall:
 		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I$(srcdir) -I. $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -55,22 +66,16 @@ TAGS: $(SOURCES)
 check:
 
 clean:
-	rm -f $(LIB) *.o *.a
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations
 
 mostlyclean: clean
 
 distclean: clean
-	rm -f Makefile *.tab.c *~
+	rm -f Makefile *.tab.c *~ roken_rename.h
 
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
@@ -78,6 +83,12 @@ $(LIBNAME).a: $(OBJECTS)
 
 $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS)
+	$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
+
+$(OBJECTS): ../../include/config.h roken_rename.h
+
+roken_rename.h:
+	$(LN_S) $(srcdir)/../krb/roken_rename.h .
 
-$(OBJECTS): ../../include/config.h
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c
index ed4a5b1..bd8da50 100644
--- a/crypto/kerberosIV/lib/kdb/krb_cache.c
+++ b/crypto/kerberosIV/lib/kdb/krb_cache.c
@@ -25,7 +25,7 @@ or implied warranty.
 
 #include "kdb_locl.h"
 
-RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $");
+RCSID("$Id: krb_cache.c,v 1.7 1998/06/09 19:25:14 joda Exp $");
 
 #ifdef DEBUG
 extern int debug;
@@ -49,12 +49,10 @@ kerb_cache_init(void)
  */
 
 int
-kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max)
-                 		/* could have wild card */
-                 		/* could have wild card */
-                         
-                     		/* max number of name structs to return */
-
+kerb_cache_get_principal(char *serv, /* could have wild card */
+			 char *inst, /* could have wild card */
+			 Principal *principal,
+			 unsigned int max) /* max number of name structs to return */
 {
     int     found = 0;
 
@@ -86,11 +84,10 @@ kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned
  */
 
 int
-kerb_cache_put_principal(Principal *principal, unsigned int max)
-                         
+kerb_cache_put_principal(Principal *principal,
+			 unsigned int max)
                      		/* max number of principal structs to
 				 * insert */
-
 {
     u_long  i;
     int     count = 0;
@@ -123,12 +120,10 @@ kerb_cache_put_principal(Principal *principal, unsigned int max)
  */
 
 int
-kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max)
-                 		/* could have wild card */
-                 		/* could have wild card */
-                
-                     		/* max number of name structs to return */
-
+kerb_cache_get_dba(char *serv,	/* could have wild card */
+		   char *inst,	/* could have wild card */
+		   Dba *dba,
+		   unsigned int max) /* max number of name structs to return */
 {
     int     found = 0;
 
@@ -159,10 +154,9 @@ kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max)
  */
 
 int
-kerb_cache_put_dba(Dba *dba, unsigned int max)
-                
+kerb_cache_put_dba(Dba *dba,
+		   unsigned int max)
                      		/* max number of dba structs to insert */
-
 {
     u_long  i;
     int     count = 0;
diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c
index 963656a..ca6a2c8 100644
--- a/crypto/kerberosIV/lib/kdb/krb_dbm.c
+++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "kdb_locl.h"
 
-RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $");
+RCSID("$Id: krb_dbm.c,v 1.36 1998/11/07 14:25:55 assar Exp $");
 
 #include <xdbm.h>
 
@@ -98,8 +98,6 @@ static int non_blocking = 0;
  * Utility routine: generate name of database file.
  */
 
-static char *gen_dbsuffix (char *db_name, char *sfx);
-
 static char *
 gen_dbsuffix(char *db_name, char *sfx)
 {
@@ -109,25 +107,21 @@ gen_dbsuffix(char *db_name, char *sfx)
 	sfx = ".ok";
 
     asprintf (&dbsuffix, "%s%s", db_name, sfx);
+    if (dbsuffix == NULL) {
+	fprintf (stderr, "gen_dbsuffix: out of memory\n");
+	exit(1);
+    }
     return dbsuffix;
 }
 
 static void
-decode_princ_key (datum *key, char *name, char *instance);
-
-static void
 decode_princ_key(datum *key, char *name, char *instance)
 {
-    strncpy(name, key->dptr, ANAME_SZ);
-    strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ);
-    name[ANAME_SZ - 1] = '\0';
-    instance[INST_SZ - 1] = '\0';
+    strcpy_truncate (name, key->dptr, ANAME_SZ);
+    strcpy_truncate (instance, (char *)key->dptr + ANAME_SZ, INST_SZ);
 }
 
 static void
-encode_princ_contents (datum *contents, Principal *principal);
-
-static void
 encode_princ_contents(datum *contents, Principal *principal)
 {
     contents->dsize = sizeof(*principal);
@@ -157,10 +151,7 @@ static int mylock = 0;
 static int inited = 0;
 
 static int
-kerb_dbl_init (void);
-
-static int
-kerb_dbl_init()
+kerb_dbl_init(void)
 {
     if (!inited) {
 	char *filename = gen_dbsuffix (current_db_name, ".ok");
@@ -177,10 +168,7 @@ kerb_dbl_init()
 }
 
 static void
-kerb_dbl_fini (void);
-
-static void
-kerb_dbl_fini()
+kerb_dbl_fini(void)
 {
     close(dblfd);
     dblfd = -1;
@@ -189,9 +177,6 @@ kerb_dbl_fini()
 }
 
 static int
-kerb_dbl_lock (int mode);
-
-static int
 kerb_dbl_lock(int mode)
 {
     int flock_mode;
@@ -206,47 +191,42 @@ kerb_dbl_lock(int mode)
     }
     switch (mode) {
     case KERB_DBL_EXCLUSIVE:
-	flock_mode = K_LOCK_EX;
+	flock_mode = LOCK_EX;
 	break;
     case KERB_DBL_SHARED:
-	flock_mode = K_LOCK_SH;
+	flock_mode = LOCK_SH;
 	break;
     default:
 	fprintf(stderr, "invalid lock mode %d\n", mode);
 	abort();
     }
     if (non_blocking)
-	flock_mode |= K_LOCK_NB;
+	flock_mode |= LOCK_NB;
     
-    if (k_flock(dblfd, flock_mode) < 0) 
+    if (flock(dblfd, flock_mode) < 0) 
 	return errno;
     mylock++;
     return 0;
 }
 
-static void kerb_dbl_unlock (void);
-
 static void
-kerb_dbl_unlock()
+kerb_dbl_unlock(void)
 {
     if (!mylock) {		/* lock already unlocked */
 	fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
 	fflush(stderr);
 	exit(1);
     }
-    if (k_flock(dblfd, K_LOCK_UN) < 0) {
+    if (flock(dblfd, LOCK_UN) < 0) {
 	fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
 	fflush(stderr);
-	perror("k_flock");
+	perror("flock");
 	exit(1);
     }
     mylock = 0;
 }
 
 int
-kerb_db_set_lockmode (int mode);
-
-int
 kerb_db_set_lockmode(int mode)
 {
     int old = non_blocking;
@@ -259,10 +239,7 @@ kerb_db_set_lockmode(int mode)
  */
 
 int
-kerb_db_init (void);
-
-int
-kerb_db_init()
+kerb_db_init(void)
 {
     init = 1;
     return (0);
@@ -274,10 +251,7 @@ kerb_db_init()
  */
 
 void
-kerb_db_fini (void);
-
-void
-kerb_db_fini()
+kerb_db_fini(void)
 {
 }
 
@@ -289,9 +263,6 @@ kerb_db_fini()
  */
 
 int
-kerb_db_set_name (char *name);
-
-int
 kerb_db_set_name(char *name)
 {
     DBM *db;
@@ -312,10 +283,7 @@ kerb_db_set_name(char *name)
  */
 
 time_t
-kerb_get_db_age (void);
-
-time_t
-kerb_get_db_age()
+kerb_get_db_age(void)
 {
     struct stat st;
     char *okname;
@@ -341,9 +309,6 @@ kerb_get_db_age()
  */
 
 static time_t
-kerb_start_update (char *db_name);
-
-static time_t
 kerb_start_update(char *db_name)
 {
     char *okname = gen_dbsuffix(db_name, ".ok");
@@ -358,9 +323,6 @@ kerb_start_update(char *db_name)
 }
 
 static int
-kerb_end_update (char *db_name, time_t age);
-
-static int
 kerb_end_update(char *db_name, time_t age)
 {
     int fd;
@@ -395,16 +357,11 @@ kerb_end_update(char *db_name, time_t age)
 }
 
 static time_t
-kerb_start_read (void);
-
-static time_t
-kerb_start_read()
+kerb_start_read(void)
 {
     return kerb_get_db_age();
 }
 
-static int kerb_end_read (time_t age);
-
 static int
 kerb_end_read(time_t age)
 {
@@ -520,7 +477,7 @@ kerb_db_delete_principal (char *name, char *inst)
 	kerb_db_init();
     
     for(try = 0; try < KERB_DB_MAX_RETRY; try++){
-	if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+	if((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
 	    return -1;
 	
 	db = dbm_open(current_db_name, O_RDWR, 0600);
@@ -570,6 +527,8 @@ kerb_db_get_principal (char *name, char *inst, Principal *principal,
 	    return -1;
 
 	db = dbm_open(current_db_name, O_RDONLY, 0600);
+	if (db == NULL)
+	    return -1;
 
 	*more = 0;
 
@@ -684,7 +643,9 @@ kerb_db_update(long *db, Principal *principal, unsigned int max)
     for (i = 0; i < max; i++) {
 	encode_princ_contents(&contents, principal);
 	encode_princ_key(&key, principal->name, principal->instance);
-	dbm_store((DBM *)db, key, contents, DBM_REPLACE);
+	if(dbm_store((DBM *)db, key, contents, DBM_REPLACE) < 0)
+	    return found; /* XXX some better mechanism to report
+			     failure should exist */
 #ifdef DEBUG
 	if (kerb_debug & 1) {
 	    fprintf(stderr, "\n put %s %s\n",
@@ -703,9 +664,6 @@ kerb_db_update(long *db, Principal *principal, unsigned int max)
  */
 
 int
-kerb_db_put_principal (Principal *principal, unsigned int max);
-
-int
 kerb_db_put_principal(Principal *principal,
 		      unsigned max)
 
@@ -724,9 +682,6 @@ kerb_db_put_principal(Principal *principal,
 }
 
 void
-kerb_db_get_stat (DB_stat *s);
-
-void
 kerb_db_get_stat(DB_stat *s)
 {
     gettimeofday(&timestamp, NULL);
@@ -745,17 +700,11 @@ kerb_db_get_stat(DB_stat *s)
 }
 
 void
-kerb_db_put_stat (DB_stat *s);
-
-void
 kerb_db_put_stat(DB_stat *s)
 {
 }
 
 void
-delta_stat (DB_stat *a, DB_stat *b, DB_stat *c);
-
-void
 delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
 {
     /* c = a - b then b = a for the next time */
@@ -772,7 +721,6 @@ delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
     c->n_put_stat = a->n_put_stat - b->n_put_stat;
 
     memcpy(b, a, sizeof(DB_stat));
-    return;
 }
 
 /*
@@ -781,16 +729,11 @@ delta_stat(DB_stat *a, DB_stat *b, DB_stat *c)
  */
 
 int
-kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more);
-
-int
-kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba,
-		unsigned max,
-		int *more)
-		/* could have wild card */
-		/* could have wild card */
-		/* max number of name structs to return */
-		/* where there more than 'max' tuples? */
+kerb_db_get_dba(char *dba_name,	/* could have wild card */
+		char *dba_inst,	/* could have wild card */
+		Dba *dba,
+		unsigned max,	/* max number of name structs to return */
+		int *more)	/* where there more than 'max' tuples? */
 {
     *more = 0;
     return (0);
@@ -809,6 +752,8 @@ kerb_db_iterate (k_iter_proc_t func, void *arg)
 	return code;
 
     db = dbm_open(current_db_name, O_RDONLY, 0600);
+    if (db == NULL)
+	return errno;
 
     for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
 	contents = dbm_fetch (db, key);
diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
index f321e9f..af941dc 100644
--- a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
+++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c
@@ -31,7 +31,7 @@ or implied warranty.
 
 #include <kdc.h>
 
-RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $");
+RCSID("$Id: krb_kdb_utils.c,v 1.25 1999/03/13 21:24:21 assar Exp $");
 
 /* always try /.k for backwards compatibility */
 static char *master_key_files[] = { MKEYFILE, "/.k", NULL };
@@ -60,7 +60,7 @@ k_strerror(int eno)
 int
 kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
 {
-  int kfile;
+  int kfile = -1;
   int i;
   char buf[1024];
 
@@ -128,8 +128,10 @@ kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule)
   exit(1);
 }
 
-int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, 
-			       int verify)
+int
+kdb_new_get_new_master_key(des_cblock *key,
+			   des_key_schedule schedule, 
+			   int verify)
 {
 #ifndef RANDOM_MKEY
   des_read_password(key, "\nEnter Kerberos master password: ", verify);
@@ -147,8 +149,10 @@ int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule,
   return 0;
 }
 
-int kdb_get_master_key(int prompt, des_cblock *master_key, 
-		       des_key_schedule master_key_sched)
+int
+kdb_get_master_key(int prompt,
+		   des_cblock *master_key, 
+		   des_key_schedule master_key_sched)
 {
   int ask = (prompt == KDB_GET_TWICE);
 #ifndef RANDOM_MKEY
@@ -163,9 +167,11 @@ int kdb_get_master_key(int prompt, des_cblock *master_key,
   return 0;
 }
 
-int kdb_kstash(des_cblock *master_key, char *file)
+int
+kdb_kstash(des_cblock *master_key, char *file)
 {
   int kfile;
+
   kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600);
   if (kfile < 0) {
     return -1;
@@ -191,7 +197,7 @@ kdb_encrypt_key (des_cblock (*in), des_cblock (*out),
   memcpy(out, in, sizeof(des_cblock));
 #else
   des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key,
- 	e_d_flag);
+		   e_d_flag);
 #endif
 }
 
@@ -214,7 +220,7 @@ kdb_verify_master_key (des_cblock *master_key,
   n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
 			 1 /* only one please */, &more);
   if ((n != 1) || more) {
-    if (out != (FILE *) NULL) 
+    if (out != NULL) 
       fprintf(out,
 	      "verify_master_key: %s, %d found.\n",
 	      "Kerberos error on master key version lookup",
@@ -225,7 +231,7 @@ kdb_verify_master_key (des_cblock *master_key,
   master_key_version = (long) principal_data[0].key_version;
 
   /* set up the master key */
-  if (out != (FILE *) NULL)  /* should we punt this? */
+  if (out != NULL)  /* should we punt this? */
     fprintf(out, "Current Kerberos master key version is %d.\n",
 	    principal_data[0].kdc_key_ver);
 
@@ -245,7 +251,7 @@ kdb_verify_master_key (des_cblock *master_key,
   memset(key_from_db, 0, sizeof(key_from_db));
   memset(principal_data, 0, sizeof (principal_data));
 
-  if (n && (out != (FILE *) NULL)) {
+  if (n && (out != NULL)) {
     fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
     fprintf(out, "does not match database.\n");
   }
diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c
index 19bf316..59949f9 100644
--- a/crypto/kerberosIV/lib/kdb/krb_lib.c
+++ b/crypto/kerberosIV/lib/kdb/krb_lib.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "kdb_locl.h"
 
-RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $");
+RCSID("$Id: krb_lib.c,v 1.13 1998/11/22 09:41:43 assar Exp $");
 
 #ifdef DEBUG
 extern int debug;
@@ -93,14 +93,11 @@ kerb_delete_principal(char *name, char *inst)
  */
 
 int
-kerb_get_principal(char *name, char *inst, Principal *principal,
-		   unsigned int max, int *more)
-                 		/* could have wild card */
-                 		/* could have wild card */
-                         
-                     		/* max number of name structs to return */
-                 		/* more tuples than room for */
-
+kerb_get_principal(char *name,	/* could have wild card */
+		   char *inst,	/* could have wild card */
+		   Principal *principal,
+		   unsigned int max, /* max number of name structs to return */
+		   int *more)	/* more tuples than room for */
 {
     int     found = 0;
 #ifdef CACHE
@@ -144,7 +141,7 @@ kerb_get_principal(char *name, char *inst, Principal *principal,
     found = kerb_db_get_principal(name, inst, principal, max, more);
     /* try to insert principal(s) into cache if it was found */
 #ifdef CACHE
-    if (found) {
+    if (found > 0) {
 	kerb_cache_put_principal(principal, found);
     }
 #endif
@@ -153,22 +150,20 @@ kerb_get_principal(char *name, char *inst, Principal *principal,
 
 /* principals */
 int
-kerb_put_principal(Principal *principal, unsigned int n)
-                         
+kerb_put_principal(Principal *principal,
+		   unsigned int n)                         
                    		/* number of principal structs to write */
 {
-    struct tm *tp;
-
     /* set mod date */
     principal->mod_date = time((time_t *)0);
     /* and mod date string */
 
-    tp = k_localtime(&principal->mod_date);
-    snprintf(principal->mod_date_txt,
-	     sizeof(principal->mod_date_txt),
-	     "%4d-%2d-%2d",
-	     tp->tm_year + 1900,
-	     tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+    strftime(principal->mod_date_txt, 
+	     sizeof(principal->mod_date_txt), 
+	     "%Y-%m-%d", k_localtime(&principal->mod_date));
+    strftime(principal->exp_date_txt, 
+	     sizeof(principal->exp_date_txt), 
+	     "%Y-%m-%d", k_localtime(&principal->exp_date));
 #ifdef DEBUG
     if (kerb_debug & 1) {
 	int i;
@@ -201,13 +196,11 @@ kerb_put_principal(Principal *principal, unsigned int n)
 }
 
 int
-kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more)
-                 		/* could have wild card */
-                 		/* could have wild card */
-                
-                     		/* max number of name structs to return */
-                 		/* more tuples than room for */
-
+kerb_get_dba(char *name,	/* could have wild card */
+	     char *inst,	/* could have wild card */
+	     Dba *dba,
+	     unsigned int max,	/* max number of name structs to return */
+	     int *more)		/* more tuples than room for */
 {
     int     found = 0;
 #ifdef CACHE
diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in
index 8b34d65..9697de6 100644
--- a/crypto/kerberosIV/lib/krb/Makefile.in
+++ b/crypto/kerberosIV/lib/krb/Makefile.in
@@ -1,37 +1,50 @@
 #
-# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $
+# $Id: Makefile.in,v 1.110 1999/03/10 19:01:16 joda Exp $
 #
-
-# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible.
-LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true`
-
 SHELL = /bin/sh
 
 srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 LN_S = @LN_S@
-DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 EXECSUFFIX=@EXECSUFFIX@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
 MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+top_builddir = ../..
 
-COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c 
+COMPILE_ET = ../com_err/compile_et
 
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 libdir = @libdir@
 
+includedir = @includedir@
+
+incdir = $(includedir)
+inc_DATA = krb_err.h
+idir = $(top_builddir)/include
+
 PICFLAGS = @PICFLAGS@
+
+# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible.
+
+LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "@LD_FLAGS@ -L../des -ldes"; true`
+
+LIB_DEPS = @lib_deps_yes@ `echo @LIB_res_search@ @LIB_dn_expand@ | sort | uniq` $(LIBDES) -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
  
-PROGS = sizetest$(EXEC_SUFFIX)
+PROGS = sizetest$(EXECSUFFIX)
 LIBNAME = $(LIBPREFIX)krb
 LIBEXT = @LIBEXT@
 SHLIBEXT = @SHLIBEXT@
@@ -39,176 +52,216 @@ LIBPREFIX = @LIBPREFIX@
 LDSHARED = @LDSHARED@
 LIB = $(LIBNAME).$(LIBEXT)
 
-SOURCES = cr_err_reply.c \
-          create_auth_reply.c \
-          create_ciph.c \
-          create_death_packet.c \
-          create_ticket.c \
-          dest_tkt.c \
-          get_in_tkt.c \
-          get_svc_in_tkt.c \
-          getrealm.c \
-          k_localtime.c \
-          krb_err_txt.c \
-          krb_get_in_tkt.c \
-          kuserok.c \
-	  parse_name.c \
-          kntoln.c \
-	  mk_auth.c \
-	  krb_check_auth.c \
-          mk_err.c \
-          mk_safe.c \
-          rd_err.c \
-          rd_safe.c \
-          recvauth.c \
-          mk_priv.c \
-          rd_req.c \
-          decomp_ticket.c \
-          lifetime.c \
-          month_sname.c \
-	  stime.c \
-          read_service_key.c \
-          getst.c \
-          sendauth.c \
-          netread.c \
-          netwrite.c \
-          rd_priv.c \
-          krb_equiv.c \
-          str2key.c \
-          get_ad_tkt.c \
-          mk_req.c \
-          get_cred.c \
-          get_tf_realm.c \
-          get_tf_fullname.c \
-          one.c \
-          save_credentials.c \
-          send_to_kdc.c \
-	  get_host.c \
-          get_krbrlm.c \
-          k_gethostname.c \
-          tf_util.c \
-          debug_decl.c \
-          k_flock.c \
-          tkt_string.c \
-          getaddrs.c \
-          k_getsockinst.c \
-	  k_getport.c \
-	  lsb_addr_comp.c \
-	  name2name.c \
-	  get_default_principal.c \
-	  realm_parse.c \
-	  verify_user.c \
-	  rw.c \
-	  kdc_reply.c \
-	  encrypt_ktext.c \
-	  swab.c \
-	  gettimeofday.c \
-	  check_time.c \
-	  krb_err.c \
-	  et_list.c \
-	  resolve.c \
-	  unparse_name.c \
-	  logging.c \
-	  k_concat.c
-
-#	  these files reside in ../roken
-#	  snprintf.c \
-#	  strdup.c \
-#	  strtok_r.c \
-#	  strcasecmp.c
-
-OBJECTS = cr_err_reply.o \
-          create_auth_reply.o \
-          create_ciph.o \
-          create_death_packet.o \
-          create_ticket.o \
-          dest_tkt.o \
-          get_in_tkt.o \
-          get_svc_in_tkt.o \
-          getrealm.o \
-          k_localtime.o \
-          krb_err_txt.o \
-          krb_get_in_tkt.o \
-          kuserok.o \
-	  parse_name.o \
-          kntoln.o \
-	  mk_auth.o \
-	  krb_check_auth.o \
-          mk_err.o \
-          mk_safe.o \
-          rd_err.o \
-          rd_safe.o \
-          recvauth.o \
-          mk_priv.o \
-          rd_req.o \
-          decomp_ticket.o \
-          lifetime.o \
-          month_sname.o \
-	  stime.o \
-          read_service_key.o \
-          getst.o \
-          sendauth.o \
-          netread.o \
-          netwrite.o \
-          rd_priv.o \
-          krb_equiv.o \
-          str2key.o \
-          get_ad_tkt.o \
-          mk_req.o \
-          get_cred.o \
-          get_tf_realm.o \
-          get_tf_fullname.o \
-          one.o \
-          save_credentials.o \
-          send_to_kdc.o \
-	  get_host.o \
-          get_krbrlm.o \
-          k_gethostname.o \
-          tf_util.o \
-          debug_decl.o \
-          k_flock.o \
-          tkt_string.o \
-          getaddrs.o \
-          k_getsockinst.o \
-	  k_getport.o \
-	  lsb_addr_comp.o \
-	  name2name.o \
-	  get_default_principal.o \
-	  realm_parse.o \
-	  verify_user.o \
-	  rw.o \
-	  kdc_reply.o \
-	  encrypt_ktext.o \
-	  swab.o \
-	  gettimeofday.o \
-	  check_time.o \
-	  krb_err.o \
-	  resolve.o \
-	  unparse_name.o \
-	  logging.o \
-	  k_concat.o \
-	  snprintf.o \
-	  strdup.o \
-	  strtok_r.o \
-	  strcasecmp.o
-
-# This is only needed by some shared library implementations
-LDOBJ = et_list.o
-
-all: $(LIB) $(PROGS)
+SOURCES = \
+	check_time.c \
+	cr_err_reply.c \
+	create_auth_reply.c \
+	create_ciph.c \
+	create_death_packet.c \
+	create_ticket.c \
+	debug_decl.c \
+	decomp_ticket.c \
+	dest_tkt.c \
+	encrypt_ktext.c \
+	extra.c \
+	get_ad_tkt.c \
+	getfile.c \
+	get_cred.c \
+	get_default_principal.c \
+	get_host.c \
+	get_in_tkt.c \
+	get_krbrlm.c \
+	get_svc_in_tkt.c \
+	get_tf_fullname.c \
+	get_tf_realm.c \
+	getaddrs.c \
+	getrealm.c \
+	getst.c \
+	k_getport.c \
+	k_getsockinst.c \
+	k_localtime.c \
+	kdc_reply.c \
+	kntoln.c \
+	krb_check_auth.c \
+	krb_equiv.c \
+	krb_err.c \
+	krb_err_txt.c \
+	krb_get_in_tkt.c \
+	kuserok.c \
+	lifetime.c \
+	logging.c \
+	lsb_addr_comp.c \
+	mk_auth.c \
+	mk_err.c \
+	mk_priv.c \
+	mk_req.c \
+	mk_safe.c \
+	month_sname.c \
+	name2name.c \
+	krb_net_read.c \
+	krb_net_write.c \
+	one.c \
+	parse_name.c \
+	rd_err.c \
+	rd_priv.c \
+	rd_req.c \
+	rd_safe.c \
+	read_service_key.c \
+	realm_parse.c \
+	recvauth.c \
+	rw.c \
+	save_credentials.c \
+	send_to_kdc.c \
+	sendauth.c \
+	solaris_compat.c \
+	stime.c \
+	str2key.c \
+	tf_util.c \
+	time.c \
+	tkt_string.c \
+	unparse_name.c \
+	verify_user.c
+
+# these files reside in ../roken or ../com_err/
+EXTRA_SOURCE = \
+	base64.c \
+	concat.c \
+	flock.c \
+	gethostname.c \
+	gettimeofday.c \
+	getuid.c \
+	resolve.c \
+	snprintf.c \
+	strcasecmp.c \
+	strcat_truncate.c \
+	strcpy_truncate.c \
+	strdup.c \
+	strncasecmp.c \
+	strnlen.c \
+	strtok_r.c \
+	swab.c
+
+SHLIB_EXTRA_SOURCE = \
+	com_err.c \
+	error.c
+  
+OBJECTS = \
+	check_time.o \
+	cr_err_reply.o \
+	create_auth_reply.o \
+	create_ciph.o \
+	create_death_packet.o \
+	create_ticket.o \
+	debug_decl.o \
+	decomp_ticket.o \
+	dest_tkt.o \
+	encrypt_ktext.o \
+	extra.o \
+	get_ad_tkt.o \
+	getfile.o \
+	get_cred.o \
+	get_default_principal.o \
+	get_host.o \
+	get_in_tkt.o \
+	get_krbrlm.o \
+	get_svc_in_tkt.o \
+	get_tf_fullname.o \
+	get_tf_realm.o \
+	getaddrs.o \
+	getrealm.o \
+	getst.o \
+	k_getport.o \
+	k_getsockinst.o \
+	k_localtime.o \
+	kdc_reply.o \
+	kntoln.o \
+	krb_check_auth.o \
+	krb_equiv.o \
+	krb_err.o \
+	krb_err_txt.o \
+	krb_get_in_tkt.o \
+	kuserok.o \
+	lifetime.o \
+	logging.o \
+	lsb_addr_comp.o \
+	mk_auth.o \
+	mk_err.o \
+	mk_priv.o \
+	mk_req.o \
+	mk_safe.o \
+	month_sname.o \
+	name2name.o \
+	krb_net_read.o \
+	krb_net_write.o \
+	one.o \
+	parse_name.o \
+	rd_err.o \
+	rd_priv.o \
+	rd_req.o \
+	rd_safe.o \
+	read_service_key.o \
+	realm_parse.o \
+	recvauth.o \
+	rw.o \
+	save_credentials.o \
+	send_to_kdc.o \
+	sendauth.o \
+	solaris_compat.o \
+	stime.o \
+	str2key.o \
+	tf_util.o \
+	time.o \
+	tkt_string.o \
+	unparse_name.o \
+	verify_user.o \
+	$(LIBADD)
+
+LIBADD = \
+	base64.o \
+	concat.o \
+	flock.o \
+	gethostname.o \
+	gettimeofday.o \
+	getuid.o \
+	net_read.o \
+	net_write.o \
+	resolve.o \
+	snprintf.o \
+	strcasecmp.o \
+	strcat_truncate.o \
+	strcpy_truncate.o \
+	strdup.o \
+	strncasecmp.o \
+	strnlen.o \
+	strtok_r.o \
+	swab.o
+
+SHLIB_LIBADD = \
+	com_err.o \
+	error.o
+
+all: $(LIB) $(PROGS) all-local
 
 Wall:
-		make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
+	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
+	@install_symlink_command@
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
+	@for i in $(inc_DATA); do \
+	echo "  $(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i";\
+	$(INSTALL_DATA) $$i $(DESTDIR)$(incdir)/$$i; done
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	rm -f $(DESTDIR)$(libdir)/$(LIB)
+	@for i in $(inc_DATA); do \
+	echo "  rm -f $(DESTDIR)$(incdir)/$$i";\
+	rm -f $(DESTDIR)$(incdir)/$$i; done
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -217,13 +270,14 @@ sizetest.o: sizetest.c
 	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $<
 
 sizetest$(EXECSUFFIX): sizetest.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o
 
 check: sizetest$(EXECSUFFIX)
 	./sizetest$(EXECSUFFIX)
 
 clean:
-	rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) 
+	rm -f $(LIB) *.o *.a *.so *.so.* so_locations \
+	 krb_err.c krb_err.h $(PROGS)  $(EXTRA_SOURCE) $(SHLIB_EXTRA_SOURCE)
 
 mostlyclean: clean
 
@@ -233,37 +287,77 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
 	-$(RANLIB) $@
 
-$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ)
+$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD)
 	rm -f $@
-	$(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES)
+	$(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS)
+	@build_symlink_command@
 
 krb_err.c krb_err.h: krb_err.et
-	test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .)
-	$(COMPILE_ET) krb_err.et
-
+	$(COMPILE_ET) $(srcdir)/krb_err.et
+
+# this doesn't work with parallel makes
+#$(EXTRA_SOURCE):
+#	for i in $(EXTRA_SOURCE); do \
+#	  test -f $$i || $(LN_S) $(srcdir)/../roken/$$i .; \
+#	done
+
+base64.c:
+	$(LN_S) $(srcdir)/../roken/base64.c .
+concat.c:
+	$(LN_S) $(srcdir)/../roken/concat.c .
+flock.c:
+	$(LN_S) $(srcdir)/../roken/flock.c .
+gethostname.c:
+	$(LN_S) $(srcdir)/../roken/gethostname.c .
+gettimeofday.c:
+	$(LN_S) $(srcdir)/../roken/gettimeofday.c .
+getuid.c:
+	$(LN_S) $(srcdir)/../roken/getuid.c .
 snprintf.c:
 	$(LN_S) $(srcdir)/../roken/snprintf.c .
-
+strcasecmp.c:
+	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
+strcat_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcat_truncate.c .
+strcpy_truncate.c:
+	$(LN_S) $(srcdir)/../roken/strcpy_truncate.c .
+strncasecmp.c:
+	$(LN_S) $(srcdir)/../roken/strncasecmp.c .
+strnlen.c:
+	$(LN_S) $(srcdir)/../roken/strnlen.c .
 strdup.c:
 	$(LN_S) $(srcdir)/../roken/strdup.c .
-
 strtok_r.c:
 	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+swab.c:
+	$(LN_S) $(srcdir)/../roken/swab.c .
+resolve.c:
+	$(LN_S) $(srcdir)/../roken/resolve.c .
+net_read.c:
+	$(LN_S) $(srcdir)/../roken/net_read.c .
+net_write.c:
+	$(LN_S) $(srcdir)/../roken/net_write.c .
+com_err.c:
+	$(LN_S) $(srcdir)/../com_err/com_err.c .
+error.c:
+	$(LN_S) $(srcdir)/../com_err/error.c .
 
-strcasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
 
 $(OBJECTS): ../../include/config.h
-$(OBJECTS): krb_locl.h krb.h krb_err.h
-one.o: ../../include/version.h
+$(OBJECTS): krb_locl.h krb.h
+rw.o: ../../include/version.h
+
+all-local: $(inc_DATA)
+	@for i in $(inc_DATA); do \
+		if cmp -s  $$i $(idir)/$$i 2> /dev/null ; then :; else\
+			echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
+			$(INSTALL_DATA) $$i $(idir)/$$i; \
+		fi ; \
+	done
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean all-local
diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c
index 2c1956a..3e82659 100644
--- a/crypto/kerberosIV/lib/krb/cr_err_reply.c
+++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $");
+RCSID("$Id: cr_err_reply.c,v 1.10 1998/06/09 19:25:16 joda Exp $");
 
 /*
  * This routine is used by the Kerberos authentication server to
@@ -74,26 +74,54 @@ RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $");
  * string		e_string	   error text
  */
 
-void
+int
 cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, 
 	     u_int32_t time_ws, u_int32_t e, char *e_string)
 {
     unsigned char *p = pkt->dat;
-    
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1);
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_ERR_REPLY, p, rem, 1);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
 
     if (pname == NULL) pname = "";
     if (pinst == NULL) pinst = "";
     if (prealm == NULL) prealm = "";
 
-    p += krb_put_nir(pname, pinst, prealm, p);
-    
-    p += krb_put_int(time_ws, p, 4);
+    tmp = krb_put_nir(pname, pinst, prealm, p, rem);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_int(e, p, 4);
+    tmp = krb_put_int(e, p, rem, 4);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_string(e_string, p);
+    tmp = krb_put_string(e_string, p, rem);
+    if (tmp < 0)
+	return -1;
+    p += tmp;
+    rem -= tmp;
 
     pkt->length = p - pkt->dat;
+    return 0;
 }
diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c
index 4976c46..f10d34c 100644
--- a/crypto/kerberosIV/lib/krb/create_auth_reply.c
+++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $");
+RCSID("$Id: create_auth_reply.c,v 1.14 1998/06/13 00:06:59 assar Exp $");
 
 /*
  * This routine is called by the Kerberos authentication server
@@ -98,32 +98,65 @@ create_auth_reply(char *pname,	/* Principal's name */
     KTEXT pkt = &pkt_st;
     
     unsigned char *p = pkt->dat;
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
 
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1);
-
-    if(n != 0){
-	/* barf on old code */
-	krb_warning("create_auth_reply: don't give me no krb3 crap!"
-		    " (n == %d)\n", n);
+    if(n != 0)
+	return NULL;
+    
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
 	return NULL;
-    }
+    p += tmp;
+    rem -= tmp;
 
+    tmp = krb_put_int(AUTH_MSG_KDC_REPLY, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_nir(pname, pinst, prealm, p);
+    tmp = krb_put_nir(pname, pinst, prealm, p, rem);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_int(time_ws, p, 4);
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
     
-    p += krb_put_int(n, p, 1);
+    tmp = krb_put_int(n, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
     
-    p += krb_put_int(x_date, p, 4);
+    tmp = krb_put_int(x_date, p, rem, 4);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
     
-    p += krb_put_int(kvno, p, 1);
+    tmp = krb_put_int(kvno, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
     
-    p += krb_put_int(cipher->length, p, 2);
+    tmp = krb_put_int(cipher->length, p, rem, 2);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
     
+    if (rem < cipher->length)
+	return NULL;
     memcpy(p, cipher->dat, cipher->length);
     p += cipher->length;
+    rem -= cipher->length;
 
     pkt->length = p - pkt->dat;
 
diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c
index 27d27ff..c22f01e 100644
--- a/crypto/kerberosIV/lib/krb/create_ciph.c
+++ b/crypto/kerberosIV/lib/krb/create_ciph.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $");
+RCSID("$Id: create_ciph.c,v 1.12 1998/07/24 06:32:53 assar Exp $");
 
 /*
  * This routine is used by the authentication server to create
@@ -91,23 +91,53 @@ create_ciph(KTEXT c,		/* Text block to hold ciphertext */
 
 {
     unsigned char *p = c->dat;
+    size_t rem = sizeof(c->dat);
+    int tmp;
 
     memset(c, 0, sizeof(KTEXT_ST));
 
+    if (rem < 8)
+	return KFAILURE;
     memcpy(p, session, 8);
     p += 8;
+    rem -= 8;
     
-    p += krb_put_nir(service, instance, realm, p);
+    tmp = krb_put_nir(service, instance, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
     
-    p += krb_put_int(life, p, 1);
-    p += krb_put_int(kvno, p, 1);
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(kvno, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_int(tkt->length, p, 1);
+    tmp = krb_put_int(tkt->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
+    if (rem < tkt->length)
+	return KFAILURE;
     memcpy(p, tkt->dat, tkt->length);
     p += tkt->length;
+    rem -= tkt->length;
 
-    p += krb_put_int(kdc_time, p, 4);
+    tmp = krb_put_int(kdc_time, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     /* multiple of eight bytes */
     c->length = (p - c->dat + 7) & ~7;
diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c
index f74ba30..ddc4c9a 100644
--- a/crypto/kerberosIV/lib/krb/create_death_packet.c
+++ b/crypto/kerberosIV/lib/krb/create_death_packet.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $");
+RCSID("$Id: create_death_packet.c,v 1.9 1998/06/09 19:25:17 joda Exp $");
 
 /*
  * This routine creates a packet to type AUTH_MSG_DIE which is sent to
@@ -74,11 +74,29 @@ krb_create_death_packet(char *a_name)
     KTEXT pkt = &pkt_st;
 
     unsigned char *p = pkt->dat;
-    
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_DIE, p, 1);
-    
-    p += krb_put_string(a_name, p);
+    int tmp;
+    int rem = sizeof(pkt->dat);
+
+    pkt->length = 0;
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_DIE, p, rem, 1);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(a_name, p, rem);
+    if (tmp < 0)
+	return NULL;
+    p += tmp;
+    rem -= tmp;
+
     pkt->length = p - pkt->dat;
     return pkt;
 }
diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c
index b469232..822cfbb 100644
--- a/crypto/kerberosIV/lib/krb/create_ticket.c
+++ b/crypto/kerberosIV/lib/krb/create_ticket.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $");
+RCSID("$Id: create_ticket.c,v 1.13 1998/06/09 19:25:17 joda Exp $");
 
 /*
  * Create ticket takes as arguments information that should be in a
@@ -103,21 +103,52 @@ krb_create_ticket(KTEXT tkt,	/* Gets filled in by the ticket */
 		  des_cblock *key) /* Service's secret key */
 {
     unsigned char *p = tkt->dat;
+    int tmp;
+    size_t rem = sizeof(tkt->dat);
 
     memset(tkt, 0, sizeof(KTEXT_ST));
 
-    p += krb_put_int(flags, p, 1);
-    p += krb_put_nir(pname, pinstance, prealm, p);
+    tmp = krb_put_int(flags, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(pname, pinstance, prealm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
     
-    p += krb_put_address(paddress, p);
+    tmp = krb_put_address(paddress, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
     
+    if (rem < 8)
+	return KFAILURE;
     memcpy(p, session, 8);
     p += 8;
+    rem -= 8;
+
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_int(life, p, 1);
-    p += krb_put_int(time_sec, p, 4);
+    tmp = krb_put_int(time_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_nir(sname, sinstance, NULL, p);
+    tmp = krb_put_nir(sname, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     /* multiple of eight bytes */
     tkt->length = (p - tkt->dat + 7) & ~7;
diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c
index 5358bcb..5cbab77 100644
--- a/crypto/kerberosIV/lib/krb/debug_decl.c
+++ b/crypto/kerberosIV/lib/krb/debug_decl.c
@@ -21,9 +21,24 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $");
+RCSID("$Id: debug_decl.c,v 1.10 1999/06/16 15:10:38 joda Exp $");
 
 /* Declare global debugging variables. */
 
 int krb_ap_req_debug = 0;
 int krb_debug = 0;
+int krb_dns_debug = 0;
+
+int
+krb_enable_debug(void)
+{
+    krb_ap_req_debug = krb_debug = krb_dns_debug = 1;
+    return 0;
+}
+
+int
+krb_disable_debug(void)
+{
+    krb_ap_req_debug = krb_debug = krb_dns_debug = 0;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c
index 8e556a3..b62e978 100644
--- a/crypto/kerberosIV/lib/krb/decomp_ticket.c
+++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $");
+RCSID("$Id: decomp_ticket.c,v 1.19 1998/11/22 09:42:36 assar Exp $");
 
 /*
  * This routine takes a ticket and pointers to the variables that
@@ -82,19 +82,22 @@ decomp_ticket(KTEXT tkt,	/* The ticket to be decoded */
 
     *flags = *p++;
 
-    little_endian = (*flags >> K_FLAG_ORDER) & 1;
+    little_endian = *flags & 1;
 
     if(strlen((char*)p) > ANAME_SZ)
 	return KFAILURE;
-    p += krb_get_string(p, pname);
+    p += krb_get_string(p, pname, ANAME_SZ);
 
     if(strlen((char*)p) > INST_SZ)
 	return KFAILURE;
-    p += krb_get_string(p, pinstance);
+    p += krb_get_string(p, pinstance, INST_SZ);
 
     if(strlen((char*)p) > REALM_SZ)
 	return KFAILURE;
-    p += krb_get_string(p, prealm);
+    p += krb_get_string(p, prealm, REALM_SZ);
+
+    if (*prealm == '\0')
+	krb_get_lrealm (prealm, 1);
 
     if(tkt->length - (p - tkt->dat) < 8 + 1 + 4)
 	return KFAILURE;
@@ -109,11 +112,11 @@ decomp_ticket(KTEXT tkt,	/* The ticket to be decoded */
 
     if(strlen((char*)p) > SNAME_SZ)
 	return KFAILURE;
-    p += krb_get_string(p, sname);
+    p += krb_get_string(p, sname, SNAME_SZ);
 
     if(strlen((char*)p) > INST_SZ)
 	return KFAILURE;
-    p += krb_get_string(p, sinstance);
+    p += krb_get_string(p, sinstance, INST_SZ);
 
     return KSUCCESS;
 }
diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c
index e98b7dc..9d653cd 100644
--- a/crypto/kerberosIV/lib/krb/dllmain.c
+++ b/crypto/kerberosIV/lib/krb/dllmain.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -45,7 +45,7 @@
 #include "ticket_memory.h"
 #include <Windows.h>
 
-RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $");
+RCSID("$Id: dllmain.c,v 1.8 1998/07/13 14:29:33 assar Exp $");
 
 void
 msg(char *text, int error)
@@ -55,12 +55,28 @@ msg(char *text, int error)
     asprintf (&buf, "%s\nAn error of type: %d", text, error);
 
     MessageBox(GetActiveWindow(),
-	       buf ? buf : "can't tell you",
+	       buf ? buf : "Out of memory!",
 	       "kerberos message",
 	       MB_OK|MB_APPLMODAL);
     free (buf);
 }
 
+void
+PostUpdateMessage(void)
+{
+	HWND		hWnd;
+	static UINT km_message;
+	
+    if(km_message == 0)
+        km_message = RegisterWindowMessage("krb4-update-cache");
+
+	hWnd = FindWindow("KrbManagerWndClass", NULL);
+	if (hWnd == NULL)
+		hWnd = HWND_BROADCAST;
+	PostMessage(hWnd, km_message, 0, 0);
+}
+
+
 BOOL WINAPI
 DllMain (HANDLE hInst, 
 	 ULONG reason,
@@ -90,35 +106,35 @@ DllMain (HANDLE hInst,
 	}
 	if(GetLastError() != ERROR_ALREADY_EXISTS)
 	{
-	    STARTUPINFO s = 
-	    {
+	    STARTUPINFO s = {
 		sizeof(s),
-		0,
-		0,
-		0,
+		NULL,
+		NULL,
+		NULL,
 		0,0,
 		0,0,
 		0,0,
 		0,
-		0,
-		0,
-		0,0,
-		0,0,0};
+		STARTF_USESHOWWINDOW,
+		SW_SHOWMINNOACTIVE,
+		0, NULL,
+		NULL, NULL, NULL
+	    };
 
-	    s.dwFlags = STARTF_USESHOWWINDOW;
-	    s.wShowWindow = SW_HIDE;
 	    if(!CreateProcess(0,"krbmanager",
 			      0,0,FALSE,0,0,
-			      0,&s, &p))
-	    {
-		msg("Unable to create kerberos manager process.\n"
+			      0,&s, &p)) {
+#if 0
+		msg("Unable to create Kerberos manager process.\n"
 		    "Make sure krbmanager.exe is in your PATH.",
 		    GetLastError());
 		return FALSE;
+#endif
 	    }
 	}
 	break;
     case DLL_PROCESS_DETACH:
+	/* should this really be done here? */
 	freeTktMem(0);
 	WSACleanup();
 	break;
diff --git a/crypto/kerberosIV/lib/krb/extra.c b/crypto/kerberosIV/lib/krb/extra.c
new file mode 100644
index 0000000..eb13c43
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/extra.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: extra.c,v 1.6 1998/07/24 07:18:47 assar Exp $");
+
+struct value {
+    char *variable;
+    char *value;
+    struct value *next;
+};
+
+static struct value *_extra_values;
+
+static int _krb_extra_read = 0;
+
+static int
+define_variable(const char *variable, const char *value)
+{
+    struct value *e;
+    e = malloc(sizeof(*e));
+    if(e == NULL)
+	return ENOMEM;
+    e->variable = strdup(variable);
+    if(e->variable == NULL) {
+	free(e);
+	return ENOMEM;
+    }
+    e->value = strdup(value);
+    if(e->value == NULL) {
+	free(e->variable);
+	free(e);
+	return ENOMEM;
+    }
+    e->next = _extra_values;
+    _extra_values = e;
+    return 0;
+}
+
+#ifndef WIN32
+
+struct obsolete {
+    const char *from;
+    const char *to;
+} obsolete [] = {
+    { "KDC_TIMESYNC", "kdc_timesync" },
+    { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
+    { "krb4_proxy", "krb4_proxy"},
+    { NULL, NULL }
+};
+    
+static void
+check_obsolete(void)
+{
+    struct obsolete *r;
+    for(r = obsolete; r->from; r++) {
+	if(getenv(r->from)) {
+	    krb_warning("The environment variable `%s' is obsolete;\n"
+			"set `%s' in your `krb.extra' file instead\n", 
+			r->from, r->to);
+	    define_variable(r->to, getenv(r->from));
+	}
+    }
+}
+
+static int
+read_extra_file(void)
+{
+    int i = 0;
+    char file[128];
+    char line[1024];
+    if(_krb_extra_read)
+	return 0;
+    _krb_extra_read = 1;
+    check_obsolete();
+    while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
+	FILE *f = fopen(file, "r");
+	if(f == NULL)
+	    continue;
+	while(fgets(line, sizeof(line), f)) {
+	    char *var, *tmp, *val;
+
+	    /* skip initial whitespace */
+	    var = line + strspn(line, " \t");
+	    /* skip non-whitespace */
+	    tmp = var + strcspn(var, " \t=");
+	    /* skip whitespace */
+	    val = tmp + strspn(tmp, " \t=");
+	    *tmp = '\0';
+	    tmp = val + strcspn(val, " \t\n");
+	    *tmp = '\0';
+	    if(*var == '\0' || *var == '#' || *val == '\0')
+		continue;
+	    if(krb_debug)
+		krb_warning("%s: setting `%s' to `%s'\n", file, var, val);
+	    define_variable(var, val);
+	}
+	fclose(f);
+	return 0;
+    }
+    return ENOENT;
+}
+
+#else /* WIN32 */
+
+static int
+read_extra_file(void)
+{
+    char name[1024], data[1024];
+    DWORD name_sz, data_sz;
+    DWORD type;
+    int num = 0;
+    HKEY reg_key;
+
+    if(_krb_extra_read)
+	return 0;
+    _krb_extra_read = 1;
+
+    if(RegCreateKey(HKEY_CURRENT_USER, "krb4", &reg_key) != 0)
+	return -1;
+	
+
+    while(1) {
+	name_sz = sizeof(name);
+	data_sz = sizeof(data);
+	if(RegEnumValue(reg_key,
+			num++,
+			name,
+			&name_sz,
+			NULL,
+			&type,
+			data,
+			&data_sz) != 0)
+	    break;
+	if(type == REG_SZ)
+	    define_variable(name, data);
+    }
+    RegCloseKey(reg_key);
+    return 0;
+}
+
+#endif
+
+static const char*
+find_variable(const char *variable)
+{
+    struct value *e;
+    for(e = _extra_values; e; e = e->next) {
+	if(strcasecmp(variable, e->variable) == 0)
+	    return e->value;
+    }
+    return NULL;
+}
+
+const char *
+krb_get_config_string(const char *variable)
+{
+    read_extra_file();
+    return find_variable(variable);
+}
+
+int
+krb_get_config_bool(const char *variable)
+{
+    const char *value = krb_get_config_string(variable);
+    if(value == NULL)
+	return 0;
+    return strcasecmp(value, "yes") == 0 || 
+	strcasecmp(value, "true") == 0 ||
+	atoi(value);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
index 9590760..a10018e 100644
--- a/crypto/kerberosIV/lib/krb/get_ad_tkt.c
+++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $");
+RCSID("$Id: get_ad_tkt.c,v 1.20 1998/11/22 09:42:55 assar Exp $");
 
 /*
  * get_ad_tkt obtains a new service ticket from Kerberos, using
@@ -86,6 +86,8 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
     u_int32_t time_ws = 0;
     int kerror;
     unsigned char *p;
+    size_t rem;
+    int tmp;
 
     /*
      * First check if we have a "real" TGT for the corresponding
@@ -93,9 +95,9 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
      */
 
     kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr);
-    if (kerror == KSUCCESS)
-      strncpy(lrealm, realm, REALM_SZ);
-    else
+    if (kerror == KSUCCESS) {
+      strcpy_truncate(lrealm, realm, REALM_SZ);
+    } else
       kerror = krb_get_tf_realm(TKT_FILE, lrealm);
     
     if (kerror != KSUCCESS)
@@ -119,11 +121,12 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
 	else{
 	    if ((kerror = 
 		 get_ad_tkt(KRB_TICKET_GRANTING_TICKET,
-			    realm, lrealm, lifetime)) != KSUCCESS)
+			    realm, lrealm, lifetime)) != KSUCCESS) {
 		if (kerror == KDC_PR_UNKNOWN)
 		  return(AD_INTR_RLM_NOTGT);
 		else
 		  return(kerror);
+	    }
 	    if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
 				       realm, lrealm, &cr)) != KSUCCESS)
 		return(kerror);
@@ -144,10 +147,25 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
 	return(AD_NOTGT);
 
     p = pkt->dat + pkt->length;
-
-    p += krb_put_int(time_ws, p, 4);
-    p += krb_put_int(lifetime, p, 1);
-    p += krb_put_nir(service, sinstance, NULL, p);
+    rem = sizeof(pkt->dat) - pkt->length;
+
+    tmp = krb_put_int(time_ws, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(lifetime, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(service, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
     
     pkt->length = p - pkt->dat;
     rpkt->length = 0;
@@ -176,7 +194,7 @@ get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
 	    strcmp(cred.realm, realm))	/* not what we asked for */
 	    return INTK_ERR;	/* we need a better code here XXX */
 	
-	gettimeofday(&tv, NULL);
+	krb_kdctimeofday(&tv);
 	if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
 	    return RD_AP_TIME; /* XXX should probably be better code */
 	}
diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c
index 1a0016c..085184b 100644
--- a/crypto/kerberosIV/lib/krb/get_cred.c
+++ b/crypto/kerberosIV/lib/krb/get_cred.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $");
+RCSID("$Id: get_cred.c,v 1.7 1997/12/15 17:12:55 assar Exp $");
 
 /*
  * krb_get_cred takes a service name, instance, and realm, and a
@@ -41,7 +41,7 @@ krb_get_cred(char *service,	/* Service name */
     int tf_status;              /* return value of tf function calls */
     CREDENTIALS cr;
 
-    if (c == 0)
+    if (c == NULL)
         c = &cr;
 
     /* Open ticket file and lock it for shared reading */
diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c
index 3a111ea..f9e18a1 100644
--- a/crypto/kerberosIV/lib/krb/get_default_principal.c
+++ b/crypto/kerberosIV/lib/krb/get_default_principal.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,14 +38,13 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $");
+RCSID("$Id: get_default_principal.c,v 1.12 1999/03/13 21:24:51 assar Exp $");
 
 int
 krb_get_default_principal(char *name, char *instance, char *realm)
 {
   char *file;
   int ret;
-
   char *p;
 
   if ((file = getenv("KRBTKFILE")) == NULL)
@@ -58,7 +57,6 @@ krb_get_default_principal(char *name, char *instance, char *realm)
   p = getenv("KRB4PRINCIPAL");
   if(p && kname_parse(name, instance, realm, p) == KSUCCESS)
       return 1;
-      
 
 #ifdef HAVE_PWD_H
   {
@@ -68,11 +66,11 @@ krb_get_default_principal(char *name, char *instance, char *realm)
       return -1;
     }
 
-    strcpy(name, pw->pw_name);
-    strcpy(instance, "");
+    strcpy_truncate (name, pw->pw_name, ANAME_SZ);
+    strcpy_truncate (instance, "", INST_SZ);
     krb_get_lrealm(realm, 1);
 
-    if(strcmp(name, "root") == 0){
+    if(strcmp(name, "root") == 0) {
       p = NULL;
 #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
       p = getlogin();
@@ -82,13 +80,13 @@ krb_get_default_principal(char *name, char *instance, char *realm)
       if(p == NULL)
 	p = getenv("LOGNAME");
       if(p){
-	strncpy (name, p, ANAME_SZ);
-	name[ANAME_SZ - 1] = '\0';
-	strcpy(instance, "root");
+	  strcpy_truncate (name, p, ANAME_SZ);
+	  strcpy_truncate (instance, "root", INST_SZ);
       }
     }
     return 1;
   }
-#endif
+#else
   return -1;
+#endif
 }
diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c
index de80ac4..aa5fb51 100644
--- a/crypto/kerberosIV/lib/krb/get_host.c
+++ b/crypto/kerberosIV/lib/krb/get_host.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $");
+RCSID("$Id: get_host.c,v 1.45 1999/06/29 21:18:02 bg Exp $");
 
 static struct host_list {
     struct krb_host *this;
@@ -63,29 +63,42 @@ free_hosts(struct host_list *h)
 }
 
 static int
-parse_address(char *address, int *proto, char **host, int *port)
+parse_address(char *address, enum krb_host_proto *proto,
+	      char **host, int *port)
 {
     char *p, *q;
-    p = strchr(address, '/');
-    *proto = IPPROTO_UDP;
-    if(p){
-	char prot[32];
-	struct protoent *pp;
-	strncpy(prot, address, p - address);
-	prot[p - address] = 0;
-	if((pp = getprotobyname(prot)))
-	    *proto = pp->p_proto;
-	else
-	    krb_warning("Bad protocol name `%s', Using default `udp'.\n", 
-			prot);
-	p++;
-    }else
-	p = address;
+    int default_port = krb_port;
+    *proto = PROTO_UDP;
+    if(strncmp(address, "http://", 7) == 0){
+	p = address + 7;
+	*proto = PROTO_HTTP;
+	default_port = 80;
+    }else{
+	p = strchr(address, '/');
+	if(p){
+	    char prot[32];
+	    strcpy_truncate (prot, address,
+			     min(p - address + 1, sizeof(prot)));
+	    if(strcasecmp(prot, "udp") == 0) 
+		*proto = PROTO_UDP;
+	    else if(strcasecmp(prot, "tcp") == 0)
+		*proto = PROTO_TCP;
+	    else if(strcasecmp(prot, "http") == 0) {
+		*proto = PROTO_HTTP;
+		default_port = 80;
+	    } else
+		krb_warning("Unknown protocol `%s', Using default `udp'.\n", 
+			    prot);
+	    p++;
+	}else
+	    p = address;
+    }
     q = strchr(p, ':');
-    if(q){
-	*host = (char*)malloc(q - p + 1);
-	strncpy(*host, p, q - p);
-	(*host)[q - p] = 0;
+    if(q) {
+	*host = malloc(q - p + 1);
+	if (*host == NULL)
+	    return -1;
+	strcpy_truncate (*host, p, q - p + 1);
 	q++;
 	{
 	    struct servent *sp = getservbyname(q, NULL);
@@ -98,25 +111,49 @@ parse_address(char *address, int *proto, char **host, int *port)
 		    *port = krb_port;
 		}
 	}
-    }else{
-	*host = strdup(p);
-	*port = krb_port;
+    } else {
+	*port = default_port;
+	q = strchr(p, '/');
+	if (q) {
+	    *host = malloc(q - p + 1);
+	    if (*host == NULL)
+		return -1;
+	    strcpy_truncate (*host, p, q - p + 1);
+	} else {
+	    *host = strdup(p);
+	    if(*host == NULL)
+		return -1;
+	}
     }
     return 0;
 }
 
 static int
-add_host(char *realm, char *address, int admin, int validate)
+add_host(const char *realm, char *address, int admin, int validate)
 {
     struct krb_host *host;
     struct host_list *p, **last = &hosts;
+
     host = (struct krb_host*)malloc(sizeof(struct krb_host));
-    parse_address(address, &host->proto, &host->host, &host->port);
-    if(validate && gethostbyname(host->host) == NULL){
-	free(host->host);
+    if (host == NULL)
+	return 1;
+    if(parse_address(address, &host->proto, &host->host, &host->port) < 0) {
 	free(host);
 	return 1;
     }
+    if (validate) {
+	if (krb_dns_debug)
+	    krb_warning("Getting host entry for %s...", host->host);
+	if (gethostbyname(host->host) == NULL) {
+	    if (krb_dns_debug)
+		krb_warning("Didn't get it.\n");
+	    free(host->host);
+	    free(host);
+	    return 1;
+	}
+	else if (krb_dns_debug)
+	    krb_warning("Got it.\n");
+    }
     host->admin = admin;
     for(p = hosts; p; p = p->next){
 	if(strcmp(realm, p->this->realm) == 0 &&
@@ -130,57 +167,106 @@ add_host(char *realm, char *address, int admin, int validate)
 	last = &p->next;
     }
     host->realm = strdup(realm);
+    if (host->realm == NULL) {
+	free(host->host);
+	free(host);
+	return 1;
+    }
     p = (struct host_list*)malloc(sizeof(struct host_list));
+    if (p == NULL) {
+	free(host->realm);
+	free(host->host);
+	free(host);
+	return 1;
+    }
     p->this = host;
     p->next = NULL;
     *last = p;
     return 0;
 }
 
-
-
 static int
 read_file(const char *filename, const char *r)
 {
     char line[1024];
-    char realm[1024];
-    char address[1024];
-    char scratch[1024];
-    int n;
     int nhosts = 0;
-    
     FILE *f = fopen(filename, "r");
+
     if(f == NULL)
 	return -1;
-    while(fgets(line, sizeof(line), f)){
-	n = sscanf(line, "%s %s admin %s", realm, address, scratch);
-	if(n == 2 || n == 3){
-	    if(strcmp(realm, r))
-		continue;
-	    if(add_host(realm, address, n == 3, 0) == 0)
-		nhosts++;
-	}
+    while(fgets(line, sizeof(line), f) != NULL) {
+	char *realm, *address, *admin;
+	char *save;
+	
+	realm = strtok_r (line, " \t\n\r", &save);
+	if (realm == NULL)
+	    continue;
+	if (strcmp(realm, r))
+	    continue;
+	address = strtok_r (NULL, " \t\n\r", &save);
+	if (address == NULL)
+	    continue;
+	admin = strtok_r (NULL, " \t\n\r", &save);
+	if (add_host(realm,
+		     address,
+		     admin != NULL && strcasecmp(admin, "admin") == 0,
+		     0) == 0)
+	    ++nhosts;
     }
     fclose(f);
     return nhosts;
 }
 
+#if 0
+static int
+read_cellservdb (const char *filename, const char *realm)
+{
+    char line[1024];
+    FILE *f = fopen (filename, "r");
+    int nhosts = 0;
+
+    if (f == NULL)
+	return -1;
+    while (fgets (line, sizeof(line), f) != NULL) {
+	if (line[0] == '>'
+	    && strncasecmp (line + 1, realm, strlen(realm)) == 0) {
+	    while (fgets (line, sizeof(line), f) != NULL && *line != '>') {
+		char *hash;
+
+		if (line [strlen(line) - 1] == '\n')
+		    line [strlen(line) - 1] = '\0';
+
+		hash = strchr (line, '#');
+
+		if (hash != NULL
+		    && add_host (realm, hash + 1, 0, 0) == 0)
+		    ++nhosts;
+	    }
+	    break;
+	}
+    }
+    fclose (f);
+    return nhosts;
+}
+#endif
+
 static int
 init_hosts(char *realm)
 {
-    static const char *files[] = KRB_CNF_FILES;
-    int i;
-    char *dir = getenv("KRBCONFDIR");
+    int i, j, ret = 0;
+    char file[MaxPathLen];
+    
+    /*
+     * proto should really be NULL, but there are libraries out there
+     * that don't like that so we use "udp" instead.
+     */
 
-    krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT)));
-    if(dir){
-	char file[MaxPathLen];
-	if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0)
-	    read_file(file, realm);
+    krb_port = ntohs(k_getportbyname (KRB_SERVICE, "udp", htons(KRB_PORT)));
+    for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++) {
+      j = read_file(file, realm);
+      if (j > 0) ret += j;
     }
-    for(i = 0; files[i]; i++)
-	read_file(files[i], realm);
-    return 0;
+    return ret;
 }
 
 static void
@@ -190,7 +276,7 @@ srv_find_realm(char *realm, char *proto, char *service)
     struct dns_reply *r;
     struct resource_record *rr;
     
-    k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
+    roken_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL);
     
     if(domain == NULL)
 	return;
@@ -225,11 +311,11 @@ krb_get_host(int nth, char *realm, int admin)
 {
     struct host_list *p;
     static char orealm[REALM_SZ];
+
     if(orealm[0] == 0 || strcmp(realm, orealm)){
 	/* quick optimization */
 	if(realm && realm[0]){
-	    strncpy(orealm, realm, sizeof(orealm) - 1);
-	    orealm[sizeof(orealm) - 1] = 0;
+	    strcpy_truncate (orealm, realm, sizeof(orealm));
 	}else{
 	    int ret = krb_get_lrealm(orealm, 1);
 	    if(ret != KSUCCESS)
@@ -241,32 +327,46 @@ krb_get_host(int nth, char *realm, int admin)
 	    hosts = NULL;
 	}
 	
-	init_hosts(orealm);
-    
-	srv_find_realm(orealm, "udp", KRB_SERVICE);
-	srv_find_realm(orealm, "tcp", KRB_SERVICE);
+	if (init_hosts(orealm) < nth) {
+	  srv_find_realm(orealm, "udp", KRB_SERVICE);
+	  srv_find_realm(orealm, "tcp", KRB_SERVICE);
+	  srv_find_realm(orealm, "http", KRB_SERVICE);
 	
-	{
-	    /* XXX this assumes no one has more than 99999 kerberos
-	       servers */
-	    char host[REALM_SZ + sizeof("kerberos-XXXXX..")];
+	  {
+	    char *host;
 	    int i = 0;
-	    sprintf(host, "kerberos.%s.", orealm);
+
+	    asprintf(&host, "kerberos.%s.", orealm);
+	    if (host == NULL) {
+		free_hosts(hosts);
+		hosts = NULL;
+		return NULL;
+	    }
 	    add_host(orealm, host, 1, 1);
-	    do{
+	    do {
 		i++;
-		sprintf(host, "kerberos-%d.%s.", i, orealm);
-	    }while(i < 100000 && add_host(orealm, host, 0, 1) == 0);
+		free(host);
+		asprintf(&host, "kerberos-%d.%s.", i, orealm);
+	    } while(host != NULL
+		   && i < 100000
+		   && add_host(orealm, host, 0, 1) == 0);
+	    free(host);
+	  }
 	}
+#if 0
+	read_cellservdb ("/usr/vice/etc/CellServDB", orealm);
+	read_cellservdb ("/usr/arla/etc/CellServDB", orealm);
+#endif
     }
     
     for(p = hosts; p; p = p->next){
 	if(strcmp(orealm, p->this->realm) == 0 &&
-	   (!admin || p->this->admin))
+	   (!admin || p->this->admin)) {
 	    if(nth == 1)
 		return p->this;
 	    else
 		nth--;
+	}
     }
     return NULL;
 }
@@ -277,7 +377,7 @@ krb_get_krbhst(char *host, char *realm, int nth)
     struct krb_host *p = krb_get_host(nth, realm, 0);
     if(p == NULL)
 	return KFAILURE;
-    strcpy(host, p->host);
+    strcpy_truncate (host, p->host, MaxHostNameLen);
     return KSUCCESS;
 }
 
@@ -287,6 +387,6 @@ krb_get_admhst(char *host, char *realm, int nth)
     struct krb_host *p = krb_get_host(nth, realm, 1);
     if(p == NULL)
 	return KFAILURE;
-    strcpy(host, p->host);
+    strcpy_truncate (host, p->host, MaxHostNameLen);
     return KSUCCESS;
 }
diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c
index 435632a..4336687 100644
--- a/crypto/kerberosIV/lib/krb/get_in_tkt.c
+++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $");
+RCSID("$Id: get_in_tkt.c,v 1.23 1999/07/01 09:36:22 assar Exp $");
 
 /*
  * This file contains three routines: passwd_to_key() and
@@ -35,7 +35,10 @@ RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $");
  */
 
 int
-passwd_to_key(char *user, char *instance, char *realm, void *passwd,
+passwd_to_key(const char *user,
+	      const char *instance,
+	      const char *realm,
+	      const void *passwd,
 	      des_cblock *key)
 {
 #ifndef NOENCRYPTION
@@ -44,13 +47,34 @@ passwd_to_key(char *user, char *instance, char *realm, void *passwd,
     return 0;
 }
 
+int
+passwd_to_5key(const char *user,
+	       const char *instance,
+	       const char *realm,
+	       const void *passwd, 
+	       des_cblock *key)
+{
+    char *p;
+    size_t len;
+    len = roken_mconcat (&p, 512, passwd, realm, user, instance, NULL);
+    if(len == 0)
+	return  -1;
+    des_string_to_key(p, key);
+    memset(p, 0, len);
+    free(p);
+    return 0;
+}
+
 
 int
-passwd_to_afskey(char *user, char *instance, char *realm, void *passwd,
-		  des_cblock *key)
+passwd_to_afskey(const char *user,
+		 const char *instance,
+		 const char *realm,
+		 const void *passwd,
+		 des_cblock *key)
 {
 #ifndef NOENCRYPTION
-    afs_string_to_key((char *)passwd, realm, key);
+    afs_string_to_key(passwd, realm, key);
 #endif
     return (0);
 }
@@ -72,9 +96,21 @@ passwd_to_afskey(char *user, char *instance, char *realm, void *passwd,
  * The result of the call to krb_get_in_tkt() is returned.
  */
 
+typedef int (*const_key_proc_t) __P((const char *name,
+				     const char *instance, /* IN parameter */
+				     const char *realm,
+				     const void *password,
+				     des_cblock *key));
+
 int
-krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service,
-		  char *sinstance, int life, char *password)
+krb_get_pw_in_tkt2(const char *user,
+		   const char *instance,
+		   const char *realm,
+		   const char *service,
+		   const char *sinstance,
+		   int life,
+		   const char *password,
+		   des_cblock *key)
 {
     char pword[100];		/* storage for the password */
     int code;
@@ -88,12 +124,61 @@ krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service,
         password = pword;
     }
 
-    code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
-                          passwd_to_key, NULL, password);
-    if (code == INTK_BADPW)
-	 code = krb_get_in_tkt(user,instance,realm,service,sinstance,life,
-			       passwd_to_afskey, NULL, password);
+    {
+	KTEXT_ST as_rep;
+	CREDENTIALS cred;
+	int ret = 0;
+	const_key_proc_t key_procs[] = { passwd_to_key,
+					 passwd_to_afskey, 
+					 passwd_to_5key,
+					 NULL };
+	const_key_proc_t *kp;
+	
+	code = krb_mk_as_req(user, instance, realm,
+			     service, sinstance, life, &as_rep);
+	if(code)
+	    return code;
+	for(kp = key_procs; *kp; kp++){
+	    KTEXT_ST tmp;
+	    memcpy(&tmp, &as_rep, sizeof(as_rep));
+	    code = krb_decode_as_rep(user,
+				     (char *)instance, /* const_key_proc_t */
+				     realm,
+				     service,
+				     sinstance, 
+				     (key_proc_t)*kp, /* const_key_proc_t */
+				     NULL,
+				     password,
+				     &tmp,
+				     &cred);
+	    if(code == 0){
+		if(key)
+		    (**kp)(user, instance, realm, password, key);
+		break;
+	    }
+	    if(code != INTK_BADPW)
+		ret = code; /* this is probably a better code than
+			       what code gets after this loop */
+	}
+	if(code)
+	    return ret ? ret : code;
+
+	code = tf_setup(&cred, user, instance);
+    }
     if (password == pword)
         memset(pword, 0, sizeof(pword));
     return(code);
 }
+
+int
+krb_get_pw_in_tkt(const char *user,
+		  const char *instance,
+		  const char *realm,
+		  const char *service,
+		  const char *sinstance,
+		  int life,
+		  const char *password)
+{
+    return krb_get_pw_in_tkt2(user, instance, realm, 
+			      service, sinstance, life, password, NULL);
+}
diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c
index 8c5b0c9..9c675f6 100644
--- a/crypto/kerberosIV/lib/krb/get_krbrlm.c
+++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c
@@ -1,27 +1,44 @@
-/* 
-  Copyright (C) 1989 by the Massachusetts Institute of Technology
-
-   Export of this software from the United States of America is assumed
-   to require a specific license from the United States Government.
-   It is the responsibility of any person or organization contemplating
-   export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission.  M.I.T. makes no representations about the suitability of
-this software for any purpose.  It is provided "as is" without express
-or implied warranty.
-
-  */
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $");
+RCSID("$Id: get_krbrlm.c,v 1.22.2.1 1999/09/02 08:51:04 joda Exp $");
 
 /*
  * krb_get_lrealm takes a pointer to a string, and a number, n.  It fills
@@ -31,9 +48,6 @@ RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $");
  * config file does not exist, and if n=1, a successful return will occur
  * with r = KRB_REALM (also defined in "krb.h").
  *
- * NOTE: for archaic & compatibility reasons, this routine will only return
- * valid results when n = 1.
- *
  * For the format of the KRB_CONF file, see comments describing the routine
  * krb_get_krbhst().
  */
@@ -41,76 +55,88 @@ RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $");
 static int
 krb_get_lrealm_f(char *r, int n, const char *fname)
 {
+    char buf[1024];
+    char *p;
+    int nchar;
     FILE *f;
     int ret = KFAILURE;
+
+    if (n < 0)
+        return KFAILURE;
+    if(n == 0)
+	n = 1;
+
     f = fopen(fname, "r");
-    if(f){
-	char buf[REALM_SZ];
-	if(fgets(buf, sizeof(buf), f)){
-	    char *p = buf + strspn(buf, " \t");
-	    p[strcspn(p, " \t\r\n")] = 0;
-	    p[REALM_SZ - 1] = 0;
-	    strcpy(r, p);
-	    ret = KSUCCESS;
-	}
-	fclose(f);
-    }
+    if (f == 0)
+        return KFAILURE;
+
+    for (; n > 0; n--)
+        if (fgets(buf, sizeof(buf), f) == 0)
+            goto done;
+
+    /* We now have the n:th line, remove initial white space. */
+    p = buf + strspn(buf, " \t");
+
+    /* Collect realmname. */
+    nchar    = strcspn(p, " \t\n");
+    if (nchar == 0 || nchar > REALM_SZ)
+        goto done;		/* No realmname */
+    strncpy(r, p, nchar);
+    r[nchar] = 0;
+
+    /* Does more junk follow? */
+    p += nchar;
+    nchar = strspn(p, " \t\n");
+    if (p[nchar] == 0)
+        ret = KSUCCESS;		/* This was a realm name only line. */
+
+  done:
+    fclose(f);
     return ret;
 }
 
+static const char *no_default_realm = "NO.DEFAULT.REALM";
+
 int
 krb_get_lrealm(char *r, int n)
 {
-  static const char *const files[] = KRB_CNF_FILES;
-  int i;
-  
-  const char *dir = getenv("KRBCONFDIR");
-
-  if (n > 1)
-    return(KFAILURE);		/* Temporary restriction */
-
-  /* First try user specified file */
-  if (dir != 0) {
-    char fname[MaxPathLen];
-    if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
-	if (krb_get_lrealm_f(r, n, fname) == KSUCCESS)
+    int i;
+    char file[MaxPathLen];
+
+    for (i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
+	if (krb_get_lrealm_f(r, n, file) == KSUCCESS)
 	    return KSUCCESS;
-  }
 
-  for (i = 0; files[i] != 0; i++)
-    if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS)
-      return KSUCCESS;
+    /* When nothing else works try default realm */
+    if (n == 1) {
+      char *t = krb_get_default_realm();
+
+      if (strcmp(t, no_default_realm) == 0)
+	return KFAILURE;	/* Can't figure out default realm */
 
-  /* If nothing else works try LOCALDOMAIN, if it exists */
-  if (n == 1)
-    {
-      char *t, hostname[MaxHostNameLen];
-      k_gethostname(hostname, sizeof(hostname));
-      t = krb_realmofhost(hostname);
-      if (t) {
-	strcpy (r, t);
-	return KSUCCESS;
-      }
-      t = strchr(hostname, '.');
-      if (t == 0)
-	return KFAILURE;	/* No domain part, you loose */
-
-      t++;			/* Skip leading dot and upcase the rest */
-      for (; *t; t++, r++)
-	*r = toupper(*t);
-      *r = 0;
-      return(KSUCCESS);
+      strcpy(r, t);
+      return KSUCCESS;
     }
-  else
-    return(KFAILURE);
+    else
+	return(KFAILURE);
 }
 
-/* For SunOS5 compat. */
+/* Returns local realm if that can be figured out else NO.DEFAULT.REALM */
 char *
 krb_get_default_realm(void)
 {
-  static char local_realm[REALM_SZ]; /* local kerberos realm */
-  if (krb_get_lrealm(local_realm, 1) != KSUCCESS)
-    strcpy(local_realm, "NO.DEFAULT.REALM");
-  return local_realm;
+    static char local_realm[REALM_SZ]; /* Local kerberos realm */
+    
+    if (local_realm[0] == 0) {
+	char *t, hostname[MaxHostNameLen];
+
+	strcpy_truncate(local_realm, no_default_realm, 
+			sizeof(local_realm)); /* Provide default */
+
+	gethostname(hostname, sizeof(hostname));
+	t = krb_realmofhost(hostname);
+	if (t && strcmp(t, no_default_realm) != 0)
+	    strcpy_truncate(local_realm, t, sizeof(local_realm));
+    }
+    return local_realm;
 }
diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
index c290524..daf7ae1 100644
--- a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
+++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $");
+RCSID("$Id: get_svc_in_tkt.c,v 1.9 1999/06/29 21:18:04 bg Exp $");
 
 /*
  * This file contains two routines: srvtab_to_key(), which gets
@@ -47,7 +47,10 @@ RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $");
  */
 
 int 
-srvtab_to_key(char *user, char *instance, char *realm, void *srvtab,
+srvtab_to_key(const char *user,
+	      char *instance,
+	      const char *realm,
+	      const void *srvtab,
 	      des_cblock *key)
 {
     if (!srvtab)
diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
index 33733d0..7a103b6 100644
--- a/crypto/kerberosIV/lib/krb/get_tf_fullname.c
+++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $");
+RCSID("$Id: get_tf_fullname.c,v 1.7 1998/06/09 19:25:19 joda Exp $");
 
 /*
  * This file contains a routine to extract the fullname of a user
@@ -51,12 +51,12 @@ krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm)
 	return (tf_status);
     
     if (name)
-	strcpy(name, c.pname);
+	strcpy_truncate (name, c.pname, ANAME_SZ);
     if (instance)
-	strcpy(instance, c.pinst);
+	strcpy_truncate (instance, c.pinst, INST_SZ);
     if ((tf_status = tf_get_cred(&c)) == KSUCCESS) {
 	if (realm)
-	    strcpy(realm, c.realm);
+	    strcpy_truncate (realm, c.realm, REALM_SZ);
     }
     else {
 	if (tf_status == EOF)
diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c
index d25ec1b..069b8b7 100644
--- a/crypto/kerberosIV/lib/krb/getaddrs.c
+++ b/crypto/kerberosIV/lib/krb/getaddrs.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,12 +38,19 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $");
+RCSID("$Id: getaddrs.c,v 1.26.2.1 1999/07/22 03:15:33 assar Exp $");
 
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 #ifdef HAVE_NET_IF_H
+#ifdef __osf__
+struct rtentry;
+struct mbuf;
+#endif
+#ifdef _AIX
+#undef __P /* XXX hack for AIX 4.3 */
+#endif
 #include <net/if.h>
 #endif
 
@@ -62,7 +69,7 @@ k_get_all_addrs (struct in_addr **l)
      char name[MaxHostNameLen];
      struct hostent *he;
 
-     if (k_gethostname(name, sizeof(name)) < 0)
+     if (gethostname(name, sizeof(name)) < 0)
 	  return -1;
      he = gethostbyname (name);
      if (he == NULL)
@@ -74,57 +81,75 @@ k_get_all_addrs (struct in_addr **l)
      return 1;
 #else
      int fd;
-     char buf[BUFSIZ];
+     char *inbuf = NULL;
+     size_t in_len = 8192;
      struct ifreq ifreq;
      struct ifconf ifconf;
      int num, j;
      char *p;
+     size_t sz;
 
+     *l = NULL;
      fd = socket(AF_INET, SOCK_DGRAM, 0);
      if (fd < 0)
 	  return -1;
 
-     ifconf.ifc_len = sizeof(buf);
-     ifconf.ifc_buf = buf;
-     if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
-	  return -1;
+     for(;;) {
+	 void *tmp;
+
+	 tmp = realloc (inbuf, in_len);
+	 if (tmp == NULL)
+	     goto fail;
+	 inbuf = tmp;
+
+	 ifconf.ifc_len = in_len;
+	 ifconf.ifc_buf = inbuf;
+
+	 if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
+	     goto fail;
+	 if(ifconf.ifc_len + sizeof(ifreq) < in_len)
+	     break;
+	 in_len *= 2;
+     }
      num = ifconf.ifc_len / sizeof(struct ifreq);
      *l = malloc(num * sizeof(struct in_addr));
-     if(*l == NULL) {
-	  close (fd);
-	  return -1;
-     }
+     if(*l == NULL)
+	 goto fail;
 
      j = 0;
      ifreq.ifr_name[0] = '\0';
-     for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) {
+     for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len; p += sz) {
           struct ifreq *ifr = (struct ifreq *)p;
-#ifdef SOCKADDR_HAS_SA_LEN
-	  size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len;
-#else
-	  size_t sz = sizeof(*ifr);
+	  sz = sizeof(*ifr);
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+	  sz = max(sz, sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len);
 #endif
+
 	  if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) {
-	       if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) {
-		    close (fd);
-		    free (*l);
-		    return -1;
-	       }
-	       if (ifr->ifr_flags & IFF_UP) {
-		    if(ioctl(fd, SIOCGIFADDR, ifr) < 0) {
-			 close (fd);
-			 free (*l);
-			 return -1;
-		    }
-		    (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+	      if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0)
+		  continue;
+	      if (ifr->ifr_flags & IFF_UP) {
+		  if(ioctl(fd, SIOCGIFADDR, ifr) < 0) 
+		      continue;
+		  (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
 	       }
-	       ifreq = *ifr;
+	      ifreq = *ifr;
 	  }
-	  p = p + sz;
      }
-     if (j != num)
-	  *l = realloc (*l, j * sizeof(struct in_addr));
+     if (j != num) {
+	 void *tmp;
+	 tmp = realloc (*l, j * sizeof(struct in_addr));
+	 if(tmp == NULL)
+	     goto fail;
+	 *l = tmp;
+     }
      close (fd);
+     free(inbuf);
      return j;
+fail:
+     close(fd);
+     free(inbuf);
+     free(*l);
+     return -1;
 #endif /* SIOCGIFCONF */
 }
diff --git a/crypto/kerberosIV/lib/krb/getfile.c b/crypto/kerberosIV/lib/krb/getfile.c
new file mode 100644
index 0000000..15c5ed8
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/getfile.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: getfile.c,v 1.4 1998/06/09 19:25:19 joda Exp $");
+
+static int
+is_suid(void)
+{
+    int ret = 0;
+#ifdef HAVE_GETUID
+    ret |= getuid() != geteuid();
+#endif
+#ifdef HAVE_GETGID
+    ret |= getgid() != getegid();
+#endif
+    return ret;
+}
+
+static int
+get_file(const char **files, int num, const char *file, char *buf, size_t len)
+{
+    const char *p, **q;
+    int i = 0;
+    if(!is_suid() && (p = getenv("KRBCONFDIR"))){
+	if(num == i){
+	    snprintf(buf, len, "%s/%s", p, file);
+	    return 0;
+	}
+	i++;
+    }
+    for(q = files; *q; q++, i++){
+	if(num == i){
+	    snprintf(buf, len, "%s", *q);
+	    return 0;
+	}
+    }
+    return -1;
+}
+
+int
+krb_get_krbconf(int num, char *buf, size_t len)
+{
+    const char *files[] = KRB_CNF_FILES;
+    return get_file(files, num, "krb.conf", buf, len);
+}
+
+int
+krb_get_krbrealms(int num, char *buf, size_t len)
+{
+    const char *files[] = KRB_RLM_FILES;
+    return get_file(files, num, "krb.realms", buf, len);
+}
+
+int
+krb_get_krbextra(int num, char *buf, size_t len)
+{
+    const char *files[] = { "/etc/krb.extra", NULL };
+    return get_file(files, num, "krb.extra", buf, len);
+}
diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c
index 05dfdab..16734c7 100644
--- a/crypto/kerberosIV/lib/krb/getrealm.c
+++ b/crypto/kerberosIV/lib/krb/getrealm.c
@@ -21,9 +21,11 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $");
+RCSID("$Id: getrealm.c,v 1.35 1998/08/31 10:40:06 assar Exp $");
 
-#define MATCH_SUBDOMAINS        0
+#ifndef MATCH_SUBDOMAINS
+#define MATCH_SUBDOMAINS 0
+#endif
 
 /*
  * krb_realmofhost.
@@ -66,13 +68,16 @@ dns_find_realm(char *hostname, char *realm)
 
     while(1){
 	snprintf(domain, sizeof(domain), "krb4-realm.%s.", p);
+	p = strchr(p, '.');
+	if(p == NULL)
+	    break;
+	p++;
 	r = dns_lookup(domain, "TXT");
 	if(r){
 	    struct resource_record *rr = r->head;
 	    while(rr){
 		if(rr->type == T_TXT){
-		    strncpy(realm, rr->u.txt, REALM_SZ);
-		    realm[REALM_SZ - 1] = 0;
+		    strcpy_truncate(realm, rr->u.txt, REALM_SZ);
 		    dns_free_data(r);
 		    return level;
 		}
@@ -81,10 +86,6 @@ dns_find_realm(char *hostname, char *realm)
 	    dns_free_data(r);
 	}
 	level++;
-	p = strchr(p, '.');
-	if(p == NULL)
-	    break;
-	p++;
     }
     return -1;
 }
@@ -93,92 +94,92 @@ dns_find_realm(char *hostname, char *realm)
 static FILE *
 open_krb_realms(void)
 {
-  static const char *const files[] = KRB_RLM_FILES;
-  FILE *res;
-  int i;
-  
-  const char *dir = getenv("KRBCONFDIR");
-
-  /* First try user specified file */
-  if (dir != 0) {
-    char fname[MaxPathLen];
+    int i;
+    char file[MaxPathLen];
+    FILE *res;
 
-    if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0)
-	if ((res = fopen(fname, "r")) != NULL)
+    for(i = 0; krb_get_krbrealms(i, file, sizeof(file)) == 0; i++)
+	if ((res = fopen(file, "r")) != NULL)
 	    return res;
-  }
-
-  for (i = 0; files[i] != 0; i++)
-    if ((res = fopen(files[i], "r")) != NULL)
-      return res;
-
   return NULL;
 }
 
+static int
+file_find_realm(const char *phost, const char *domain,
+		char *ret_realm, size_t ret_realm_sz)
+{
+    FILE *trans_file;
+    char buf[1024];
+    int ret = -1;
+    
+    if ((trans_file = open_krb_realms()) == NULL)
+	return -1;
+
+    while (fgets(buf, sizeof(buf), trans_file) != NULL) {
+	char *save = NULL;
+	char *tok;
+	char *tmp_host;
+	char *tmp_realm;
+
+	tok = strtok_r(buf, " \t\r\n", &save);
+	if(tok == NULL)
+	    continue;
+	tmp_host = tok;
+	tok = strtok_r(NULL, " \t\r\n", &save);
+	if(tok == NULL)
+	    continue;
+	tmp_realm = tok;
+	if (strcasecmp(tmp_host, phost) == 0) {
+	    /* exact match of hostname, so return the realm */
+	    strcpy_truncate(ret_realm, tmp_realm, ret_realm_sz);
+	    ret = 0;
+	    break;
+	}
+	if ((tmp_host[0] == '.') && domain) { 
+	    const char *cp = domain;
+	    do {
+		if(strcasecmp(tmp_host, cp) == 0){
+		    /* domain match, save for later */ 
+		    strcpy_truncate(ret_realm, tmp_realm, ret_realm_sz);
+		    ret = 0;
+		    break;
+		}
+		cp = strchr(cp + 1, '.');
+	    } while(MATCH_SUBDOMAINS && cp);
+	}
+	if (ret == 0)
+	    break;
+    }
+    fclose(trans_file);
+    return ret;
+}
+
 char *
 krb_realmofhost(const char *host)
 {
-  static char ret_realm[REALM_SZ];
-  char *domain;
-  FILE *trans_file;
-  char trans_host[MaxHostNameLen];
-  char trans_realm[REALM_SZ];
-  char buf[1024];
-
-  char phost[MaxHostNameLen];
+    static char ret_realm[REALM_SZ];
+    char *domain;
+    char phost[MaxHostNameLen];
 	
-  krb_name_to_name(host, phost, sizeof(phost));
+    krb_name_to_name(host, phost, sizeof(phost));
 	
-  domain = strchr(phost, '.');
+    domain = strchr(phost, '.');
 
-  /* prepare default */
-  if(dns_find_realm(phost, ret_realm) < 0){
-      if (domain) {
-	  char *cp;
+    if(file_find_realm(phost, domain, ret_realm, sizeof ret_realm) == 0)
+	return ret_realm;
+
+    if(dns_find_realm(phost, ret_realm) >= 0)
+	return ret_realm;
+  
+    if (domain) {
+	char *cp;
 	  
-	  strncpy(ret_realm, &domain[1], REALM_SZ);
-	  ret_realm[REALM_SZ - 1] = 0;
-	  /* Upper-case realm */
-	  for (cp = ret_realm; *cp; cp++)
-	      *cp = toupper(*cp);
-      } else {
-	  krb_get_lrealm(ret_realm, 1);
-      }
-  }
-
-  if ((trans_file = open_krb_realms()) == NULL)
-      return(ret_realm); /* krb_errno = KRB_NO_TRANS */
-
-  while (fgets(buf, sizeof(buf), trans_file)) {
-      char *save = NULL;
-      char *tok = strtok_r(buf, " \t\r\n", &save);
-      if(tok == NULL)
-	  continue;
-      strncpy(trans_host, tok, MaxHostNameLen);
-      trans_host[MaxHostNameLen - 1] = 0;
-      tok = strtok_r(NULL, " \t\r\n", &save);
-      if(tok == NULL)
-	  continue;
-      strcpy(trans_realm, tok);
-      trans_realm[REALM_SZ - 1] = 0;
-      if (!strcasecmp(trans_host, phost)) {
-	  /* exact match of hostname, so return the realm */
-	  strcpy(ret_realm, trans_realm);
-	  fclose(trans_file);
-	  return(ret_realm);
-      }
-      if ((trans_host[0] == '.') && domain) { 
-	  char *cp = domain;
-	  do {
-	      if(strcasecmp(trans_host, domain) == 0){
-		  /* domain match, save for later */ 
-		  strcpy(ret_realm, trans_realm);
-		  break;
-	      }
-	      cp = strchr(cp + 1, '.');
-	  } while(MATCH_SUBDOMAINS && cp);
-      }
-  }
-  fclose(trans_file);
-  return ret_realm;
+	strcpy_truncate(ret_realm, &domain[1], REALM_SZ);
+	/* Upper-case realm */
+	for (cp = ret_realm; *cp; cp++)
+	    *cp = toupper(*cp);
+    } else {
+	strncpy(ret_realm, krb_get_default_realm(), REALM_SZ); /* Wild guess */
+    }
+    return ret_realm;
 }
diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c
index 04676b1..6c3edb0 100644
--- a/crypto/kerberosIV/lib/krb/k_getsockinst.c
+++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $");
+RCSID("$Id: k_getsockinst.c,v 1.11 1998/06/09 19:25:20 joda Exp $");
 
 /*
  * Return in inst the name of the local interface bound to socket
@@ -61,8 +61,7 @@ k_getsockinst(int fd, char *inst, size_t inst_size)
   if (hnam == 0)
     goto fail;
 
-  strncpy (inst, hnam->h_name, inst_size);
-  inst[inst_size - 1] = '\0';
+  strcpy_truncate (inst, hnam->h_name, inst_size);
   k_ricercar(inst); /* Canonicalize name */
   return 0;			/* Success */
 
diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c
index aa012e0..51675b0 100644
--- a/crypto/kerberosIV/lib/krb/kdc_reply.c
+++ b/crypto/kerberosIV/lib/krb/kdc_reply.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $");
+RCSID("$Id: kdc_reply.c,v 1.11 1998/06/09 19:25:20 joda Exp $");
 
 static int little_endian; /* XXX ugly */
 
@@ -52,15 +52,15 @@ kdc_reply_cred(KTEXT cip, CREDENTIALS *cred)
     
     if(p + strlen((char*)p) > cip->dat + cip->length)
 	return INTK_BADPW;
-    p += krb_get_string(p, cred->service);
+    p += krb_get_string(p, cred->service, sizeof(cred->service));
     
     if(p + strlen((char*)p) > cip->dat + cip->length)
 	return INTK_BADPW;
-    p += krb_get_string(p, cred->instance);
+    p += krb_get_string(p, cred->instance, sizeof(cred->instance));
     
     if(p + strlen((char*)p) > cip->dat + cip->length)
 	return INTK_BADPW;
-    p += krb_get_string(p, cred->realm);
+    p += krb_get_string(p, cred->realm, sizeof(cred->realm));
     
     if(p + 3 > cip->dat + cip->length)
 	return INTK_BADPW;
@@ -107,11 +107,14 @@ kdc_reply_cipher(KTEXT reply, KTEXT cip)
 
     if(type == AUTH_MSG_ERR_REPLY){
 	u_int32_t code;
+	/* skip these fields */
 	p += strlen((char*)p) + 1; /* name */
 	p += strlen((char*)p) + 1; /* instance */
 	p += strlen((char*)p) + 1; /* realm */
 	p += 4; /* time */
 	p += krb_get_int(p, &code, 4, little_endian);
+	if(code == 0)
+	    code = KFAILURE; /* things will go bad otherwise */
 	return code;
     }
     if(type != AUTH_MSG_KDC_REPLY)
diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c
index 88b8b25..86e5205 100644
--- a/crypto/kerberosIV/lib/krb/kntoln.c
+++ b/crypto/kerberosIV/lib/krb/kntoln.c
@@ -47,7 +47,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $");
+RCSID("$Id: kntoln.c,v 1.10 1998/06/09 19:25:21 joda Exp $");
 
 int
 krb_kntoln(AUTH_DAT *ad, char *lname)
@@ -91,57 +91,55 @@ extern int errno;
 
 static char     lrealm[REALM_SZ] = "";
 
-an_to_ln(ad,lname)
-AUTH_DAT        *ad;
-char            *lname;
+int
+an_to_ln(AUTH_DAT *ad, char *lname)
 {
-        static DBM *aname = NULL;
-        char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
-
-        if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
-                return(KFAILURE);
-
-        if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
-strcmp(ad->prealm,lrealm)) {
-                datum val;
-                datum key;
-                /*
-                 * Non-local name (or) non-null and non-root instance.
-                 * Look up in dbm file.
-                 */
-                if (!aname) {
-                        if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
-                            == NULL) return (KFAILURE);
-                }
-                /* Construct dbm lookup key. */
-                an_to_a(ad, keyname);
-                key.dptr = keyname;
-                key.dsize = strlen(keyname)+1;
-                flock(dbm_dirfno(aname), LOCK_SH);
-                val = dbm_fetch(aname, key);
-                flock(dbm_dirfno(aname), LOCK_UN);
-                if (!val.dptr) {
-                  dbm_close(aname);
-                  return(KFAILURE);
-                }
-                /* Got it! */
-                strcpy(lname,val.dptr);
-                return(KSUCCESS);
-        } else strcpy(lname,ad->pname);
-        return(KSUCCESS);
+    static DBM *aname = NULL;
+    char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2];
+
+    if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE))
+	return(KFAILURE);
+
+    if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) ||
+       strcmp(ad->prealm,lrealm)) {
+	datum val;
+	datum key;
+	/*
+	 * Non-local name (or) non-null and non-root instance.
+	 * Look up in dbm file.
+	 */
+	if (!aname) {
+	    if ((aname = dbm_open("/etc/aname", O_RDONLY, 0))
+		== NULL) return (KFAILURE);
+	}
+	/* Construct dbm lookup key. */
+	an_to_a(ad, keyname);
+	key.dptr = keyname;
+	key.dsize = strlen(keyname)+1;
+	flock(dbm_dirfno(aname), LOCK_SH);
+	val = dbm_fetch(aname, key);
+	flock(dbm_dirfno(aname), LOCK_UN);
+	if (!val.dptr) {
+	    dbm_close(aname);
+	    return(KFAILURE);
+	}
+	/* Got it! */
+	strcpy(lname,val.dptr);
+	return(KSUCCESS);
+    } else strcpy(lname,ad->pname);
+    return(KSUCCESS);
 }
 
-an_to_a(ad, str)
-        AUTH_DAT *ad;
-        char *str;
+void
+an_to_a(AUTH_DAT *ad, char *str)
 {
-        strcpy(str, ad->pname);
-        if(*ad->pinst) {
-                strcat(str, ".");
-                strcat(str, ad->pinst);
-        }
-        strcat(str, "@");
-        strcat(str, ad->prealm);
+    strcpy(str, ad->pname);
+    if(*ad->pinst) {
+	strcat(str, ".");
+	strcat(str, ad->pinst);
+    }
+    strcat(str, "@");
+    strcat(str, ad->prealm);
 }
 
 /*
@@ -149,32 +147,31 @@ an_to_a(ad, str)
  * into a struct AUTH_DAT.
  */
 
-a_to_an(str, ad)
-        AUTH_DAT *ad;
-        char *str;
+int
+a_to_an(char *str, AUTH_DAT *ad)
 {
-        char *buf = (char *)malloc(strlen(str)+1);
-        char *rlm, *inst, *princ;
-
-        if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
-                free(buf);
-                return(KFAILURE);
-        }
-        /* destructive string hacking is more fun.. */
-        strcpy(buf, str);
-
-        if (rlm = index(buf, '@')) {
-                *rlm++ = '\0';
-        }
-        if (inst = index(buf, '.')) {
-                *inst++ = '\0';
-        }
-        strcpy(ad->pname, buf);
-        if(inst) strcpy(ad->pinst, inst);
-        else *ad->pinst = '\0';
-        if (rlm) strcpy(ad->prealm, rlm);
-        else strcpy(ad->prealm, lrealm);
-        free(buf);
-        return(KSUCCESS);
+    char *buf = (char *)malloc(strlen(str)+1);
+    char *rlm, *inst, *princ;
+
+    if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) {
+	free(buf);
+	return(KFAILURE);
+    }
+    /* destructive string hacking is more fun.. */
+    strcpy(buf, str);
+
+    if (rlm = index(buf, '@')) {
+	*rlm++ = '\0';
+    }
+    if (inst = index(buf, '.')) {
+	*inst++ = '\0';
+    }
+    strcpy(ad->pname, buf);
+    if(inst) strcpy(ad->pinst, inst);
+    else *ad->pinst = '\0';
+    if (rlm) strcpy(ad->prealm, rlm);
+    else strcpy(ad->prealm, lrealm);
+    free(buf);
+    return(KSUCCESS);
 }
 #endif
diff --git a/crypto/kerberosIV/lib/krb/krb-archaeology.h b/crypto/kerberosIV/lib/krb/krb-archaeology.h
new file mode 100644
index 0000000..0757996
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb-archaeology.h
@@ -0,0 +1,131 @@
+/*
+ * $Id: krb-archaeology.h,v 1.2 1997/12/05 02:04:44 joda Exp $
+ *
+ * Most of the cruft in this file is probably:
+ *
+ * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
+ * of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ */
+
+#ifndef __KRB_ARCHAEOLOGY_H__
+#define __KRB_ARCHAEOLOGY_H__
+
+/* Compare x and y in VAX byte order, result is -1, 0 or 1. */
+
+#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 :  krb_lsb_antinet_ulong_cmp(x, y))
+
+#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y))
+
+int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y);
+int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y);
+u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst);
+
+/* Macro's to obtain various fields from a packet */
+
+#define pkt_version(packet)  (unsigned int) *(packet->dat)
+#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
+#define pkt_a_name(packet)   (packet->dat+2)
+#define pkt_a_inst(packet)   \
+	(packet->dat+3+strlen((char *)pkt_a_name(packet)))
+#define pkt_a_realm(packet)  \
+	(pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
+
+/* Macro to obtain realm from application request */
+#define apreq_realm(auth)     (auth->dat + 3)
+
+#define pkt_time_ws(packet) (char *) \
+        (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+
+#define pkt_no_req(packet) (unsigned short) \
+        *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+	  strlen((char *)pkt_a_inst(packet)) + \
+	  strlen((char *)pkt_a_realm(packet)))
+#define pkt_x_date(packet) (char *) \
+        (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+#define pkt_err_code(packet) ( (char *) \
+        (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet))))
+#define pkt_err_text(packet) \
+        (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
+	 strlen((char *)pkt_a_inst(packet)) + \
+	 strlen((char *)pkt_a_realm(packet)))
+
+/*
+ * macros for byte swapping; also scratch space
+ * u_quad  0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0
+ * u_int32_t  0-->3, 1-->2, 2-->1, 3-->0
+ * u_int16_t 0-->1, 1-->0
+ */
+
+#define     swap_u_16(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(((char *) x) +0, ((char *)  _krb_swap_tmp) +14 ,2); \
+ swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +12 ,2); \
+ swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +8  ,2); \
+ swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +10,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +12,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +14,((char *)  _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 16);\
+                            }
+
+#define     swap_u_12(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) x,     ((char *)  _krb_swap_tmp) +10 ,2); \
+ swab(((char *) x) +2, ((char *)  _krb_swap_tmp) +8 ,2); \
+ swab(((char *) x) +4, ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +6, ((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +8, ((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +10,((char *)  _krb_swap_tmp) +0 ,2); \
+ memcpy(x, _krb_swap_tmp, 12);\
+                            }
+
+#define     swap_C_Block(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) x,    ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) x) +6,((char *)  _krb_swap_tmp)    ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+                            }
+#define     swap_u_quad(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab(( char *) &x,    ((char *)  _krb_swap_tmp) +6 ,2); \
+ swab(((char *) &x) +2,((char *)  _krb_swap_tmp) +4 ,2); \
+ swab(((char *) &x) +4,((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +6,((char *)  _krb_swap_tmp)    ,2); \
+ memcpy(x, _krb_swap_tmp, 8);\
+                            }
+
+#define     swap_u_long(x) {\
+ u_int32_t   _krb_swap_tmp[4];\
+ swab((char *)  &x,    ((char *)  _krb_swap_tmp) +2 ,2); \
+ swab(((char *) &x) +2,((char *)  _krb_swap_tmp),2); \
+ x = _krb_swap_tmp[0];   \
+                           }
+
+#define     swap_u_short(x) {\
+ u_int16_t	_krb_swap_sh_tmp; \
+ swab((char *)  &x,    ( &_krb_swap_sh_tmp) ,2); \
+ x = (u_int16_t) _krb_swap_sh_tmp; \
+                            }
+/* Kerberos ticket flag field bit definitions */
+#define K_FLAG_ORDER    0       /* bit 0 --> lsb */
+#define K_FLAG_1                /* reserved */
+#define K_FLAG_2                /* reserved */
+#define K_FLAG_3                /* reserved */
+#define K_FLAG_4                /* reserved */
+#define K_FLAG_5                /* reserved */
+#define K_FLAG_6                /* reserved */
+#define K_FLAG_7                /* reserved, bit 7 --> msb */
+
+#endif /* __KRB_ARCHAEOLOGY_H__ */
diff --git a/crypto/kerberosIV/lib/krb/krb-protos.h b/crypto/kerberosIV/lib/krb/krb-protos.h
new file mode 100644
index 0000000..965e4dc
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb-protos.h
@@ -0,0 +1,773 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: krb-protos.h,v 1.18 1999/06/29 21:18:05 bg Exp $ */
+
+#ifndef __krb_protos_h__
+#define __krb_protos_h__
+
+#if defined (__STDC__) || defined (_MSC_VER)
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+#ifdef __STDC__
+struct in_addr;
+struct sockaddr_in;
+struct timeval;
+#endif
+
+#ifndef KRB_LIB_FUNCTION
+#if defined(__BORLANDC__)
+#define KRB_LIB_FUNCTION /* not-ready-definition-yet */
+#elif defined(_MSC_VER)
+#define KRB_LIB_FUNCTION /* not-ready-definition-yet2 */
+#else
+#define KRB_LIB_FUNCTION
+#endif
+#endif
+
+void KRB_LIB_FUNCTION
+afs_string_to_key __P((
+	const char *str,
+	const char *cell,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+create_ciph __P((
+	KTEXT c,
+	unsigned char *session,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t life,
+	int kvno,
+	KTEXT tkt,
+	u_int32_t kdc_time,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+cr_err_reply __P((
+	KTEXT pkt,
+	char *pname,
+	char *pinst,
+	char *prealm,
+	u_int32_t time_ws,
+	u_int32_t e,
+	char *e_string));
+
+int KRB_LIB_FUNCTION
+decomp_ticket __P((
+	KTEXT tkt,
+	unsigned char *flags,
+	char *pname,
+	char *pinstance,
+	char *prealm,
+	u_int32_t *paddress,
+	unsigned char *session,
+	int *life,
+	u_int32_t *time_sec,
+	char *sname,
+	char *sinstance,
+	des_cblock *key,
+	des_key_schedule schedule));
+
+int KRB_LIB_FUNCTION
+dest_tkt __P((void));
+
+int KRB_LIB_FUNCTION
+get_ad_tkt __P((
+	char *service,
+	char *sinstance,
+	char *realm,
+	int lifetime));
+
+int KRB_LIB_FUNCTION
+getst __P((
+	int fd,
+	char *s,
+	int n));
+
+int KRB_LIB_FUNCTION
+in_tkt __P((
+	char *pname,
+	char *pinst));
+
+int KRB_LIB_FUNCTION
+k_get_all_addrs __P((struct in_addr **l));
+
+int KRB_LIB_FUNCTION
+k_gethostname __P((
+	char *name,
+	int namelen));
+
+int KRB_LIB_FUNCTION
+k_getportbyname __P((
+	const char *service,
+	const char *proto,
+	int default_port));
+
+int KRB_LIB_FUNCTION
+k_getsockinst __P((
+	int fd,
+	char *inst,
+	size_t inst_size));
+
+int KRB_LIB_FUNCTION
+k_isinst __P((char *s));
+
+int KRB_LIB_FUNCTION
+k_isname __P((char *s));
+
+int KRB_LIB_FUNCTION
+k_isrealm __P((char *s));
+
+struct tm * KRB_LIB_FUNCTION
+k_localtime __P((u_int32_t *tp));
+
+int KRB_LIB_FUNCTION
+kname_parse __P((
+	char *np,
+	char *ip,
+	char *rp,
+	char *fullname));
+
+int KRB_LIB_FUNCTION
+krb_atime_to_life __P((char *atime));
+
+int KRB_LIB_FUNCTION
+krb_check_auth __P((
+	KTEXT packet,
+	u_int32_t checksum,
+	MSG_DAT *msg_data,
+	des_cblock *session,
+	struct des_ks_struct *schedule,
+	struct sockaddr_in *laddr,
+	struct sockaddr_in *faddr));
+
+int KRB_LIB_FUNCTION
+krb_check_tm __P((struct tm tm));
+
+KTEXT KRB_LIB_FUNCTION
+krb_create_death_packet __P((char *a_name));
+
+int KRB_LIB_FUNCTION
+krb_create_ticket __P((
+	KTEXT tkt,
+	unsigned char flags,
+	char *pname,
+	char *pinstance,
+	char *prealm,
+	int32_t paddress,
+	void *session,
+	int16_t life,
+	int32_t time_sec,
+	char *sname,
+	char *sinstance,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+krb_decode_as_rep __P((
+	const char *user,
+	char *instance,		/* INOUT parameter */
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	key_proc_t key_proc,
+	decrypt_proc_t decrypt_proc,
+	const void *arg,
+	KTEXT as_rep,
+	CREDENTIALS *cred));
+
+int KRB_LIB_FUNCTION
+krb_disable_debug __P((void));
+
+int KRB_LIB_FUNCTION
+krb_enable_debug __P((void));
+
+int KRB_LIB_FUNCTION
+krb_equiv __P((
+	u_int32_t a,
+	u_int32_t b));
+
+int KRB_LIB_FUNCTION
+krb_get_address __P((
+	void *from,
+	u_int32_t *to));
+
+int KRB_LIB_FUNCTION
+krb_get_admhst __P((
+	char *host,
+	char *realm,
+	int nth));
+
+int KRB_LIB_FUNCTION
+krb_get_config_bool __P((const char *variable));
+
+const char * KRB_LIB_FUNCTION
+krb_get_config_string __P((const char *variable));
+
+int KRB_LIB_FUNCTION
+krb_get_cred __P((
+        char *service,
+        char *instance,
+        char *realm,
+        CREDENTIALS *c));
+
+int KRB_LIB_FUNCTION
+krb_get_default_principal __P((
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_get_default_realm __P((void));
+
+const char * KRB_LIB_FUNCTION
+krb_get_err_text __P((int code));
+
+struct krb_host* KRB_LIB_FUNCTION
+krb_get_host __P((
+	int nth,
+	char *realm,
+	int admin));
+
+int KRB_LIB_FUNCTION
+krb_get_in_tkt __P((
+	char *user,
+	char *instance,
+	char *realm,
+	char *service,
+	char *sinstance,
+	int life,
+	key_proc_t key_proc,
+	decrypt_proc_t decrypt_proc,
+	void *arg));
+
+int KRB_LIB_FUNCTION
+krb_get_int __P((
+	void *f,
+	u_int32_t *to,
+	int size,
+	int lsb));
+
+int KRB_LIB_FUNCTION
+krb_get_kdc_time_diff __P((void));
+
+int KRB_LIB_FUNCTION
+krb_get_krbconf __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_krbextra __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_krbhst __P((
+	char *host,
+	char *realm,
+	int nth));
+
+int KRB_LIB_FUNCTION
+krb_get_krbrealms __P((
+	int num,
+	char *buf,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_get_lrealm __P((
+	char *r,
+	int n));
+
+int KRB_LIB_FUNCTION
+krb_get_nir __P((
+	void *from,
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_get_phost __P((const char *alias));
+
+int KRB_LIB_FUNCTION
+krb_get_pw_in_tkt __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	const char *password));
+
+int KRB_LIB_FUNCTION
+krb_get_pw_in_tkt2 __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	const char *password,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+krb_get_string __P((
+	void *from,
+	char *to,
+	size_t to_size));
+
+int KRB_LIB_FUNCTION
+krb_get_svc_in_tkt __P((
+	char *user,
+	char *instance,
+	char *realm,
+	char *service,
+	char *sinstance,
+	int life,
+	char *srvtab));
+
+int KRB_LIB_FUNCTION
+krb_get_tf_fullname __P((
+	char *ticket_file,
+	char *name,
+	char *instance,
+	char *realm));
+
+int KRB_LIB_FUNCTION
+krb_get_tf_realm __P((
+	char *ticket_file,
+	char *realm));
+
+void KRB_LIB_FUNCTION
+krb_kdctimeofday __P((struct timeval *tv));
+
+int KRB_LIB_FUNCTION
+krb_kntoln __P((
+	AUTH_DAT *ad,
+	char *lname));
+
+int KRB_LIB_FUNCTION
+krb_kuserok __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *luser));
+
+char * KRB_LIB_FUNCTION
+krb_life_to_atime __P((int life));
+
+u_int32_t KRB_LIB_FUNCTION
+krb_life_to_time __P((
+	u_int32_t start,
+	int life_));
+
+int KRB_LIB_FUNCTION
+krb_lsb_antinet_ulong_cmp __P((
+	u_int32_t x,
+	u_int32_t y));
+
+int KRB_LIB_FUNCTION
+krb_lsb_antinet_ushort_cmp __P((
+	u_int16_t x,
+	u_int16_t y));
+
+int KRB_LIB_FUNCTION
+krb_mk_as_req __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const char *service,
+	const char *sinstance,
+	int life,
+	KTEXT cip));
+
+int KRB_LIB_FUNCTION
+krb_mk_auth __P((
+	int32_t options,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t checksum,
+	char *version,
+	KTEXT buf));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_err __P((
+	u_char *p,
+	int32_t e,
+	char *e_string));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_priv __P((
+	void *in,
+	void *out,
+	u_int32_t length,
+	struct des_ks_struct *schedule,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver));
+
+int KRB_LIB_FUNCTION
+krb_mk_req __P((
+	KTEXT authent,
+	char *service,
+	char *instance,
+	char *realm,
+	int32_t checksum));
+
+int32_t KRB_LIB_FUNCTION
+krb_mk_safe __P((
+	void *in,
+	void *out,
+	u_int32_t length,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver));
+
+int KRB_LIB_FUNCTION
+krb_net_read __P((
+	int fd,
+	void *v,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_net_write __P((
+	int fd,
+	const void *v,
+	size_t len));
+
+int KRB_LIB_FUNCTION
+krb_parse_name __P((
+	const char *fullname,
+	krb_principal *principal));
+
+int KRB_LIB_FUNCTION
+krb_put_address __P((
+	u_int32_t addr,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_put_int __P((
+	u_int32_t from,
+	void *to,
+	size_t rem,
+	int size));
+
+int KRB_LIB_FUNCTION
+krb_put_nir __P((
+	const char *name,
+	const char *instance,
+	const char *realm,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_put_string __P((
+	const char *from,
+	void *to,
+	size_t rem));
+
+int KRB_LIB_FUNCTION
+krb_rd_err __P((
+	u_char *in,
+	u_int32_t in_length,
+	int32_t *code,
+	MSG_DAT *m_data));
+
+int32_t KRB_LIB_FUNCTION
+krb_rd_priv __P((
+	void *in,
+	u_int32_t in_length,
+	struct des_ks_struct *schedule,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver,
+	MSG_DAT *m_data));
+
+int KRB_LIB_FUNCTION
+krb_rd_req __P((
+	KTEXT authent,
+	char *service,
+	char *instance,
+	int32_t from_addr,
+	AUTH_DAT *ad,
+	char *fn));
+
+int32_t KRB_LIB_FUNCTION
+krb_rd_safe __P((
+	void *in,
+	u_int32_t in_length,
+	des_cblock *key,
+	struct sockaddr_in *sender,
+	struct sockaddr_in *receiver,
+	MSG_DAT *m_data));
+
+int KRB_LIB_FUNCTION
+krb_realm_parse __P((
+	char *realm,
+	int length));
+
+char * KRB_LIB_FUNCTION
+krb_realmofhost __P((const char *host));
+
+int KRB_LIB_FUNCTION
+krb_recvauth __P((
+	int32_t options,
+	int fd,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	struct sockaddr_in *faddr,
+	struct sockaddr_in *laddr,
+	AUTH_DAT *kdata,
+	char *filename,
+	struct des_ks_struct *schedule,
+	char *version));
+
+int KRB_LIB_FUNCTION
+krb_sendauth __P((
+	int32_t options,
+	int fd,
+	KTEXT ticket,
+	char *service,
+	char *instance,
+	char *realm,
+	u_int32_t checksum,
+	MSG_DAT *msg_data,
+	CREDENTIALS *cred,
+	struct des_ks_struct *schedule,
+	struct sockaddr_in *laddr,
+	struct sockaddr_in *faddr,
+	char *version));
+
+void KRB_LIB_FUNCTION
+krb_set_kdc_time_diff __P((int diff));
+
+int KRB_LIB_FUNCTION
+krb_set_key __P((
+	void *key,
+	int cvt));
+
+int KRB_LIB_FUNCTION
+krb_set_lifetime __P((int newval));
+
+void KRB_LIB_FUNCTION
+krb_set_tkt_string __P((const char *val));
+
+const char * KRB_LIB_FUNCTION
+krb_stime __P((time_t *t));
+
+int KRB_LIB_FUNCTION
+krb_time_to_life __P((
+	u_int32_t start,
+	u_int32_t end));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name __P((krb_principal *pr));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_long __P((
+	char *name,
+	char *instance,
+	char *realm));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_long_r __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *fullname));
+
+char * KRB_LIB_FUNCTION
+krb_unparse_name_r __P((
+	krb_principal *pr,
+	char *fullname));
+
+int KRB_LIB_FUNCTION
+krb_use_admin_server __P((int flag));
+
+int KRB_LIB_FUNCTION
+krb_verify_user __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *password,
+	int secure,
+	char *linstance));
+
+int KRB_LIB_FUNCTION
+krb_verify_user_srvtab __P((
+	char *name,
+	char *instance,
+	char *realm,
+	char *password,
+	int secure,
+	char *linstance,
+	char *srvtab));
+
+int KRB_LIB_FUNCTION
+kuserok __P((
+	AUTH_DAT *auth,
+	char *luser));
+
+u_int32_t KRB_LIB_FUNCTION
+lsb_time __P((
+	time_t t,
+	struct sockaddr_in *src,
+	struct sockaddr_in *dst));
+
+const char * KRB_LIB_FUNCTION
+month_sname __P((int n));
+
+int KRB_LIB_FUNCTION
+passwd_to_5key __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+passwd_to_afskey __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+passwd_to_key __P((
+	const char *user,
+	const char *instance,
+	const char *realm,
+	const void *passwd,
+	des_cblock *key));
+
+int KRB_LIB_FUNCTION
+read_service_key __P((
+	const char *service,
+	char *instance,
+	const char *realm,
+	int kvno,
+	const char *file,
+	void *key));
+
+int KRB_LIB_FUNCTION
+save_credentials __P((
+	char *service,
+	char *instance,
+	char *realm,
+	unsigned char *session,
+	int lifetime,
+	int kvno,
+	KTEXT ticket,
+	int32_t issue_date));
+
+int KRB_LIB_FUNCTION
+send_to_kdc __P((
+	KTEXT pkt,
+	KTEXT rpkt,
+	const char *realm));
+
+int KRB_LIB_FUNCTION
+srvtab_to_key __P((
+	const char *user,
+	char *instance,		/* INOUT parameter */
+	const char *realm,
+	const void *srvtab,
+	des_cblock *key));
+
+void KRB_LIB_FUNCTION
+tf_close __P((void));
+
+int KRB_LIB_FUNCTION
+tf_create __P((char *tf_name));
+
+int KRB_LIB_FUNCTION
+tf_get_cred __P((CREDENTIALS *c));
+
+int KRB_LIB_FUNCTION
+tf_get_pinst __P((char *inst));
+
+int KRB_LIB_FUNCTION
+tf_get_pname __P((char *p));
+
+int KRB_LIB_FUNCTION
+tf_init __P((
+	char *tf_name,
+	int rw));
+
+int KRB_LIB_FUNCTION
+tf_put_pinst __P((const char *inst));
+
+int KRB_LIB_FUNCTION
+tf_put_pname __P((const char *p));
+
+int KRB_LIB_FUNCTION
+tf_save_cred __P((
+	char *service,
+	char *instance,
+	char *realm,
+	unsigned char *session,
+	int lifetime,
+	int kvno,
+	KTEXT ticket,
+	u_int32_t issue_date));
+
+int KRB_LIB_FUNCTION
+tf_setup __P((
+	CREDENTIALS *cred,
+	const char *pname,
+	const char *pinst));
+
+char * KRB_LIB_FUNCTION
+tkt_string __P((void));
+
+#endif /* __krb_protos_h__ */
diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def
index da2e906..1158e60 100644
--- a/crypto/kerberosIV/lib/krb/krb.def
+++ b/crypto/kerberosIV/lib/krb/krb.def
@@ -1,8 +1,4 @@
-LIBRARY	"krb"  BASE=0x07000000
-
-DESCRIPTION "Dynamic link library for kerberos version 4"
-VERSION 1.0
-
+LIBRARY	krb	BASE=0x07000000
 EXPORTS
 	krb_get_err_text
 	
@@ -13,11 +9,16 @@ EXPORTS
 	currCredIndex
 	nextFreeIndex
 	
-	k_flock
 	k_localtime
 	k_getsockinst
 	k_getportbyname
 	k_get_all_addrs
+	
+	krb_set_kdc_time_diff
+	krb_get_kdc_time_diff
+
+	krb_get_config_bool
+	krb_get_config_string
 
 	krb_equiv
 
@@ -55,6 +56,9 @@ EXPORTS
 	k_isname
 	k_isrealm
 	kname_parse
+	krb_parse_name
+	krb_unparse_name
+	krb_unparse_name_long
 	krb_create_ticket
 	krb_get_admhst
 	krb_get_cred
diff --git a/crypto/kerberosIV/lib/krb/krb.dsp b/crypto/kerberosIV/lib/krb/krb.dsp
new file mode 100644
index 0000000..efec3b2
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.dsp
@@ -0,0 +1,398 @@
+# Microsoft Developer Studio Project File - Name="krb" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=krb - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "krb.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "krb - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /machine:I386
+
+!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386
+
+!ENDIF 
+
+# Begin Target
+
+# Name "krb - Win32 Release"
+# Name "krb - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\cr_err_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_auth_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_ciph.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\create_ticket.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\debug_decl.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\decomp_ticket.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\dllmain.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\encrypt_ktext.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\extra.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_ad_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_cred.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_default_principal.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_host.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_krbrlm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_svc_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_tf_fullname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\get_tf_realm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getaddrs.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getfile.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getrealm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getst.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_gethostname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_getport.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_getsockinst.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\k_localtime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\kdc_reply.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\kntoln.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb.def
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_check_auth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_equiv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_err_txt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_get_in_tkt.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\lifetime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\logging.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\lsb_addr_comp.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_auth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_err.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_priv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_req.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mk_safe.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\month_sname.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\name2name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\netread.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\netwrite.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\one.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\parse_name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_err.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_priv.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_req.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rd_safe.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\read_service_key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\realm_parse.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\recvauth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\rw.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\save_credentials.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\send_to_kdc.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\sendauth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\stime.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\str2key.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\ticket_memory.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\time.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\tkt_string.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\unparse_name.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\util.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\verify_user.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\klog.h
+# End Source File
+# Begin Source File
+
+SOURCE=".\krb-protos.h"
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_locl.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\krb_log.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\prot.h
+# End Source File
+# Begin Source File
+
+SOURCE=.\ticket_memory.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\krb.rc
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak
index 1236261..e9d5690 100644
--- a/crypto/kerberosIV/lib/krb/krb.mak
+++ b/crypto/kerberosIV/lib/krb/krb.mak
@@ -1,19 +1,15 @@
-# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
-
+# Microsoft Developer Studio Generated NMAKE File, Based on krb.dsp
 !IF "$(CFG)" == ""
-CFG=krb - Win32 Debug
-!MESSAGE No configuration specified.  Defaulting to krb - Win32 Debug.
+CFG=krb - Win32 Release
+!MESSAGE No configuration specified. Defaulting to krb - Win32 Release.
 !ENDIF 
 
 !IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug"
 !MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE on this makefile
+!MESSAGE You can specify a configuration when running NMAKE
 !MESSAGE by defining the macro CFG on the command line.  For example:
 !MESSAGE 
-!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug"
+!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Release"
 !MESSAGE 
 !MESSAGE Possible choices for configuration are:
 !MESSAGE 
@@ -28,3038 +24,1879 @@ NULL=
 !ELSE 
 NULL=nul
 !ENDIF 
-################################################################################
-# Begin Project
-# PROP Target_Last_Scanned "krb - Win32 Debug"
-RSC=rc.exe
-MTL=mktyplib.exe
-CPP=cl.exe
 
 !IF  "$(CFG)" == "krb - Win32 Release"
 
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Target_Dir ""
 OUTDIR=.\Release
 INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
 
-ALL : ".\Release\krb.dll"
+ALL : "$(OUTDIR)\krb.dll"
+
+!ELSE 
+
+ALL : "des - Win32 Release" "$(OUTDIR)\krb.dll"
+
+!ENDIF 
 
+!IF "$(RECURSE)" == "1" 
+CLEAN :"des - Win32 ReleaseCLEAN" 
+!ELSE 
 CLEAN : 
-	-@erase ".\Release\cr_err_reply.obj"
-	-@erase ".\Release\create_auth_reply.obj"
-	-@erase ".\Release\create_ciph.obj"
-	-@erase ".\Release\create_ticket.obj"
-	-@erase ".\Release\debug_decl.obj"
-	-@erase ".\Release\decomp_ticket.obj"
-	-@erase ".\Release\dllmain.obj"
-	-@erase ".\Release\encrypt_ktext.obj"
-	-@erase ".\Release\et_list.obj"
-	-@erase ".\Release\get_ad_tkt.obj"
-	-@erase ".\Release\get_cred.obj"
-	-@erase ".\Release\get_default_principal.obj"
-	-@erase ".\Release\get_host.obj"
-	-@erase ".\Release\get_in_tkt.obj"
-	-@erase ".\Release\get_krbrlm.obj"
-	-@erase ".\Release\get_phost.obj"
-	-@erase ".\Release\get_svc_in_tkt.obj"
-	-@erase ".\Release\get_tf_fullname.obj"
-	-@erase ".\Release\get_tf_realm.obj"
-	-@erase ".\Release\getaddrs.obj"
-	-@erase ".\Release\getrealm.obj"
-	-@erase ".\Release\getst.obj"
-	-@erase ".\Release\k_flock.obj"
-	-@erase ".\Release\k_gethostname.obj"
-	-@erase ".\Release\k_getport.obj"
-	-@erase ".\Release\k_getsockinst.obj"
-	-@erase ".\Release\k_localtime.obj"
-	-@erase ".\Release\kdc_reply.obj"
-	-@erase ".\Release\kntoln.obj"
-	-@erase ".\Release\krb.dll"
-	-@erase ".\Release\krb.exp"
-	-@erase ".\Release\krb.lib"
-	-@erase ".\Release\krb_check_auth.obj"
-	-@erase ".\Release\krb_equiv.obj"
-	-@erase ".\Release\krb_err_txt.obj"
-	-@erase ".\Release\krb_get_in_tkt.obj"
-	-@erase ".\Release\lifetime.obj"
-	-@erase ".\Release\logging.obj"
-	-@erase ".\Release\lsb_addr_comp.obj"
-	-@erase ".\Release\mk_auth.obj"
-	-@erase ".\Release\mk_err.obj"
-	-@erase ".\Release\mk_priv.obj"
-	-@erase ".\Release\mk_req.obj"
-	-@erase ".\Release\mk_safe.obj"
-	-@erase ".\Release\month_sname.obj"
-	-@erase ".\Release\name2name.obj"
-	-@erase ".\Release\netread.obj"
-	-@erase ".\Release\netwrite.obj"
-	-@erase ".\Release\one.obj"
-	-@erase ".\Release\parse_name.obj"
-	-@erase ".\Release\rd_err.obj"
-	-@erase ".\Release\rd_priv.obj"
-	-@erase ".\Release\rd_req.obj"
-	-@erase ".\Release\rd_safe.obj"
-	-@erase ".\Release\read_service_key.obj"
-	-@erase ".\Release\realm_parse.obj"
-	-@erase ".\Release\recvauth.obj"
-	-@erase ".\Release\resolve.obj"
-	-@erase ".\Release\rw.obj"
-	-@erase ".\Release\save_credentials.obj"
-	-@erase ".\Release\send_to_kdc.obj"
-	-@erase ".\Release\sendauth.obj"
-	-@erase ".\Release\stime.obj"
-	-@erase ".\Release\str2key.obj"
-	-@erase ".\Release\swab.obj"
-	-@erase ".\Release\ticket_memory.obj"
-	-@erase ".\Release\tkt_string.obj"
-	-@erase ".\Release\unparse_name.obj"
-	-@erase ".\Release\util.obj"
-	-@erase ".\Release\verify_user.obj"
+!ENDIF 
+	-@erase "$(INTDIR)\cr_err_reply.obj"
+	-@erase "$(INTDIR)\create_auth_reply.obj"
+	-@erase "$(INTDIR)\create_ciph.obj"
+	-@erase "$(INTDIR)\create_ticket.obj"
+	-@erase "$(INTDIR)\debug_decl.obj"
+	-@erase "$(INTDIR)\decomp_ticket.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\encrypt_ktext.obj"
+	-@erase "$(INTDIR)\get_ad_tkt.obj"
+	-@erase "$(INTDIR)\get_cred.obj"
+	-@erase "$(INTDIR)\get_default_principal.obj"
+	-@erase "$(INTDIR)\get_host.obj"
+	-@erase "$(INTDIR)\get_in_tkt.obj"
+	-@erase "$(INTDIR)\get_krbrlm.obj"
+	-@erase "$(INTDIR)\get_svc_in_tkt.obj"
+	-@erase "$(INTDIR)\get_tf_fullname.obj"
+	-@erase "$(INTDIR)\get_tf_realm.obj"
+	-@erase "$(INTDIR)\getaddrs.obj"
+	-@erase "$(INTDIR)\getfile.obj"
+	-@erase "$(INTDIR)\getrealm.obj"
+	-@erase "$(INTDIR)\getst.obj"
+	-@erase "$(INTDIR)\k_flock.obj"
+	-@erase "$(INTDIR)\k_gethostname.obj"
+	-@erase "$(INTDIR)\k_getport.obj"
+	-@erase "$(INTDIR)\k_getsockinst.obj"
+	-@erase "$(INTDIR)\k_localtime.obj"
+	-@erase "$(INTDIR)\kdc_reply.obj"
+	-@erase "$(INTDIR)\kntoln.obj"
+	-@erase "$(INTDIR)\krb.res"
+	-@erase "$(INTDIR)\krb_check_auth.obj"
+	-@erase "$(INTDIR)\krb_equiv.obj"
+	-@erase "$(INTDIR)\krb_err_txt.obj"
+	-@erase "$(INTDIR)\krb_get_in_tkt.obj"
+	-@erase "$(INTDIR)\lifetime.obj"
+	-@erase "$(INTDIR)\logging.obj"
+	-@erase "$(INTDIR)\lsb_addr_comp.obj"
+	-@erase "$(INTDIR)\mk_auth.obj"
+	-@erase "$(INTDIR)\mk_err.obj"
+	-@erase "$(INTDIR)\mk_priv.obj"
+	-@erase "$(INTDIR)\mk_req.obj"
+	-@erase "$(INTDIR)\mk_safe.obj"
+	-@erase "$(INTDIR)\month_sname.obj"
+	-@erase "$(INTDIR)\name2name.obj"
+	-@erase "$(INTDIR)\netread.obj"
+	-@erase "$(INTDIR)\netwrite.obj"
+	-@erase "$(INTDIR)\one.obj"
+	-@erase "$(INTDIR)\parse_name.obj"
+	-@erase "$(INTDIR)\rd_err.obj"
+	-@erase "$(INTDIR)\rd_priv.obj"
+	-@erase "$(INTDIR)\rd_req.obj"
+	-@erase "$(INTDIR)\rd_safe.obj"
+	-@erase "$(INTDIR)\read_service_key.obj"
+	-@erase "$(INTDIR)\realm_parse.obj"
+	-@erase "$(INTDIR)\recvauth.obj"
+	-@erase "$(INTDIR)\rw.obj"
+	-@erase "$(INTDIR)\save_credentials.obj"
+	-@erase "$(INTDIR)\send_to_kdc.obj"
+	-@erase "$(INTDIR)\sendauth.obj"
+	-@erase "$(INTDIR)\stime.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\ticket_memory.obj"
+	-@erase "$(INTDIR)\time.obj"
+	-@erase "$(INTDIR)\tkt_string.obj"
+	-@erase "$(INTDIR)\unparse_name.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\verify_user.obj"
+	-@erase "$(OUTDIR)\krb.dll"
+	-@erase "$(OUTDIR)\krb.exp"
+	-@erase "$(OUTDIR)\krb.lib"
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
+CPP=cl.exe
 CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\
  "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\
- "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c 
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
 CPP_OBJS=.\Release/
-CPP_SBRS=.\.
-# ADD BASE MTL /nologo /D "NDEBUG" /win32
-# ADD MTL /nologo /D "NDEBUG" /win32
-MTL_PROJ=/nologo /D "NDEBUG" /win32 
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "NDEBUG" 
 BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" 
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
-# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
 LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\
  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
- shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\
- /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\
- /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" 
+ shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\
+ /incremental:no /pdb:"$(OUTDIR)\krb.pdb" /machine:I386 /def:".\krb.def"\
+ /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" 
 DEF_FILE= \
 	".\krb.def"
 LINK32_OBJS= \
-	".\Release\cr_err_reply.obj" \
-	".\Release\create_auth_reply.obj" \
-	".\Release\create_ciph.obj" \
-	".\Release\create_ticket.obj" \
-	".\Release\debug_decl.obj" \
-	".\Release\decomp_ticket.obj" \
-	".\Release\dllmain.obj" \
-	".\Release\encrypt_ktext.obj" \
-	".\Release\et_list.obj" \
-	".\Release\get_ad_tkt.obj" \
-	".\Release\get_cred.obj" \
-	".\Release\get_default_principal.obj" \
-	".\Release\get_host.obj" \
-	".\Release\get_in_tkt.obj" \
-	".\Release\get_krbrlm.obj" \
-	".\Release\get_phost.obj" \
-	".\Release\get_svc_in_tkt.obj" \
-	".\Release\get_tf_fullname.obj" \
-	".\Release\get_tf_realm.obj" \
-	".\Release\getaddrs.obj" \
-	".\Release\getrealm.obj" \
-	".\Release\getst.obj" \
-	".\Release\k_flock.obj" \
-	".\Release\k_gethostname.obj" \
-	".\Release\k_getport.obj" \
-	".\Release\k_getsockinst.obj" \
-	".\Release\k_localtime.obj" \
-	".\Release\kdc_reply.obj" \
-	".\Release\kntoln.obj" \
-	".\Release\krb_check_auth.obj" \
-	".\Release\krb_equiv.obj" \
-	".\Release\krb_err_txt.obj" \
-	".\Release\krb_get_in_tkt.obj" \
-	".\Release\lifetime.obj" \
-	".\Release\logging.obj" \
-	".\Release\lsb_addr_comp.obj" \
-	".\Release\mk_auth.obj" \
-	".\Release\mk_err.obj" \
-	".\Release\mk_priv.obj" \
-	".\Release\mk_req.obj" \
-	".\Release\mk_safe.obj" \
-	".\Release\month_sname.obj" \
-	".\Release\name2name.obj" \
-	".\Release\netread.obj" \
-	".\Release\netwrite.obj" \
-	".\Release\one.obj" \
-	".\Release\parse_name.obj" \
-	".\Release\rd_err.obj" \
-	".\Release\rd_priv.obj" \
-	".\Release\rd_req.obj" \
-	".\Release\rd_safe.obj" \
-	".\Release\read_service_key.obj" \
-	".\Release\realm_parse.obj" \
-	".\Release\recvauth.obj" \
-	".\Release\resolve.obj" \
-	".\Release\rw.obj" \
-	".\Release\save_credentials.obj" \
-	".\Release\send_to_kdc.obj" \
-	".\Release\sendauth.obj" \
-	".\Release\stime.obj" \
-	".\Release\str2key.obj" \
-	".\Release\swab.obj" \
-	".\Release\ticket_memory.obj" \
-	".\Release\tkt_string.obj" \
-	".\Release\unparse_name.obj" \
-	".\Release\util.obj" \
-	".\Release\verify_user.obj"
-
-".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+	"$(INTDIR)\cr_err_reply.obj" \
+	"$(INTDIR)\create_auth_reply.obj" \
+	"$(INTDIR)\create_ciph.obj" \
+	"$(INTDIR)\create_ticket.obj" \
+	"$(INTDIR)\debug_decl.obj" \
+	"$(INTDIR)\decomp_ticket.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\encrypt_ktext.obj" \
+	"$(INTDIR)\get_ad_tkt.obj" \
+	"$(INTDIR)\get_cred.obj" \
+	"$(INTDIR)\get_default_principal.obj" \
+	"$(INTDIR)\get_host.obj" \
+	"$(INTDIR)\get_in_tkt.obj" \
+	"$(INTDIR)\get_krbrlm.obj" \
+	"$(INTDIR)\get_svc_in_tkt.obj" \
+	"$(INTDIR)\get_tf_fullname.obj" \
+	"$(INTDIR)\get_tf_realm.obj" \
+	"$(INTDIR)\getaddrs.obj" \
+	"$(INTDIR)\getfile.obj" \
+	"$(INTDIR)\getrealm.obj" \
+	"$(INTDIR)\getst.obj" \
+	"$(INTDIR)\k_flock.obj" \
+	"$(INTDIR)\k_gethostname.obj" \
+	"$(INTDIR)\k_getport.obj" \
+	"$(INTDIR)\k_getsockinst.obj" \
+	"$(INTDIR)\k_localtime.obj" \
+	"$(INTDIR)\kdc_reply.obj" \
+	"$(INTDIR)\kntoln.obj" \
+	"$(INTDIR)\krb.res" \
+	"$(INTDIR)\krb_check_auth.obj" \
+	"$(INTDIR)\krb_equiv.obj" \
+	"$(INTDIR)\krb_err_txt.obj" \
+	"$(INTDIR)\krb_get_in_tkt.obj" \
+	"$(INTDIR)\lifetime.obj" \
+	"$(INTDIR)\logging.obj" \
+	"$(INTDIR)\lsb_addr_comp.obj" \
+	"$(INTDIR)\mk_auth.obj" \
+	"$(INTDIR)\mk_err.obj" \
+	"$(INTDIR)\mk_priv.obj" \
+	"$(INTDIR)\mk_req.obj" \
+	"$(INTDIR)\mk_safe.obj" \
+	"$(INTDIR)\month_sname.obj" \
+	"$(INTDIR)\name2name.obj" \
+	"$(INTDIR)\netread.obj" \
+	"$(INTDIR)\netwrite.obj" \
+	"$(INTDIR)\one.obj" \
+	"$(INTDIR)\parse_name.obj" \
+	"$(INTDIR)\rd_err.obj" \
+	"$(INTDIR)\rd_priv.obj" \
+	"$(INTDIR)\rd_req.obj" \
+	"$(INTDIR)\rd_safe.obj" \
+	"$(INTDIR)\read_service_key.obj" \
+	"$(INTDIR)\realm_parse.obj" \
+	"$(INTDIR)\recvauth.obj" \
+	"$(INTDIR)\rw.obj" \
+	"$(INTDIR)\save_credentials.obj" \
+	"$(INTDIR)\send_to_kdc.obj" \
+	"$(INTDIR)\sendauth.obj" \
+	"$(INTDIR)\stime.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\ticket_memory.obj" \
+	"$(INTDIR)\time.obj" \
+	"$(INTDIR)\tkt_string.obj" \
+	"$(INTDIR)\unparse_name.obj" \
+	"$(INTDIR)\util.obj" \
+	"$(INTDIR)\verify_user.obj" \
+	"..\des\Release\des.lib"
+
+"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
 
 !ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Target_Dir ""
 OUTDIR=.\Debug
 INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\krb.dll"
+
+!ELSE 
+
+ALL : "des - Win32 Debug" "$(OUTDIR)\krb.dll"
 
-ALL : ".\Debug\krb.dll"
+!ENDIF 
 
+!IF "$(RECURSE)" == "1" 
+CLEAN :"des - Win32 DebugCLEAN" 
+!ELSE 
 CLEAN : 
-	-@erase ".\Debug\cr_err_reply.obj"
-	-@erase ".\Debug\create_auth_reply.obj"
-	-@erase ".\Debug\create_ciph.obj"
-	-@erase ".\Debug\create_ticket.obj"
-	-@erase ".\Debug\debug_decl.obj"
-	-@erase ".\Debug\decomp_ticket.obj"
-	-@erase ".\Debug\dllmain.obj"
-	-@erase ".\Debug\encrypt_ktext.obj"
-	-@erase ".\Debug\et_list.obj"
-	-@erase ".\Debug\get_ad_tkt.obj"
-	-@erase ".\Debug\get_cred.obj"
-	-@erase ".\Debug\get_default_principal.obj"
-	-@erase ".\Debug\get_host.obj"
-	-@erase ".\Debug\get_in_tkt.obj"
-	-@erase ".\Debug\get_krbrlm.obj"
-	-@erase ".\Debug\get_phost.obj"
-	-@erase ".\Debug\get_svc_in_tkt.obj"
-	-@erase ".\Debug\get_tf_fullname.obj"
-	-@erase ".\Debug\get_tf_realm.obj"
-	-@erase ".\Debug\getaddrs.obj"
-	-@erase ".\Debug\getrealm.obj"
-	-@erase ".\Debug\getst.obj"
-	-@erase ".\Debug\k_flock.obj"
-	-@erase ".\Debug\k_gethostname.obj"
-	-@erase ".\Debug\k_getport.obj"
-	-@erase ".\Debug\k_getsockinst.obj"
-	-@erase ".\Debug\k_localtime.obj"
-	-@erase ".\Debug\kdc_reply.obj"
-	-@erase ".\Debug\kntoln.obj"
-	-@erase ".\Debug\krb.dll"
-	-@erase ".\Debug\krb.exp"
-	-@erase ".\Debug\krb.ilk"
-	-@erase ".\Debug\krb.lib"
-	-@erase ".\Debug\krb.pdb"
-	-@erase ".\Debug\krb_check_auth.obj"
-	-@erase ".\Debug\krb_equiv.obj"
-	-@erase ".\Debug\krb_err_txt.obj"
-	-@erase ".\Debug\krb_get_in_tkt.obj"
-	-@erase ".\Debug\lifetime.obj"
-	-@erase ".\Debug\logging.obj"
-	-@erase ".\Debug\lsb_addr_comp.obj"
-	-@erase ".\Debug\mk_auth.obj"
-	-@erase ".\Debug\mk_err.obj"
-	-@erase ".\Debug\mk_priv.obj"
-	-@erase ".\Debug\mk_req.obj"
-	-@erase ".\Debug\mk_safe.obj"
-	-@erase ".\Debug\month_sname.obj"
-	-@erase ".\Debug\name2name.obj"
-	-@erase ".\Debug\netread.obj"
-	-@erase ".\Debug\netwrite.obj"
-	-@erase ".\Debug\one.obj"
-	-@erase ".\Debug\parse_name.obj"
-	-@erase ".\Debug\rd_err.obj"
-	-@erase ".\Debug\rd_priv.obj"
-	-@erase ".\Debug\rd_req.obj"
-	-@erase ".\Debug\rd_safe.obj"
-	-@erase ".\Debug\read_service_key.obj"
-	-@erase ".\Debug\realm_parse.obj"
-	-@erase ".\Debug\recvauth.obj"
-	-@erase ".\Debug\resolve.obj"
-	-@erase ".\Debug\rw.obj"
-	-@erase ".\Debug\save_credentials.obj"
-	-@erase ".\Debug\send_to_kdc.obj"
-	-@erase ".\Debug\sendauth.obj"
-	-@erase ".\Debug\stime.obj"
-	-@erase ".\Debug\str2key.obj"
-	-@erase ".\Debug\swab.obj"
-	-@erase ".\Debug\ticket_memory.obj"
-	-@erase ".\Debug\tkt_string.obj"
-	-@erase ".\Debug\unparse_name.obj"
-	-@erase ".\Debug\util.obj"
-	-@erase ".\Debug\vc40.idb"
-	-@erase ".\Debug\vc40.pdb"
-	-@erase ".\Debug\verify_user.obj"
+!ENDIF 
+	-@erase "$(INTDIR)\cr_err_reply.obj"
+	-@erase "$(INTDIR)\create_auth_reply.obj"
+	-@erase "$(INTDIR)\create_ciph.obj"
+	-@erase "$(INTDIR)\create_ticket.obj"
+	-@erase "$(INTDIR)\debug_decl.obj"
+	-@erase "$(INTDIR)\decomp_ticket.obj"
+	-@erase "$(INTDIR)\dllmain.obj"
+	-@erase "$(INTDIR)\encrypt_ktext.obj"
+	-@erase "$(INTDIR)\get_ad_tkt.obj"
+	-@erase "$(INTDIR)\get_cred.obj"
+	-@erase "$(INTDIR)\get_default_principal.obj"
+	-@erase "$(INTDIR)\get_host.obj"
+	-@erase "$(INTDIR)\get_in_tkt.obj"
+	-@erase "$(INTDIR)\get_krbrlm.obj"
+	-@erase "$(INTDIR)\get_svc_in_tkt.obj"
+	-@erase "$(INTDIR)\get_tf_fullname.obj"
+	-@erase "$(INTDIR)\get_tf_realm.obj"
+	-@erase "$(INTDIR)\getaddrs.obj"
+	-@erase "$(INTDIR)\getfile.obj"
+	-@erase "$(INTDIR)\getrealm.obj"
+	-@erase "$(INTDIR)\getst.obj"
+	-@erase "$(INTDIR)\k_flock.obj"
+	-@erase "$(INTDIR)\k_gethostname.obj"
+	-@erase "$(INTDIR)\k_getport.obj"
+	-@erase "$(INTDIR)\k_getsockinst.obj"
+	-@erase "$(INTDIR)\k_localtime.obj"
+	-@erase "$(INTDIR)\kdc_reply.obj"
+	-@erase "$(INTDIR)\kntoln.obj"
+	-@erase "$(INTDIR)\krb.res"
+	-@erase "$(INTDIR)\krb_check_auth.obj"
+	-@erase "$(INTDIR)\krb_equiv.obj"
+	-@erase "$(INTDIR)\krb_err_txt.obj"
+	-@erase "$(INTDIR)\krb_get_in_tkt.obj"
+	-@erase "$(INTDIR)\lifetime.obj"
+	-@erase "$(INTDIR)\logging.obj"
+	-@erase "$(INTDIR)\lsb_addr_comp.obj"
+	-@erase "$(INTDIR)\mk_auth.obj"
+	-@erase "$(INTDIR)\mk_err.obj"
+	-@erase "$(INTDIR)\mk_priv.obj"
+	-@erase "$(INTDIR)\mk_req.obj"
+	-@erase "$(INTDIR)\mk_safe.obj"
+	-@erase "$(INTDIR)\month_sname.obj"
+	-@erase "$(INTDIR)\name2name.obj"
+	-@erase "$(INTDIR)\netread.obj"
+	-@erase "$(INTDIR)\netwrite.obj"
+	-@erase "$(INTDIR)\one.obj"
+	-@erase "$(INTDIR)\parse_name.obj"
+	-@erase "$(INTDIR)\rd_err.obj"
+	-@erase "$(INTDIR)\rd_priv.obj"
+	-@erase "$(INTDIR)\rd_req.obj"
+	-@erase "$(INTDIR)\rd_safe.obj"
+	-@erase "$(INTDIR)\read_service_key.obj"
+	-@erase "$(INTDIR)\realm_parse.obj"
+	-@erase "$(INTDIR)\recvauth.obj"
+	-@erase "$(INTDIR)\rw.obj"
+	-@erase "$(INTDIR)\save_credentials.obj"
+	-@erase "$(INTDIR)\send_to_kdc.obj"
+	-@erase "$(INTDIR)\sendauth.obj"
+	-@erase "$(INTDIR)\stime.obj"
+	-@erase "$(INTDIR)\str2key.obj"
+	-@erase "$(INTDIR)\ticket_memory.obj"
+	-@erase "$(INTDIR)\time.obj"
+	-@erase "$(INTDIR)\tkt_string.obj"
+	-@erase "$(INTDIR)\unparse_name.obj"
+	-@erase "$(INTDIR)\util.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(INTDIR)\verify_user.obj"
+	-@erase "$(OUTDIR)\krb.dll"
+	-@erase "$(OUTDIR)\krb.exp"
+	-@erase "$(OUTDIR)\krb.ilk"
+	-@erase "$(OUTDIR)\krb.lib"
+	-@erase "$(OUTDIR)\krb.pdb"
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\
  "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\
- "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\
- /Fd"$(INTDIR)/" /c 
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\krb.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
 CPP_OBJS=.\Debug/
-CPP_SBRS=.\.
-# ADD BASE MTL /nologo /D "_DEBUG" /win32
-# ADD MTL /nologo /D "_DEBUG" /win32
-MTL_PROJ=/nologo /D "_DEBUG" /win32 
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
+CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+MTL=midl.exe
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC=rc.exe
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\krb.res" /d "_DEBUG" 
 BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" 
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\krb.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
-# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
 LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\
  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\
- shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\
- /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\
- /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\
- /implib:"$(OUTDIR)/krb.lib" 
+ shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll\
+ /incremental:yes /pdb:"$(OUTDIR)\krb.pdb" /debug /machine:I386 /def:".\krb.def"\
+ /out:"$(OUTDIR)\krb.dll" /implib:"$(OUTDIR)\krb.lib" 
 DEF_FILE= \
 	".\krb.def"
 LINK32_OBJS= \
-	".\Debug\cr_err_reply.obj" \
-	".\Debug\create_auth_reply.obj" \
-	".\Debug\create_ciph.obj" \
-	".\Debug\create_ticket.obj" \
-	".\Debug\debug_decl.obj" \
-	".\Debug\decomp_ticket.obj" \
-	".\Debug\dllmain.obj" \
-	".\Debug\encrypt_ktext.obj" \
-	".\Debug\et_list.obj" \
-	".\Debug\get_ad_tkt.obj" \
-	".\Debug\get_cred.obj" \
-	".\Debug\get_default_principal.obj" \
-	".\Debug\get_host.obj" \
-	".\Debug\get_in_tkt.obj" \
-	".\Debug\get_krbrlm.obj" \
-	".\Debug\get_phost.obj" \
-	".\Debug\get_svc_in_tkt.obj" \
-	".\Debug\get_tf_fullname.obj" \
-	".\Debug\get_tf_realm.obj" \
-	".\Debug\getaddrs.obj" \
-	".\Debug\getrealm.obj" \
-	".\Debug\getst.obj" \
-	".\Debug\k_flock.obj" \
-	".\Debug\k_gethostname.obj" \
-	".\Debug\k_getport.obj" \
-	".\Debug\k_getsockinst.obj" \
-	".\Debug\k_localtime.obj" \
-	".\Debug\kdc_reply.obj" \
-	".\Debug\kntoln.obj" \
-	".\Debug\krb_check_auth.obj" \
-	".\Debug\krb_equiv.obj" \
-	".\Debug\krb_err_txt.obj" \
-	".\Debug\krb_get_in_tkt.obj" \
-	".\Debug\lifetime.obj" \
-	".\Debug\logging.obj" \
-	".\Debug\lsb_addr_comp.obj" \
-	".\Debug\mk_auth.obj" \
-	".\Debug\mk_err.obj" \
-	".\Debug\mk_priv.obj" \
-	".\Debug\mk_req.obj" \
-	".\Debug\mk_safe.obj" \
-	".\Debug\month_sname.obj" \
-	".\Debug\name2name.obj" \
-	".\Debug\netread.obj" \
-	".\Debug\netwrite.obj" \
-	".\Debug\one.obj" \
-	".\Debug\parse_name.obj" \
-	".\Debug\rd_err.obj" \
-	".\Debug\rd_priv.obj" \
-	".\Debug\rd_req.obj" \
-	".\Debug\rd_safe.obj" \
-	".\Debug\read_service_key.obj" \
-	".\Debug\realm_parse.obj" \
-	".\Debug\recvauth.obj" \
-	".\Debug\resolve.obj" \
-	".\Debug\rw.obj" \
-	".\Debug\save_credentials.obj" \
-	".\Debug\send_to_kdc.obj" \
-	".\Debug\sendauth.obj" \
-	".\Debug\stime.obj" \
-	".\Debug\str2key.obj" \
-	".\Debug\swab.obj" \
-	".\Debug\ticket_memory.obj" \
-	".\Debug\tkt_string.obj" \
-	".\Debug\unparse_name.obj" \
-	".\Debug\util.obj" \
-	".\Debug\verify_user.obj"
-
-".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+	"$(INTDIR)\cr_err_reply.obj" \
+	"$(INTDIR)\create_auth_reply.obj" \
+	"$(INTDIR)\create_ciph.obj" \
+	"$(INTDIR)\create_ticket.obj" \
+	"$(INTDIR)\debug_decl.obj" \
+	"$(INTDIR)\decomp_ticket.obj" \
+	"$(INTDIR)\dllmain.obj" \
+	"$(INTDIR)\encrypt_ktext.obj" \
+	"$(INTDIR)\get_ad_tkt.obj" \
+	"$(INTDIR)\get_cred.obj" \
+	"$(INTDIR)\get_default_principal.obj" \
+	"$(INTDIR)\get_host.obj" \
+	"$(INTDIR)\get_in_tkt.obj" \
+	"$(INTDIR)\get_krbrlm.obj" \
+	"$(INTDIR)\get_svc_in_tkt.obj" \
+	"$(INTDIR)\get_tf_fullname.obj" \
+	"$(INTDIR)\get_tf_realm.obj" \
+	"$(INTDIR)\getaddrs.obj" \
+	"$(INTDIR)\getfile.obj" \
+	"$(INTDIR)\getrealm.obj" \
+	"$(INTDIR)\getst.obj" \
+	"$(INTDIR)\k_flock.obj" \
+	"$(INTDIR)\k_gethostname.obj" \
+	"$(INTDIR)\k_getport.obj" \
+	"$(INTDIR)\k_getsockinst.obj" \
+	"$(INTDIR)\k_localtime.obj" \
+	"$(INTDIR)\kdc_reply.obj" \
+	"$(INTDIR)\kntoln.obj" \
+	"$(INTDIR)\krb.res" \
+	"$(INTDIR)\krb_check_auth.obj" \
+	"$(INTDIR)\krb_equiv.obj" \
+	"$(INTDIR)\krb_err_txt.obj" \
+	"$(INTDIR)\krb_get_in_tkt.obj" \
+	"$(INTDIR)\lifetime.obj" \
+	"$(INTDIR)\logging.obj" \
+	"$(INTDIR)\lsb_addr_comp.obj" \
+	"$(INTDIR)\mk_auth.obj" \
+	"$(INTDIR)\mk_err.obj" \
+	"$(INTDIR)\mk_priv.obj" \
+	"$(INTDIR)\mk_req.obj" \
+	"$(INTDIR)\mk_safe.obj" \
+	"$(INTDIR)\month_sname.obj" \
+	"$(INTDIR)\name2name.obj" \
+	"$(INTDIR)\netread.obj" \
+	"$(INTDIR)\netwrite.obj" \
+	"$(INTDIR)\one.obj" \
+	"$(INTDIR)\parse_name.obj" \
+	"$(INTDIR)\rd_err.obj" \
+	"$(INTDIR)\rd_priv.obj" \
+	"$(INTDIR)\rd_req.obj" \
+	"$(INTDIR)\rd_safe.obj" \
+	"$(INTDIR)\read_service_key.obj" \
+	"$(INTDIR)\realm_parse.obj" \
+	"$(INTDIR)\recvauth.obj" \
+	"$(INTDIR)\rw.obj" \
+	"$(INTDIR)\save_credentials.obj" \
+	"$(INTDIR)\send_to_kdc.obj" \
+	"$(INTDIR)\sendauth.obj" \
+	"$(INTDIR)\stime.obj" \
+	"$(INTDIR)\str2key.obj" \
+	"$(INTDIR)\ticket_memory.obj" \
+	"$(INTDIR)\time.obj" \
+	"$(INTDIR)\tkt_string.obj" \
+	"$(INTDIR)\unparse_name.obj" \
+	"$(INTDIR)\util.obj" \
+	"$(INTDIR)\verify_user.obj" \
+	"..\des\Debug\des.lib"
+
+"$(OUTDIR)\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
 
 !ENDIF 
 
-.c{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
-
-.cpp{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
-
-.cxx{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
-
-.c{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
-
-.cpp{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
-
-.cxx{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
-
-################################################################################
-# Begin Target
-
-# Name "krb - Win32 Release"
-# Name "krb - Win32 Debug"
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-!ENDIF 
-
-################################################################################
-# Begin Source File
-
-SOURCE=.\krb.def
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\get_tf_fullname.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_T=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GET_T=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	"..\roken\roken.h"\
-	".\krb.h"\
-	".\krb_locl.h"\
-	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
+!IF "$(CFG)" == "krb - Win32 Release" || "$(CFG)" == "krb - Win32 Debug"
 SOURCE=.\cr_err_reply.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_CR_ER=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_CR_ER=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
+"$(INTDIR)\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\create_auth_reply.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_CREAT=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_CREAT=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\create_ciph.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_CREATE=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_CREATE=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
+"$(INTDIR)\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\create_ticket.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_CREATE_=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
-
+"$(INTDIR)\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_CREATE_=\
+SOURCE=.\debug_decl.c
+DEP_CPP_DEBUG=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)"
+"$(INTDIR)\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\decomp_ticket.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_DECOM=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_DECOM=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\dllmain.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_DLLMA=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\ticket_memory.h"\
-	
-
-".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_DLLMA=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
 	".\ticket_memory.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
+"$(INTDIR)\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\encrypt_ktext.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_ENCRY=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_ENCRY=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\et_list.c
-DEP_CPP_ET_LI=\
-	"..\..\include\win32\config.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-
-".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-
-".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\get_ad_tkt.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_GET_A=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GET_A=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
+"$(INTDIR)\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\get_cred.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_C=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_GET_C=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\get_default_principal.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_GET_D=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GET_D=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
-
+"$(INTDIR)\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\get_host.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_H=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_GET_H=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
-
+"$(INTDIR)\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\get_in_tkt.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_GET_I=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GET_I=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
+"$(INTDIR)\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\get_krbrlm.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_K=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_GET_K=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)"
 
-SOURCE=.\get_phos
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\get_svc_in_tkt.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_S=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_GET_S=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\get_phost.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_P=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)"
-
+"$(INTDIR)\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_GET_P=\
+SOURCE=.\get_tf_fullname.c
+DEP_CPP_GET_T=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\krb_equiv.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_KRB_E=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
-
+"$(INTDIR)\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_KRB_E=\
+SOURCE=.\get_tf_realm.c
+DEP_CPP_GET_TF=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
+"$(INTDIR)\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\getaddrs.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_GETAD=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
-
+"$(INTDIR)\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_GETAD=\
+SOURCE=.\getfile.c
+DEP_CPP_GETFI=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\getfile.obj" : $(SOURCE) $(DEP_CPP_GETFI) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\getrealm.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GETRE=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_GETRE=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
 	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
-
+"$(INTDIR)\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\getst.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_GETST=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GETST=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
-
+"$(INTDIR)\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\k_flock.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_K_FLO=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_K_FLO=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\k_gethostname.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_K_GET=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_K_GET=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
-
+"$(INTDIR)\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\k_getport.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_K_GETP=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_K_GETP=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\k_getsockinst.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_K_GETS=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_K_GETS=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
+"$(INTDIR)\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\k_localtime.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_K_LOC=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_K_LOC=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\kdc_reply.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_KDC_R=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_KDC_R=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
+"$(INTDIR)\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\kntoln.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_KNTOL=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	".\krb.h"\
-	".\krb_locl.h"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_KNTOL=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
-
+"$(INTDIR)\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\krb_check_auth.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_KRB_C=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_KRB_C=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\get_tf_realm.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_GET_TF=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
+"$(INTDIR)\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)"
 
-".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
 
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_GET_TF=\
+SOURCE=.\krb_equiv.c
+DEP_CPP_KRB_E=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)"
-
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
-SOURCE=.\rd_safe.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
+"$(INTDIR)\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)"
 
-DEP_CPP_RD_SA=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
-	
 
-".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_RD_SA=\
+SOURCE=.\krb_err_txt.c
+DEP_CPP_KRB_ER=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
+"$(INTDIR)\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\krb_get_in_tkt.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_KRB_G=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_KRB_G=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
-
+"$(INTDIR)\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\lifetime.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_LIFET=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
+"$(INTDIR)\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
 
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_LIFET=\
+SOURCE=.\logging.c
+DEP_CPP_LOGGI=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\klog.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\lsb_addr_comp.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_LSB_A=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
-	
-
-".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_LSB_A=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
-
+"$(INTDIR)\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\mk_auth.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_MK_AU=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_MK_AU=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
-
+"$(INTDIR)\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\mk_err.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_MK_ER=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_MK_ER=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\mk_priv.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_MK_PR=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
-	
-
-".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_MK_PR=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
+"$(INTDIR)\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\mk_req.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_MK_RE=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_MK_RE=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\mk_safe.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_MK_SA=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
-	
-
-".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_MK_SA=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
-
+"$(INTDIR)\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\month_sname.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_MONTH=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_MONTH=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
-
+"$(INTDIR)\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\name2name.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_NAME2=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_NAME2=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
-
+"$(INTDIR)\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\netread.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_NETRE=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_NETRE=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
-
+"$(INTDIR)\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\netwrite.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_NETWR=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_NETWR=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\one.c
 
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-
-".\Release\one.obj" : $(SOURCE) "$(INTDIR)"
-
+"$(INTDIR)\one.obj" : $(SOURCE) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-
-".\Debug\one.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\parse_name.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_PARSE=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_PARSE=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
-
+"$(INTDIR)\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\rd_err.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RD_ER=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_RD_ER=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
+"$(INTDIR)\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\rd_priv.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RD_PR=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
-	
-
-".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_RD_PR=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
-	".\lsb_addr_comp.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
+"$(INTDIR)\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\rd_req.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RD_RE=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_RD_RE=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)"
 
-SOURCE=.\krb_err_txt.c
 
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_KRB_ER=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_KRB_ER=\
+SOURCE=.\rd_safe.c
+DEP_CPP_RD_SA=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-archaeology.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)"
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)"
 
-SOURCE=.\send_to_kdc.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
 
-DEP_CPP_SEND_=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_SEND_=\
+SOURCE=.\read_service_key.c
+DEP_CPP_READ_=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
+"$(INTDIR)\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
 SOURCE=.\realm_parse.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_REALM=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_REALM=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\recvauth.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RECVA=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_RECVA=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
-
+"$(INTDIR)\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\resolve.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RESOL=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	".\resolve.h"\
-	
-
-".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_RESOL=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\rw.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_RW_C68=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\version.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_RW_C68=\
+DEP_CPP_RW_C6a=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\..\include\win32\version.h"\
 	"..\des\des.h"\
-	"..\des\version.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)"
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 
 
-!ENDIF 
+"$(INTDIR)\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C6a) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\save_credentials.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_SAVE_=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_SAVE_=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
+"$(INTDIR)\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)"
 
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\read_service_key.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_READ_=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_READ_=\
+SOURCE=.\send_to_kdc.c
+DEP_CPP_SEND_=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\base64.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\verify_user.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_VERIF=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
-
+"$(INTDIR)\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_VERIF=\
+SOURCE=.\sendauth.c
+DEP_CPP_SENDA=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\stime.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_STIME=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
-
+"$(INTDIR)\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_STIME=\
+SOURCE=.\str2key.c
+DEP_CPP_STR2K=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 
-".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)"
 
+"$(INTDIR)\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\swab.c
-DEP_CPP_SWAB_=\
-	"..\..\include\win32\config.h"\
-	
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-
-".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-
-".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\ticket_memory.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_TICKE=\
-	".\krb_locl.h"\
-	".\ticket_memory.h"\
-	
-
-".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_TICKE=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
+	".\prot.h"\
 	".\ticket_memory.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)"
 
-SOURCE=.\tkt_string.c
 
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_TKT_S=\
+SOURCE=.\time.c
+DEP_CPP_TIME_=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
+	"..\des\des.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
+	".\krb.h"\
 	".\krb_locl.h"\
-	
+	".\krb_log.h"\
+	".\prot.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 
-".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
 
+"$(INTDIR)\time.obj" : $(SOURCE) $(DEP_CPP_TIME_) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
+SOURCE=.\tkt_string.c
 DEP_CPP_TKT_S=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
-
-
-!ENDIF 
+"$(INTDIR)\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)"
 
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\unparse_name.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
 DEP_CPP_UNPAR=\
 	"..\..\include\protos.h"\
 	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_UNPAR=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
-
+"$(INTDIR)\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\util.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_UTIL_=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
 DEP_CPP_UTIL_=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)"
 
-SOURCE=.\sendauth.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
 
-DEP_CPP_SENDA=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_SENDA=\
+SOURCE=.\verify_user.c
+DEP_CPP_VERIF=\
 	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
+	"..\..\include\win32\ktypes.h"\
+	"..\..\include\win32\roken.h"\
 	"..\des\des.h"\
-	"..\roken\roken.h"\
+	"..\roken\err.h"\
+	"..\roken\roken-common.h"\
+	".\krb-protos.h"\
 	".\krb.h"\
 	".\krb_locl.h"\
+	".\krb_log.h"\
 	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\logging.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
-
-DEP_CPP_LOGGI=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\klog.h"\
-	".\krb_locl.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
+"$(INTDIR)\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)"
 
 
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
+SOURCE=.\krb.rc
 
-DEP_CPP_LOGGI=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	"..\roken\roken.h"\
-	".\klog.h"\
-	".\krb.h"\
-	".\krb_locl.h"\
-	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
+"$(INTDIR)\krb.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
 	
 
-".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\str2key.c
-
 !IF  "$(CFG)" == "krb - Win32 Release"
 
-DEP_CPP_STR2K=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
-	
-
-".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
+"des - Win32 Release" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Release" 
+   cd "..\krb"
 
+"des - Win32 ReleaseCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Release"\
+ RECURSE=1 
+   cd "..\krb"
 
 !ELSEIF  "$(CFG)" == "krb - Win32 Debug"
 
-DEP_CPP_STR2K=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	"..\roken\roken.h"\
-	".\krb.h"\
-	".\krb_locl.h"\
-	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)"
-
-
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
-
-SOURCE=.\debug_decl.c
-
-!IF  "$(CFG)" == "krb - Win32 Release"
+"des - Win32 Debug" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) /F ".\des.mak" CFG="des - Win32 Debug" 
+   cd "..\krb"
 
-DEP_CPP_DEBUG=\
-	"..\..\include\protos.h"\
-	"..\..\include\win32\config.h"\
-	".\krb_locl.h"\
+"des - Win32 DebugCLEAN" : 
+   cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\des"
+   $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\des.mak" CFG="des - Win32 Debug" RECURSE=1\
 	
+   cd "..\krb"
 
-".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "krb - Win32 Debug"
-
-DEP_CPP_DEBUG=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
-	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	"..\roken\roken.h"\
-	".\krb.h"\
-	".\krb_locl.h"\
-	".\prot.h"\
-	".\resolve.h"\
-	{$(INCLUDE)}"\sys\STAT.H"\
-	{$(INCLUDE)}"\sys\TYPES.H"\
-	
-
-".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)"
+!ENDIF 
 
 
 !ENDIF 
 
-# End Source File
-# End Target
-# End Project
-################################################################################
diff --git a/crypto/kerberosIV/lib/krb/krb.rc b/crypto/kerberosIV/lib/krb/krb.rc
new file mode 100644
index 0000000..413e706
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb.rc
@@ -0,0 +1,105 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "krb\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "krb\0"
+            VALUE "LegalCopyright", "Copyright © 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "krb.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c
index 06f42f5..fab79e5 100644
--- a/crypto/kerberosIV/lib/krb/krb_equiv.c
+++ b/crypto/kerberosIV/lib/krb/krb_equiv.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -56,7 +56,7 @@
  */
 #include "krb_locl.h"
 
-RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $");
+RCSID("$Id: krb_equiv.c,v 1.14 1999/03/13 21:25:30 assar Exp $");
 
 int krb_ignore_ip_address = 0;
 
@@ -100,9 +100,9 @@ krb_equiv(u_int32_t a, u_int32_t b)
 	  ++t;
 	} else if (*t == '\\' ) /* continuation */
 	  break;
-	else if (isspace(*t))	/* skip space */
+	else if (isspace((unsigned char)*t))	/* skip space */
 	  t++;
-	else if (isdigit(*t))	/* an address? */
+	else if (isdigit((unsigned char)*t))	/* an address? */
 	  {
 	    u_int32_t tmp;
 	    u_int32_t tmpa, tmpb, tmpc, tmpd;
@@ -110,7 +110,8 @@ krb_equiv(u_int32_t a, u_int32_t b)
 	    sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd);
 	    tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd;
 
-	    while (*t == '.' || isdigit(*t)) /* done with this address */
+	    /* done with this address */
+	    while (*t == '.' || isdigit((unsigned char)*t))
 	      t++;
 
 	    if (tmp != -1) {	/* an address (and not broadcast) */
@@ -120,7 +121,7 @@ krb_equiv(u_int32_t a, u_int32_t b)
 		++t;
 		mask <<= 32 - atoi(t);
 
-		while(isdigit(*t))
+		while(isdigit((unsigned char)*t))
 		  ++t;
 	      }
 
diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et
index 4e32aed..9dce192 100644
--- a/crypto/kerberosIV/lib/krb/krb_err.et
+++ b/crypto/kerberosIV/lib/krb/krb_err.et
@@ -3,255 +3,63 @@
 #	For copying and distribution information, see the file
 #	"mit-copyright.h".
 # 
-#	$Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $
+# This might look like a com_err file, but is not
 #
-	error_table	krb
-
-	ec		KRBET_KSUCCESS,
-			"Kerberos successful"
-
-	ec		KRBET_KDC_NAME_EXP,
-			"Kerberos principal expired"
-
-	ec		KRBET_KDC_SERVICE_EXP,
-			"Kerberos service expired"
-
-	ec		KRBET_KDC_AUTH_EXP,
-			"Kerberos auth expired"
-
-	ec		KRBET_KDC_PKT_VER,
-			"Incorrect kerberos master key version"
-
-	ec		KRBET_KDC_P_MKEY_VER,
-			"Incorrect kerberos master key version"
-
-	ec		KRBET_KDC_S_MKEY_VER,
-			"Incorrect kerberos master key version"
-
-	ec		KRBET_KDC_BYTE_ORDER,
-			"Kerberos error: byte order unknown"
-
-	ec		KRBET_KDC_PR_UNKNOWN,
-			"Kerberos principal unknown"
-
-	ec		KRBET_KDC_PR_N_UNIQUE,
-			"Kerberos principal not unique"
-
-	ec		KRBET_KDC_NULL_KEY,
-			"Kerberos principal has null key"
-
-	ec		KRBET_KRB_RES11,
-		        "Reserved 11"
-
-	ec		KRBET_KRB_RES12,
-		        "Reserved 12"
-  
-	ec		KRBET_KRB_RES13,
-		        "Reserved 13"
-
-	ec		KRBET_KRB_RES14,
-		        "Reserved 14"
-
-	ec		KRBET_KRB_RES15,
-		        "Reserved 15"
-
-	ec		KRBET_KRB_RES16,
-		        "Reserved 16"
-
-	ec		KRBET_KRB_RES17,
-		        "Reserved 17"
-
-	ec		KRBET_KRB_RES18,
-		        "Reserved 18"
-
-	ec		KRBET_KRB_RES19,
-		        "Reserved 19"
-
-	ec		KRBET_KDC_GEN_ERR,
-			"Generic error from Kerberos KDC"
-
-	ec		KRBET_GC_TKFIL,
-			"Can't read Kerberos ticket file"
-
-	ec		KRBET_GC_NOTKT,
-			"Can't find Kerberos ticket or TGT"
-
-	ec		KRBET_KRB_RES23,
-			"Reserved 23"
-
-	ec		KRBET_KRB_RES24,
-			"Reserved 24"
-
-	ec		KRBET_KRB_RES25,
-			"Reserved 25"
-
-	ec		KRBET_MK_AP_TGTEXP,
-			"Kerberos TGT Expired"
-
-	ec		KRBET_KRB_RES27,
-			"Reserved 27"
-
-	ec		KRBET_KRB_RES28,
-			"Reserved 28"
-
-	ec		KRBET_KRB_RES29,
-			"Reserved 29"
-
-	ec		KRBET_KRB_RES30,
-			"Reserved 30"
-
-	ec		KRBET_RD_AP_UNDEC,
-			"Kerberos error: Can't decode authenticator"
-
-	ec		KRBET_RD_AP_EXP,
-			"Kerberos ticket expired"
-
-	ec		KRBET_RD_AP_NYV,
-			"Kerberos ticket not yet valid"
-
-	ec		KRBET_RD_AP_REPEAT,
-			"Kerberos error: Repeated request"
-
-	ec		KRBET_RD_AP_NOT_US,
-			"The kerberos ticket isn't for us"
-
-	ec		KRBET_RD_AP_INCON,
-			"Kerberos request inconsistent"
-
-	ec		KRBET_RD_AP_TIME,
-			"Kerberos error: delta_t too big"
-
-	ec		KRBET_RD_AP_BADD,
-			"Kerberos error: incorrect net address"
-
-	ec		KRBET_RD_AP_VERSION,
-			"Kerberos protocol version mismatch"
-
-	ec		KRBET_RD_AP_MSG_TYPE,
-			"Kerberos error: invalid msg type"
-
-	ec		KRBET_RD_AP_MODIFIED,
-			"Kerberos error: message stream modified"
-
-	ec		KRBET_RD_AP_ORDER,
-			"Kerberos error: message out of order"
-
-	ec		KRBET_RD_AP_UNAUTHOR,
-			"Kerberos error: unauthorized request"
-
-	ec		KRBET_KRB_RES44,
-			"Reserved 44"
-
-	ec		KRBET_KRB_RES45,
-			"Reserved 45"
-
-	ec		KRBET_KRB_RES46,
-			"Reserved 46"
-
-	ec		KRBET_KRB_RES47,
-			"Reserved 47"
-
-	ec		KRBET_KRB_RES48,
-			"Reserved 48"
-
-	ec		KRBET_KRB_RES49,
-			"Reserved 49"
-
-	ec		KRBET_KRB_RES50,
-			"Reserved 50"
-
-	ec		KRBET_GT_PW_NULL,
-			"Kerberos error: current PW is null"
-
-	ec		KRBET_GT_PW_BADPW,
-			"Kerberos error: Incorrect current password"
-
-	ec		KRBET_GT_PW_PROT,
-			"Kerberos protocol error"
-
-	ec		KRBET_GT_PW_KDCERR,
-			"Error returned by Kerberos KDC"
-
-	ec		KRBET_GT_PW_NULLTKT,
-			"Null Kerberos ticket returned by KDC"
-
-	ec		KRBET_SKDC_RETRY,
-			"Kerberos error: Retry count exceeded"
-
-	ec		KRBET_SKDC_CANT,
-			"Kerberos error: Can't send request"
-
-	ec		KRBET_KRB_RES58,
-			"Reserved 58"
-
-	ec		KRBET_KRB_RES59,
-			"Reserved 59"
-
-	ec		KRBET_KRB_RES60,
-			"Reserved 60"
-
-	ec		KRBET_INTK_W_NOTALL,
-			"Kerberos error: not all tickets returned"
-
-	ec		KRBET_INTK_BADPW,
-			"Kerberos error: incorrect password"
-
-	ec		KRBET_INTK_PROT,
-			"Kerberos error: Protocol Error"
-
-	ec		KRBET_KRB_RES64,
-			"Reserved 64"
-
-	ec		KRBET_KRB_RES65,
-			"Reserved 65"
-
-	ec		KRBET_KRB_RES66,
-			"Reserved 66"
-
-	ec		KRBET_KRB_RES67,
-			"Reserved 67"
-
-	ec		KRBET_KRB_RES68,
-			"Reserved 68"
-
-	ec		KRBET_KRB_RES69,
-			"Reserved 69"
-
-	ec		KRBET_INTK_ERR,
-			"Other error"
-
-	ec		KRBET_AD_NOTGT,
-			"Don't have Kerberos ticket-granting ticket"
-
-	ec		KRBET_KRB_RES72,
-			"Can't get Kerberos inter-realm ticket-granting ticket"
-
-	ec		KRBET_KRB_RES73,
-			"Reserved 73"
-
-	ec		KRBET_KRB_RES74,
-			"Reserved 74"
-
-	ec		KRBET_KRB_RES75,
-			"Reserved 75"
-
-	ec		KRBET_NO_TKT_FIL,
-			"No ticket file found"
-
-	ec		KRBET_TKT_FIL_ACC,
-			"Couldn't access ticket file"
-
-	ec		KRBET_TKT_FIL_LCK,
-			"Couldn't lock ticket file"
-
-	ec		KRBET_TKT_FIL_FMT,
-			"Bad ticket file format"
-
-	ec		KRBET_TKT_FIL_INI,
-			"tf_init not called first"
-
-	ec		KRBET_KNAME_FMT,
-			"Bad Kerberos name format"
-
-	end
-
+id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
+
+error_table krb
+
+prefix KRBET
+ec KSUCCESS,		"Kerberos successful"
+ec KDC_NAME_EXP,	"Kerberos principal expired"
+ec KDC_SERVICE_EXP,	"Kerberos service expired"
+ec KDC_AUTH_EXP,	"Kerberos auth expired"
+ec KDC_PKT_VER,		"Incorrect kerberos master key version"
+ec KDC_P_MKEY_VER,	"Incorrect kerberos master key version"
+ec KDC_S_MKEY_VER,	"Incorrect kerberos master key version"
+ec KDC_BYTE_ORDER,	"Kerberos error: byte order unknown"
+ec KDC_PR_UNKNOWN,	"Kerberos principal unknown"
+ec KDC_PR_N_UNIQUE,	"Kerberos principal not unique"
+ec KDC_NULL_KEY,	"Kerberos principal has null key"
+index 20
+ec KDC_GEN_ERR,		"Generic error from Kerberos KDC"
+ec GC_TKFIL,		"Can't read Kerberos ticket file"
+ec GC_NOTKT,		"Can't find Kerberos ticket or TGT"
+index 26
+ec MK_AP_TGTEXP,	"Kerberos TGT Expired"
+index 31
+ec RD_AP_UNDEC,		"Kerberos error: Can't decode authenticator"
+ec RD_AP_EXP,		"Kerberos ticket expired"
+ec RD_AP_NYV,		"Kerberos ticket not yet valid"
+ec RD_AP_REPEAT,	"Kerberos error: Repeated request"
+ec RD_AP_NOT_US,	"The kerberos ticket isn't for us"
+ec RD_AP_INCON,		"Kerberos request inconsistent"
+ec RD_AP_TIME,		"Kerberos error: delta_t too big"
+ec RD_AP_BADD,		"Kerberos error: incorrect net address"
+ec RD_AP_VERSION,	"Kerberos protocol version mismatch"
+ec RD_AP_MSG_TYPE,	"Kerberos error: invalid msg type"
+ec RD_AP_MODIFIED,	"Kerberos error: message stream modified"
+ec RD_AP_ORDER,		"Kerberos error: message out of order"
+ec RD_AP_UNAUTHOR,	"Kerberos error: unauthorized request"
+index 51
+ec GT_PW_NULL,		"Kerberos error: current PW is null"
+ec GT_PW_BADPW,		"Kerberos error: Incorrect current password"
+ec GT_PW_PROT,		"Kerberos protocol error"
+ec GT_PW_KDCERR,	"Error returned by Kerberos KDC"
+ec GT_PW_NULLTKT,	"Null Kerberos ticket returned by KDC"
+ec SKDC_RETRY,		"Kerberos error: Retry count exceeded"
+ec SKDC_CANT,		"Kerberos error: Can't send request"
+index 61
+ec INTK_W_NOTALL,	"Kerberos error: not all tickets returned"
+ec INTK_BADPW,		"Kerberos error: incorrect password"
+ec INTK_PROT,		"Kerberos error: Protocol Error"
+index 70
+ec INTK_ERR,		"Other error"
+ec AD_NOTGT,		"Don't have Kerberos ticket-granting ticket"
+index 76
+ec NO_TKT_FIL,		"No ticket file found"
+ec TKT_FIL_ACC,		"Couldn't access ticket file"
+ec TKT_FIL_LCK,		"Couldn't lock ticket file"
+ec TKT_FIL_FMT,		"Bad ticket file format"
+ec TKT_FIL_INI,		"tf_init not called first"
+ec KNAME_FMT,		"Bad Kerberos name format"
diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c
index 161aa0f..cb6cd13 100644
--- a/crypto/kerberosIV/lib/krb/krb_err_txt.c
+++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $");
+RCSID("$Id: krb_err_txt.c,v 1.13 1998/01/31 08:11:52 joda Exp $");
 
 /*
  * This file contains an array of error text strings.
@@ -70,7 +70,7 @@ const char *krb_err_txt[256] = {
   "Time is out of bounds (krb_rd_req)",			/* 037 */
   "Incorrect network address (krb_rd_req)",		/* 038 */
   "Protocol version mismatch (krb_rd_req)",		/* 039 */
-  "Illegal message type (krb_rd_req)",			/* 040 */
+  "Invalid message type (krb_rd_req)",			/* 040 */
   "Message integrity error (krb_rd_req)",		/* 041 */
   "Message duplicate or out of order (krb_rd_req)",	/* 042 */
   "Unauthorized request (krb_rd_req)",			/* 043 */
@@ -288,7 +288,7 @@ const char *krb_err_txt[256] = {
   "Generic kerberos error (kfailure)",			/* 255 */
 };
 
-static const char err_failure[] = "Illegal error code passed (krb_get_err_text)";
+static const char err_failure[] = "Unknown error code passed (krb_get_err_text)";
 
 const char *
 krb_get_err_text(int code)
diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
index d3e6cc1..83848c8 100644
--- a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
+++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $");
+RCSID("$Id: krb_get_in_tkt.c,v 1.29 1999/06/29 21:18:07 bg Exp $");
 
 /*
  * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
@@ -47,8 +47,12 @@ RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $");
  */
 
 static int
-decrypt_tkt(char *user, char *instance, char *realm,
-	    void *arg, key_proc_t key_proc, KTEXT *cip)
+decrypt_tkt(const char *user,
+	    char *instance,
+	    const char *realm,
+	    const void *arg,
+	    key_proc_t key_proc,
+	    KTEXT *cip)
 {
     des_cblock key;		/* Key for decrypting cipher */
     int ret;
@@ -105,32 +109,64 @@ decrypt_tkt(char *user, char *instance, char *realm,
  */
 
 int
-krb_get_in_tkt(char *user, char *instance, char *realm, 
-	       char *service, char *sinstance, int life,
-	       key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
+krb_mk_as_req(const char *user,
+	      const char *instance,
+	      const char *realm, 
+	      const char *service,
+	      const char *sinstance,
+	      int life,
+	      KTEXT cip)
 {
     KTEXT_ST pkt_st;
     KTEXT pkt = &pkt_st;	/* Packet to KDC */
     KTEXT_ST rpkt_st;
-    KTEXT rpkt = &rpkt_st;	/* Returned packet */
-
+    KTEXT rpkt = &rpkt_st;	/* Reply from KDC */
+    
     int kerror;
     struct timeval tv;
 
     /* BUILD REQUEST PACKET */
 
     unsigned char *p = pkt->dat;
+    int tmp;
+    size_t rem = sizeof(pkt->dat);
     
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1);
-
-    p += krb_put_nir(user, instance, realm, p);
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_KDC_REQUEST, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(user, instance, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     gettimeofday(&tv, NULL);
-    p += krb_put_int(tv.tv_sec, p, 4);
-    p += krb_put_int(life, p, 1);
-
-    p += krb_put_nir(service, sinstance, NULL, p);
+    tmp = krb_put_int(tv.tv_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(life, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_nir(service, sinstance, NULL, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     pkt->length = p - pkt->dat;
 
@@ -138,38 +174,67 @@ krb_get_in_tkt(char *user, char *instance, char *realm,
 
     /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */
 
-    if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror);
-    
-    p = rpkt->dat;
+    kerror = send_to_kdc(pkt, rpkt, realm);
+    if(kerror) return kerror;
+    kerror = kdc_reply_cipher(rpkt, cip);
+    return kerror;
+}
+
+int
+krb_decode_as_rep(const char *user,
+		  char *instance,
+		  const char *realm,
+		  const char *service,
+		  const char *sinstance, 
+		  key_proc_t key_proc,
+		  decrypt_proc_t decrypt_proc,
+		  const void *arg,
+		  KTEXT as_rep,
+		  CREDENTIALS *cred)
+{
+    int kerror;
+    time_t now;
     
-    {
-	CREDENTIALS cred;
-	KTEXT_ST cip;
-	KTEXT foo = &cip; /* braindamage */
+    if (decrypt_proc == NULL)
+        decrypt_tkt(user, instance, realm, arg, key_proc, &as_rep);
+    else
+        (*decrypt_proc)(user, instance, realm, arg, key_proc, &as_rep);
+
+    kerror = kdc_reply_cred(as_rep, cred);
+    if(kerror != KSUCCESS)
+	return kerror;
 	
-	kerror = kdc_reply_cipher(rpkt, &cip);
-	if(kerror != KSUCCESS)
-	    return kerror;
+    if (strcmp(cred->service, service) || 
+	strcmp(cred->instance, sinstance) ||
+	strcmp(cred->realm, realm))	/* not what we asked for */
+	return INTK_ERR;	/* we need a better code here XXX */
 
-	if (decrypt_proc == NULL)
-	    decrypt_proc = decrypt_tkt;
-	(*decrypt_proc)(user, instance, realm, arg, key_proc, &foo);
+    now = time(NULL);
+    if(krb_get_config_bool("kdc_timesync"))
+	krb_set_kdc_time_diff(cred->issue_date - now);
+    else if (abs((int)(now - cred->issue_date)) > CLOCK_SKEW)
+	return RD_AP_TIME; /* XXX should probably be better code */
 
-	kerror = kdc_reply_cred(&cip, &cred);
-	if(kerror != KSUCCESS)
-	    return kerror;
-	
-	if (strcmp(cred.service, service) || 
-	    strcmp(cred.instance, sinstance) ||
-	    strcmp(cred.realm, realm))	/* not what we asked for */
-	    return INTK_ERR;	/* we need a better code here XXX */
+    return 0;
+}
 
-	if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) {
-	    return RD_AP_TIME; /* XXX should probably be better code */
-	}
+int
+krb_get_in_tkt(char *user, char *instance, char *realm, 
+	       char *service, char *sinstance, int life,
+	       key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)
+{
+    KTEXT_ST as_rep;
+    CREDENTIALS cred;
+    int ret;
 
-	/* initialize ticket cache */
+    ret = krb_mk_as_req(user, instance, realm, 
+			service, sinstance, life, &as_rep);
+    if(ret)
+	return ret;
+    ret = krb_decode_as_rep(user, instance, realm, service, sinstance, 
+			    key_proc, decrypt_proc, arg, &as_rep, &cred);
+    if(ret)
+	return ret;
 
-	return tf_setup(&cred, user, instance);
-    }
+    return tf_setup(&cred, user, instance);
 }
diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h
index 4475883..f5792a8 100644
--- a/crypto/kerberosIV/lib/krb/krb_locl.h
+++ b/crypto/kerberosIV/lib/krb/krb_locl.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */
+/* $Id: krb_locl.h,v 1.49 1998/06/13 00:06:59 assar Exp $ */
 
 #ifndef __krb_locl_h
 #define __krb_locl_h
@@ -119,6 +119,11 @@
 
 #ifdef SOCKS
 #include <socks.h>
+
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
+
 #endif
 
 #include <roken.h>
@@ -127,37 +132,49 @@
 #include <prot.h>
 
 #include "resolve.h"
+#include "krb_log.h"
 
 /* --- */
 
-/* Globals! */
-extern int krb_debug;
-extern int krb_ap_req_debug;
-
 /* Utils */
-int krb_name_to_name(const char *, char *, size_t);
+int
+krb_name_to_name __P((
+	const char *host,
+	char *phost,
+	size_t phost_size));
 
-void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt);
-int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred);
-int kdc_reply_cipher(KTEXT reply, KTEXT cip);
+void
+encrypt_ktext __P((
+	KTEXT cip,
+	des_cblock *key,
+	int encrypt));
 
-#ifndef HAVE_GETTIMEOFDAY
-int gettimeofday (struct timeval *, void *);
-#endif
+int
+kdc_reply_cipher __P((
+	KTEXT reply,
+	KTEXT cip));
 
-void k_ricercar(char*);
+int
+kdc_reply_cred __P((
+	KTEXT cip,
+	CREDENTIALS *cred));
 
-/* safe multiple strcat */
-int k_concat(char*, size_t, ...);
-int k_vconcat(char*, size_t, va_list);
+void
+k_ricercar __P((char *name));
 
-/* mallocing versions of the above */
-size_t k_vmconcat (char**, size_t, va_list); 
-size_t k_mconcat (char**, size_t, ...);
 
 /* used in rd_safe.c and mk_safe.c */
 
-void fixup_quad_cksum(void *start, size_t len, des_cblock *key, 
-		      void *new_checksum, void *old_checksum, int little);
+void
+fixup_quad_cksum __P((
+	void *start,
+	size_t len,
+	des_cblock *key,
+	void *new_checksum,
+	void *old_checksum,
+	int little));
+
+void
+krb_kdctimeofday __P((struct timeval *tv));
 
 #endif /*  __krb_locl_h */
diff --git a/crypto/kerberosIV/lib/krb/krb_log.h b/crypto/kerberosIV/lib/krb/krb_log.h
new file mode 100644
index 0000000..a760102
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_log.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb_log.h,v 1.2 1997/09/26 17:40:33 joda Exp $ */
+
+#include <krb.h>
+
+#ifndef __KRB_LOG_H__
+#define __KRB_LOG_H__
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(X)
+#endif
+
+__BEGIN_DECLS
+
+/* logging.c */
+
+typedef int (*krb_log_func_t) __P((FILE *, const char *, va_list));
+
+typedef krb_log_func_t krb_warnfn_t;
+
+struct krb_log_facility;
+
+int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) 
+	__attribute__ ((format (printf, 2, 0)));
+int krb_logger __P((struct krb_log_facility*, const char *, ...))
+	__attribute__ ((format (printf, 2, 3)));
+int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t));
+
+void krb_set_warnfn  __P((krb_warnfn_t));
+krb_warnfn_t krb_get_warnfn  __P((void));
+void krb_warning  __P((const char*, ...))
+	__attribute__ ((format (printf, 1, 2)));
+
+void kset_logfile __P((char*));
+void krb_log __P((const char*, ...))
+	__attribute__ ((format (printf, 1, 2)));
+char *klog __P((int, const char*, ...))
+	__attribute__ ((format (printf, 2, 3)));
+
+__END_DECLS
+
+#endif /* __KRB_LOG_H__ */
diff --git a/crypto/kerberosIV/lib/krb/krb_net_read.c b/crypto/kerberosIV/lib/krb/krb_net_read.c
new file mode 100644
index 0000000..7459e2f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_net_read.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_net_read.c,v 1.2 1999/03/17 16:18:37 joda Exp $");
+
+int
+krb_net_read (int fd, void *buf, size_t nbytes)
+{
+    return net_read (fd, buf, nbytes);
+}
diff --git a/crypto/kerberosIV/lib/krb/krb_net_write.c b/crypto/kerberosIV/lib/krb/krb_net_write.c
new file mode 100644
index 0000000..e086ee1
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/krb_net_write.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: krb_net_write.c,v 1.2 1999/03/17 16:18:37 joda Exp $");
+
+int
+krb_net_write (int fd, const void *buf, size_t nbytes)
+{
+    return net_write (fd, buf, nbytes);
+}
diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c
index e3d5e6b..4a2be44 100644
--- a/crypto/kerberosIV/lib/krb/kuserok.c
+++ b/crypto/kerberosIV/lib/krb/kuserok.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,12 +38,29 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $");
+RCSID("$Id: kuserok.c,v 1.24 1999/06/23 10:12:37 assar Exp $");
 
 #define OK 0
 #define NOTOK 1
 #define MAX_USERNAME 10
 
+/*
+ * Return OK if `r' is one of the local realms, else NOTOK
+ */
+
+static int
+is_local_realm (const char *r)
+{
+    char lrealm[REALM_SZ];
+    int n;
+
+    for (n = 1; krb_get_lrealm(lrealm, n) == KSUCCESS; ++n) {
+	if (strcmp (r, lrealm) == 0)
+	    return OK;
+    }
+    return NOTOK;
+}
+
 /* 
  * Given a Kerberos principal and a local username, determine whether
  * user is authorized to login according to the authorization file
@@ -83,7 +100,6 @@ int
 krb_kuserok(char *name, char *instance, char *realm, char *luser)
 {
     struct passwd *pwd;
-    char lrealm[REALM_SZ];
     FILE *f;
     char line[1024];
     char file[MaxPathLen];
@@ -92,15 +108,13 @@ krb_kuserok(char *name, char *instance, char *realm, char *luser)
     pwd = getpwnam(luser);
     if(pwd == NULL)
 	return NOTOK;
-    if(krb_get_lrealm(lrealm, 1))
-	return NOTOK;
-    if(pwd->pw_uid != 0 &&
-       strcmp(name, luser) == 0 &&
-       strcmp(instance, "") == 0 &&
-       strcmp(realm, lrealm) == 0)
+    if (pwd->pw_uid != 0
+	&& strcmp (name, luser) == 0
+	&& strcmp (instance, "") == 0
+	&& is_local_realm (realm) == OK)
 	return OK;
-    strcpy(file, pwd->pw_dir);
-    strcat(file, "/.klogin");
+
+    snprintf(file, sizeof(file), "%s/.klogin", pwd->pw_dir);
 
     f = fopen(file, "r");
     if(f == NULL)
@@ -135,10 +149,15 @@ krb_kuserok(char *name, char *instance, char *realm, char *luser)
 	    continue;
 	if(strcmp(instance, finst))
 	    continue;
-	if(frealm[0] == 0)
-	    strcpy(frealm, lrealm);
-	if(strcmp(realm, frealm))
+#if 0 /* don't support principals without realm any longer */
+	if(frealm[0] == 0) {
+	    if (is_local_realm (realm) != OK)
+		continue;
+	} else
+#endif
+	if (strcmp (realm, frealm))
 	    continue;
+
 	fclose(f);
 	return OK;
     }
@@ -153,4 +172,3 @@ kuserok(AUTH_DAT *auth, char *luser)
 {
     return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser);
 }
-
diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c
index 15e5bde..76965fd 100644
--- a/crypto/kerberosIV/lib/krb/logging.c
+++ b/crypto/kerberosIV/lib/krb/logging.c
@@ -39,7 +39,7 @@
 #include "krb_locl.h"
 #include <klog.h>
 
-RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $");
+RCSID("$Id: logging.c,v 1.16 1998/07/24 06:13:35 assar Exp $");
 
 struct krb_log_facility {
     char filename[MaxPathLen]; 
@@ -87,7 +87,7 @@ krb_openlog(struct krb_log_facility *f,
 	    FILE *file,
 	    krb_log_func_t func)
 {
-    strcpy(f->filename, filename);
+    strcpy_truncate(f->filename, filename, MaxPathLen);
     f->file = file;
     f->func = func;
     return KSUCCESS;
@@ -109,7 +109,7 @@ log_tty(FILE *f, const char *format,  va_list args)
 static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty };
 
 static void
-init_std_log ()
+init_std_log (void)
 {
   static int done = 0;
 
diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
index bc3c484..024e8ca 100644
--- a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
+++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c
@@ -38,9 +38,9 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $");
+RCSID("$Id: lsb_addr_comp.c,v 1.15 1998/10/22 15:58:26 joda Exp $");
 
-#include "lsb_addr_comp.h"
+#include "krb-archaeology.h"
 
 int
 krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y)
@@ -83,23 +83,57 @@ krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y)
 u_int32_t
 lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)
 {
+    int dir = 1;
+    const char *fw;
+
     /*
      * direction bit is the sign bit of the timestamp.  Ok until
      * 2038??
      */
+    if(krb_debug) {
+	krb_warning("lsb_time: src = %s:%u\n", 
+		    inet_ntoa(src->sin_addr), ntohs(src->sin_port));
+	krb_warning("lsb_time: dst = %s:%u\n", 
+		    inet_ntoa(dst->sin_addr), ntohs(dst->sin_port));
+    }
+
     /* For compatibility with broken old code, compares are done in VAX 
        byte order (LSBFIRST) */ 
     if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ 
 				   dst->sin_addr.s_addr) < 0) 
-        t = -t;
+        dir = -1;
     else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, 
 					dst->sin_addr.s_addr)==0) 
         if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0)
-            t = -t;
+            dir = -1;
     /*
      * all that for one tiny bit!  Heaven help those that talk to
      * themselves.
      */
+    if(krb_get_config_bool("reverse_lsb_test")) {
+	if(krb_debug) 
+	    krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir);
+	dir = -dir;
+    }else if((fw = krb_get_config_string("firewall_address"))) {
+	struct in_addr fw_addr;
+	fw_addr.s_addr = inet_addr(fw);
+	if(fw_addr.s_addr != INADDR_NONE) {
+	    int s_lt_d, d_lt_f;
+	    krb_warning("lsb_time: fw = %s\n", inet_ntoa(fw_addr));
+	    /* negate if src < dst < fw || fw < dst < src */
+	    s_lt_d = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr,
+						 dst->sin_addr.s_addr) == -1);
+	    d_lt_f = (krb_lsb_antinet_ulong_less(fw_addr.s_addr,
+						 dst->sin_addr.s_addr) == 1);
+	    if((s_lt_d ^ d_lt_f) == 0) {
+		if(krb_debug) 
+		    krb_warning("lsb_time: reversing direction: %d -> %d\n", 
+				dir, -dir);
+		dir = -dir;
+	    }
+	}
+    }
+    t = t * dir;
     t = t & 0xffffffff;
     return t;
 }
diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c
index 7cfb36b..91ea866 100644
--- a/crypto/kerberosIV/lib/krb/mk_auth.c
+++ b/crypto/kerberosIV/lib/krb/mk_auth.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $");
+RCSID("$Id: mk_auth.c,v 1.6 1998/06/09 19:25:22 joda Exp $");
 
 /*
  * Generate an authenticator for service.instance@realm.
@@ -62,12 +62,14 @@ krb_mk_auth(int32_t options,
   char realinst[INST_SZ];
   char realrealm[REALM_SZ];
   int ret;
-  unsigned char *p;
+  char *tmp;
 
   if (options & KOPT_DONT_CANON)
-    strncpy(realinst, instance, sizeof(realinst));
+    tmp = instance;
   else
-    strncpy(realinst, krb_get_phost (instance), sizeof(realinst));
+    tmp = krb_get_phost (instance);
+
+  strcpy_truncate(realinst, tmp, sizeof(realinst));
 
   if (realm == NULL) {
     ret = krb_get_lrealm (realrealm, 1);
@@ -82,15 +84,35 @@ krb_mk_auth(int32_t options,
       return ret;
   }
     
-  p = buf->dat;
+  {
+      int tmp;
+      size_t rem = sizeof(buf->dat);
+      unsigned char *p = buf->dat;
+
+      p = buf->dat;
+
+      if (rem < 2 * KRB_SENDAUTH_VLEN)
+	  return KFAILURE;
+      memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
+      p += KRB_SENDAUTH_VLEN;
+      rem -= KRB_SENDAUTH_VLEN;
 
-  memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN);
-  p += KRB_SENDAUTH_VLEN;
-  memcpy (p, version, KRB_SENDAUTH_VLEN);
-  p += KRB_SENDAUTH_VLEN;
-  p += krb_put_int(ticket->length, p, 4);
-  memcpy(p, ticket->dat, ticket->length);
-  p += ticket->length;
-  buf->length = p - buf->dat;
+      memcpy (p, version, KRB_SENDAUTH_VLEN);
+      p += KRB_SENDAUTH_VLEN;
+      rem -= KRB_SENDAUTH_VLEN;
+
+      tmp = krb_put_int(ticket->length, p, rem, 4);
+      if (tmp < 0)
+	  return KFAILURE;
+      p += tmp;
+      rem -= tmp;
+
+      if (rem < ticket->length)
+	  return KFAILURE;
+      memcpy(p, ticket->dat, ticket->length);
+      p += ticket->length;
+      rem -= ticket->length;
+      buf->length = p - buf->dat;
+  }
   return KSUCCESS;
 }
diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c
index 710587a..11fc059 100644
--- a/crypto/kerberosIV/lib/krb/mk_err.c
+++ b/crypto/kerberosIV/lib/krb/mk_err.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $");
+RCSID("$Id: mk_err.c,v 1.7 1998/06/09 19:25:22 joda Exp $");
 
 /*
  * This routine creates a general purpose error reply message.  It
@@ -47,10 +47,11 @@ int32_t
 krb_mk_err(u_char *p, int32_t e, char *e_string)
 {
     unsigned char *start = p;
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1);
     
-    p += krb_put_int(e, p, 4);
-    p += krb_put_string(e_string, p);
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1, 1);
+    
+    p += krb_put_int(e, p, 4, 4);
+    p += krb_put_string(e_string, p, strlen(e_string) + 1);
     return p - start;
 }
diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c
index b6a9cc4..20f4ee2 100644
--- a/crypto/kerberosIV/lib/krb/mk_priv.c
+++ b/crypto/kerberosIV/lib/krb/mk_priv.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,10 +38,10 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $");
+RCSID("$Id: mk_priv.c,v 1.21 1998/06/09 19:25:23 joda Exp $");
 
 /* application include files */
-#include "lsb_addr_comp.h"
+#include "krb-archaeology.h"
 
 /*
  * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message.  It takes
@@ -93,28 +93,28 @@ krb_mk_priv(void *in, void *out, u_int32_t length,
     u_int32_t src_addr;
     u_int32_t len;
 
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_PRIVATE, p, 1);
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_PRIVATE, p, 1, 1);
 
     len = 4 + length + 1 + 4 + 4;
     len = (len + 7) & ~7;
-    p += krb_put_int(len, p, 4);
+    p += krb_put_int(len, p, 4, 4);
     
     cipher = p;
 
-    p += krb_put_int(length, p, 4);
+    p += krb_put_int(length, p, 4, 4);
     
     memcpy(p, in, length);
     p += length;
     
-    gettimeofday(&tv, NULL);
+    krb_kdctimeofday(&tv);
 
     *p++ =tv.tv_usec / 5000;
     
     src_addr = sender->sin_addr.s_addr;
-    p += krb_put_address(src_addr, p);
+    p += krb_put_address(src_addr, p, 4);
 
-    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4);
     
     memset(p, 0, 7);
 
diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c
index 313ea04..b3761ca 100644
--- a/crypto/kerberosIV/lib/krb/mk_req.c
+++ b/crypto/kerberosIV/lib/krb/mk_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,32 +38,50 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $");
+RCSID("$Id: mk_req.c,v 1.20 1998/06/09 19:25:23 joda Exp $");
 
 static int lifetime = 255;	/* But no longer than TGT says. */
 
 
-static void
+static int
 build_request(KTEXT req, char *name, char *inst, char *realm, 
 	      u_int32_t checksum)
 {
     struct timeval tv;
     unsigned char *p = req->dat;
-    
-    p += krb_put_nir(name, inst, realm, p);
-    
-    p += krb_put_int(checksum, p, 4);
+    int tmp;
+    size_t rem = sizeof(req->dat);
+
+    tmp = krb_put_nir(name, inst, realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
+    tmp = krb_put_int(checksum, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     /* Fill in the times on the request id */
-    gettimeofday(&tv, NULL);
+    krb_kdctimeofday(&tv);
+
+    if (rem < 1)
+	return KFAILURE;
 
     *p++ = tv.tv_usec / 5000; /* 5ms */
+    --rem;
     
-    p += krb_put_int(tv.tv_sec, p, 4);
+    tmp = krb_put_int(tv.tv_sec, p, rem, 4);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
     /* Fill to a multiple of 8 bytes for DES */
     req->length = ((p - req->dat + 7)/8) * 8;
+    return 0;
 }
 
 
@@ -125,11 +143,21 @@ krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
     char myrealm[REALM_SZ];
 
     unsigned char *p = authent->dat;
+    int rem = sizeof(authent->dat);
+    int tmp;
+
+    tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
 
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    
-    p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1);
-    
     /* Get the ticket and move it into the authenticator */
     if (krb_ap_req_debug)
         krb_warning("Realm: %s\n", realm);
@@ -155,9 +183,9 @@ krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
      */
 
     retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0);
-    if (retval == KSUCCESS)
-      strncpy(myrealm, realm, REALM_SZ);
-    else
+    if (retval == KSUCCESS) {
+      strcpy_truncate(myrealm, realm, REALM_SZ);
+    } else
       retval = krb_get_tf_realm(TKT_FILE, myrealm);
     
     if (retval != KSUCCESS)
@@ -167,25 +195,45 @@ krb_mk_req(KTEXT authent, char *service, char *instance, char *realm,
         krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm,
 		    cr.pname, cr.pinst, myrealm);
 
-    p += krb_put_int(cr.kvno, p, 1);
-
-    p += krb_put_string(realm, p);
-
-    p += krb_put_int(ticket->length, p, 1);
-
-    build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
+    tmp = krb_put_int(cr.kvno, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(realm, p, rem);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_int(ticket->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum);
+    if (retval != KSUCCESS)
+	return retval;
     
     encrypt_ktext(req_id, &cr.session, DES_ENCRYPT);
 
-    p += krb_put_int(req_id->length, p, 1);
+    tmp = krb_put_int(req_id->length, p, rem, 1);
+    if (tmp < 0)
+	return KFAILURE;
+    p += tmp;
+    rem -= tmp;
+
+    if (rem < ticket->length + req_id->length)
+	return KFAILURE;
 
     memcpy(p, ticket->dat, ticket->length);
-    
     p += ticket->length;
-    
+    rem -= ticket->length;
     memcpy(p, req_id->dat, req_id->length);
-    
     p += req_id->length;
+    rem -= req_id->length;
 
     authent->length = p - authent->dat;
     
diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c
index df5ca21..e5ea847 100644
--- a/crypto/kerberosIV/lib/krb/mk_safe.c
+++ b/crypto/kerberosIV/lib/krb/mk_safe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,10 +38,10 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $");
+RCSID("$Id: mk_safe.c,v 1.24 1998/06/09 19:25:23 joda Exp $");
 
 /* application include files */
-#include "lsb_addr_comp.h"
+#include "krb-archaeology.h"
 
 
 /* from rd_safe.c */
@@ -89,24 +89,24 @@ krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key,
     unsigned char *start;
     u_int32_t src_addr;
 
-    p += krb_put_int(KRB_PROT_VERSION, p, 1);
-    p += krb_put_int(AUTH_MSG_SAFE, p, 1);
+    p += krb_put_int(KRB_PROT_VERSION, p, 1, 1);
+    p += krb_put_int(AUTH_MSG_SAFE, p, 1, 1);
     
     start = p;
 
-    p += krb_put_int(length, p, 4);
+    p += krb_put_int(length, p, 4, 4);
 
     memcpy(p, in, length);
     p += length;
     
-    gettimeofday(&tv, NULL);
+    krb_kdctimeofday(&tv);
 
     *p++ = tv.tv_usec/5000; /* 5ms */
     
     src_addr = sender->sin_addr.s_addr;
-    p += krb_put_address(src_addr, p);
+    p += krb_put_address(src_addr, p, 4);
 
-    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4);
+    p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4);
 
     {
 	/* We are faking big endian mode, so we need to fix the
diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c
index fa95b89..2e2e9e6 100644
--- a/crypto/kerberosIV/lib/krb/name2name.c
+++ b/crypto/kerberosIV/lib/krb/name2name.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $");
+RCSID("$Id: name2name.c,v 1.20 1999/03/13 21:26:02 assar Exp $");
 
 /* convert host to a more fully qualified domain name, returns 0 if
  * phost is the same as host, 1 otherwise. phost should be
@@ -53,15 +53,25 @@ krb_name_to_name(const char *host, char *phost, size_t phost_size)
     const char *tmp;
     
     adr.s_addr = inet_addr(host);
-    hp = gethostbyname(host);
-    if (hp == NULL && adr.s_addr != INADDR_NONE)
+    if (adr.s_addr != INADDR_NONE)
 	hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET);
+    else
+	hp = gethostbyname(host);
     if (hp == NULL)
 	tmp = host;
-    else
+    else {
 	tmp = hp->h_name;
-    strncpy (phost, tmp, phost_size);
-    phost[phost_size - 1] = '\0';
+	/*
+	 * Broken SunOS 5.4 sometimes keeps the official name as the
+	 * 1:st alias.
+	 */
+        if (strchr(tmp, '.') == NULL
+	    && hp->h_aliases != NULL
+	    && hp->h_aliases[0] != NULL
+	    && strchr (hp->h_aliases[0], '.') != NULL)
+		tmp = hp->h_aliases[0];
+    }
+    strcpy_truncate (phost, tmp, phost_size);
 
     if (strcmp(phost, host) == 0)
 	return 0;
@@ -74,7 +84,8 @@ krb_name_to_name(const char *host, char *phost, size_t phost_size)
 void
 k_ricercar(char *name)
 {
-    char *p = name;
+    unsigned char *p = (unsigned char *)name;
+
     while(*p && *p != '.'){
 	if(isupper(*p))
 	    *p = tolower(*p);
@@ -94,7 +105,7 @@ k_ricercar(char *name)
 char *
 krb_get_phost(const char *alias)
 {
-    static char phost[MaxHostNameLen+1];
+    static char phost[MaxHostNameLen];
     
     krb_name_to_name(alias, phost, sizeof(phost));
     k_ricercar(phost);
diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c
index 1184330..da06aec 100644
--- a/crypto/kerberosIV/lib/krb/parse_name.c
+++ b/crypto/kerberosIV/lib/krb/parse_name.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $");
+RCSID("$Id: parse_name.c,v 1.5 1998/06/09 19:25:24 joda Exp $");
 
 int
 krb_parse_name(const char *fullname, krb_principal *principal)
@@ -86,10 +86,10 @@ kname_parse(char *np, char *ip, char *rp, char *fullname)
     krb_principal p;
     int ret;
     if((ret = krb_parse_name(fullname, &p)) == 0){
-	strcpy(np, p.name);
-	strcpy(ip, p.instance);
+	strcpy_truncate (np, p.name, ANAME_SZ);
+	strcpy_truncate (ip, p.instance, INST_SZ);
 	if(p.realm[0])
-	    strcpy(rp, p.realm);
+	    strcpy_truncate (rp, p.realm, REALM_SZ);
     }
     return ret;
 }
diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h
index e4825e1..b9a4ea3 100644
--- a/crypto/kerberosIV/lib/krb/prot.h
+++ b/crypto/kerberosIV/lib/krb/prot.h
@@ -1,5 +1,5 @@
 /*
- * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $
+ * $Id: prot.h,v 1.8 1997/12/05 00:18:02 joda Exp $
  *
  * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
  * of Technology.
@@ -20,41 +20,6 @@
 #define 	MAX_PKT_LEN		1000
 #define		MAX_TXT_LEN		1000
 
-/* Macro's to obtain various fields from a packet */
-
-#define pkt_version(packet)  (unsigned int) *(packet->dat)
-#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1)
-#define pkt_a_name(packet)   (packet->dat+2)
-#define pkt_a_inst(packet)   \
-	(packet->dat+3+strlen((char *)pkt_a_name(packet)))
-#define pkt_a_realm(packet)  \
-	(pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet)))
-
-/* Macro to obtain realm from application request */
-#define apreq_realm(auth)     (auth->dat + 3)
-
-#define pkt_time_ws(packet) (char *) \
-        (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \
-	 strlen((char *)pkt_a_inst(packet)) + \
-	 strlen((char *)pkt_a_realm(packet)))
-
-#define pkt_no_req(packet) (unsigned short) \
-        *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
-	  strlen((char *)pkt_a_inst(packet)) + \
-	  strlen((char *)pkt_a_realm(packet)))
-#define pkt_x_date(packet) (char *) \
-        (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \
-	 strlen((char *)pkt_a_inst(packet)) + \
-	 strlen((char *)pkt_a_realm(packet)))
-#define pkt_err_code(packet) ( (char *) \
-        (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \
-	 strlen((char *)pkt_a_inst(packet)) + \
-	 strlen((char *)pkt_a_realm(packet))))
-#define pkt_err_text(packet) \
-        (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \
-	 strlen((char *)pkt_a_inst(packet)) + \
-	 strlen((char *)pkt_a_realm(packet)))
-
 /* Routines to create and read packets may be found in prot.c */
 
 KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, 
@@ -66,17 +31,17 @@ KTEXT krb_create_death_packet(char *a_name);
 
 /* Message types , always leave lsb for byte order */
 
-#define		AUTH_MSG_KDC_REQUEST			 1<<1
-#define 	AUTH_MSG_KDC_REPLY			 2<<1
-#define		AUTH_MSG_APPL_REQUEST			 3<<1
-#define		AUTH_MSG_APPL_REQUEST_MUTUAL		 4<<1
-#define		AUTH_MSG_ERR_REPLY			 5<<1
-#define		AUTH_MSG_PRIVATE			 6<<1
-#define		AUTH_MSG_SAFE				 7<<1
-#define		AUTH_MSG_APPL_ERR			 8<<1
-#define		AUTH_MSG_KDC_FORWARD			 9<<1
-#define		AUTH_MSG_KDC_RENEW			10<<1
-#define 	AUTH_MSG_DIE				63<<1
+#define		AUTH_MSG_KDC_REQUEST			 (1<<1)
+#define 	AUTH_MSG_KDC_REPLY			 (2<<1)
+#define		AUTH_MSG_APPL_REQUEST			 (3<<1)
+#define		AUTH_MSG_APPL_REQUEST_MUTUAL		 (4<<1)
+#define		AUTH_MSG_ERR_REPLY			 (5<<1)
+#define		AUTH_MSG_PRIVATE			 (6<<1)
+#define		AUTH_MSG_SAFE				 (7<<1)
+#define		AUTH_MSG_APPL_ERR			 (8<<1)
+#define		AUTH_MSG_KDC_FORWARD			 (9<<1)
+#define		AUTH_MSG_KDC_RENEW			(10<<1)
+#define 	AUTH_MSG_DIE				(63<<1)
 
 /* values for kerb error codes */
 
diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c
index 58ecd9f..0721b2c 100644
--- a/crypto/kerberosIV/lib/krb/rd_priv.c
+++ b/crypto/kerberosIV/lib/krb/rd_priv.c
@@ -38,10 +38,10 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $");
+RCSID("$Id: rd_priv.c,v 1.26 1998/05/26 19:57:42 joda Exp $");
 
 /* application include files */
-#include "lsb_addr_comp.h"
+#include "krb-archaeology.h"
 
 /*
  * krb_rd_priv() decrypts and checks the integrity of an
@@ -116,7 +116,7 @@ krb_rd_priv(void *in, u_int32_t in_length,
     if (delta_t > CLOCK_SKEW)
 	return RD_AP_TIME;
     if (krb_debug)
-      krb_warning("\ndelta_t = %d", (int) delta_t);
+	krb_warning("delta_t = %d\n", (int) delta_t);
 
     /*
      * caller must check timestamps for proper order and
diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c
index 1a3e848..e145dae 100644
--- a/crypto/kerberosIV/lib/krb/rd_req.c
+++ b/crypto/kerberosIV/lib/krb/rd_req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $");
+RCSID("$Id: rd_req.c,v 1.25 1998/06/09 19:25:25 joda Exp $");
 
 static struct timeval t_local = { 0, 0 };
 
@@ -198,7 +198,7 @@ krb_rd_req(KTEXT authent,	/* The received message */
 
     s_kvno = *p++;
 
-    p += krb_get_string(p, realm);
+    p += krb_get_string(p, realm, sizeof(realm));
 
     /*
      * If "fn" is NULL, key info should already be set; don't
@@ -217,9 +217,9 @@ krb_rd_req(KTEXT authent,	/* The received message */
             return(RD_AP_UNDEC);
         if ((status = krb_set_key((char*)skey, 0)))
 	    return(status);
-        strcpy(st_rlm, realm);
-        strcpy(st_nam, service);
-        strcpy(st_inst, instance);
+        strcpy_truncate (st_rlm, realm, REALM_SZ);
+        strcpy_truncate (st_nam, service, SNAME_SZ);
+        strcpy_truncate (st_inst, instance, INST_SZ);
     }
 
     tkt->length = *p++;
diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c
index 8471df0..495a681 100644
--- a/crypto/kerberosIV/lib/krb/rd_safe.c
+++ b/crypto/kerberosIV/lib/krb/rd_safe.c
@@ -38,10 +38,10 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $");
+RCSID("$Id: rd_safe.c,v 1.25 1997/12/05 00:17:09 joda Exp $");
 
 /* application include files */
-#include "lsb_addr_comp.h"
+#include "krb-archaeology.h"
 
 /* Generate two checksums in the given byteorder of the data, one
  * new-form and one old-form. It has to be done this way to be
diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c
index 6de5db2..d517551 100644
--- a/crypto/kerberosIV/lib/krb/read_service_key.c
+++ b/crypto/kerberosIV/lib/krb/read_service_key.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $");
+RCSID("$Id: read_service_key.c,v 1.11 1999/03/10 18:34:34 joda Exp $");
 
 /*
  * The private keys for servers on a given host are stored in a
@@ -57,12 +57,12 @@ RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $");
 
 
 int
-read_service_key(char *service,	/* Service Name */
+read_service_key(const char *service,	/* Service Name */
 		 char *instance, /* Instance name or "*" */
-		 char *realm,	/* Realm */
+		 const char *realm,	/* Realm */
 		 int kvno,	/* Key version number */
-		 char *file,	/* Filename */
-		 char *key)	/* Pointer to key to be filled in */
+		 const char *file,	/* Filename */
+		 void *key)	/* Pointer to key to be filled in */
 {
     char serv[SNAME_SZ];
     char inst[INST_SZ];
@@ -96,8 +96,9 @@ read_service_key(char *service,	/* Service Name */
         /* How about instance */
         if (!wcard && strcmp(inst,instance))
             continue;
-        if (wcard)
-            strncpy(instance,inst,INST_SZ);
+        if (wcard) {
+	    strcpy_truncate (instance, inst, INST_SZ);
+	}
         /* Is this the right realm */
         if (strcmp(rlm,realm)) 
 	    continue;
diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c
index 2ce852a..8d90f1b 100644
--- a/crypto/kerberosIV/lib/krb/realm_parse.c
+++ b/crypto/kerberosIV/lib/krb/realm_parse.c
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $");
+RCSID("$Id: realm_parse.c,v 1.15 1998/06/09 19:25:25 joda Exp $");
 
 static int
 realm_parse(char *realm, int length, const char *file)
@@ -55,7 +55,7 @@ realm_parse(char *realm, int length, const char *file)
 	p = strtok_r(tr, " \t\n\r", &unused);
 	if(p && strcasecmp(p, realm) == 0){
 	    fclose(F);
-	    strncpy(realm, p, length);
+	    strcpy_truncate (realm, p, length);
 	    return 0;
 	}
     }
@@ -63,26 +63,14 @@ realm_parse(char *realm, int length, const char *file)
     return -1;
 }
 
-static const char *const files[] = KRB_CNF_FILES;
-
 int
 krb_realm_parse(char *realm, int length)
 {
     int i;
-  
-    const char *dir = getenv("KRBCONFDIR");
-
-    /* First try user specified file */
-    if (dir != 0) {
-      char fname[MaxPathLen];
-
-      if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0)
-	  if (realm_parse(realm, length, fname) == 0)
-	      return 0;
-    }
+    char file[MaxPathLen];
 
-    for (i = 0; files[i] != NULL; i++)
-	if (realm_parse(realm, length, files[i]) == 0)
+    for(i = 0; krb_get_krbconf(i, file, sizeof(file)) == 0; i++)
+	if (realm_parse(realm, length, file) == 0)
 	    return 0;
     return -1;
 }
diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c
index 6c96897..f164b2b 100644
--- a/crypto/kerberosIV/lib/krb/recvauth.c
+++ b/crypto/kerberosIV/lib/krb/recvauth.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $");
+RCSID("$Id: recvauth.c,v 1.19 1998/06/09 19:25:25 joda Exp $");
 
 /*
  * krb_recvauth() reads (and optionally responds to) a message sent
@@ -117,10 +117,12 @@ krb_recvauth(int32_t options,	/* bit-pattern of options */
     int32_t priv_len;
     u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)];
 
-    /* read the protocol version number */
-    if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
-	return(errno);
-    krb_vers[KRB_SENDAUTH_VLEN] = '\0';
+    if (!(options & KOPT_IGNORE_PROTOCOL)) {
+	/* read the protocol version number */
+	if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
+	    return(errno);
+	krb_vers[KRB_SENDAUTH_VLEN] = '\0';
+    }
 
     /* read the application version string */
     if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN)
@@ -168,7 +170,7 @@ krb_recvauth(int32_t options,	/* bit-pattern of options */
 	   for return to the client */
 	{ 
 	    unsigned char cs[4];
-	    krb_put_int(kdata->checksum + 1, cs, 4);
+	    krb_put_int(kdata->checksum + 1, cs, sizeof(cs), 4);
 #ifndef NOENCRYPTION
 	    des_key_sched(&kdata->session,schedule);
 #endif
@@ -181,7 +183,7 @@ krb_recvauth(int32_t options,	/* bit-pattern of options */
 				   faddr);
 	}
 	/* mk_priv will never fail */
-	priv_len += krb_put_int(priv_len, tmp_buf, 4);
+	priv_len += krb_put_int(priv_len, tmp_buf, 4, 4);
 	
 	if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len)
 	    return -1;
diff --git a/crypto/kerberosIV/lib/krb/resource.h b/crypto/kerberosIV/lib/krb/resource.h
new file mode 100644
index 0000000..d50551f
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/resource.h
@@ -0,0 +1,15 @@
+//{{NO_DEPENDENCIES}}

+// Microsoft Developer Studio generated include file.

+// Used by krb.rc

+//

+

+// Next default values for new objects

+// 

+#ifdef APSTUDIO_INVOKED

+#ifndef APSTUDIO_READONLY_SYMBOLS

+#define _APS_NEXT_RESOURCE_VALUE        101

+#define _APS_NEXT_COMMAND_VALUE         40001

+#define _APS_NEXT_CONTROL_VALUE         1000

+#define _APS_NEXT_SYMED_VALUE           101

+#endif

+#endif

diff --git a/crypto/kerberosIV/lib/krb/roken_rename.h b/crypto/kerberosIV/lib/krb/roken_rename.h
new file mode 100644
index 0000000..831da32
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/roken_rename.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.7 1998/10/13 16:50:23 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+/*
+ * Libroken routines that are added libkrb
+ */
+
+#define base64_decode _krb_base64_decode
+#define base64_encode _krb_base64_encode
+
+#define net_write roken_net_write
+#define net_read  roken_net_read
+
+#ifndef HAVE_FLOCK
+#define flock _krb_flock
+#endif
+#ifndef HAVE_GETHOSTNAME
+#define gethostname _krb_gethostname
+#endif
+#ifndef HAVE_GETTIMEOFDAY
+#define gettimeofday _krb_gettimeofday
+#endif
+#ifndef HAVE_GETUID
+#define getuid _krb_getuid
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _krb_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _krb_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _krb_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _krb_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _krb_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _krb_vsnprintf
+#endif
+#ifndef HAVE_STRCASECMP
+#define strcasecmp _krb_strcasecmp
+#endif
+#ifndef HAVE_STRNCASECMP
+#define strncasecmp _krb_strncasecmp
+#endif
+#ifndef HAVE_STRDUP
+#define strdup _krb_strdup
+#endif
+#ifndef HAVE_STRNLEN
+#define strnlen _krb_strnlen
+#endif
+#ifndef HAVE_SWAB
+#define swab _krb_swab
+#endif
+#ifndef HAVE_STRTOK_R
+#define strtok_r _krb_strtok_r
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c
index 4b136aa..559e3fa 100644
--- a/crypto/kerberosIV/lib/krb/rw.c
+++ b/crypto/kerberosIV/lib/krb/rw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -43,7 +43,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $");
+RCSID("$Id: rw.c,v 1.10 1999/06/29 21:18:08 bg Exp $");
 
 int
 krb_get_int(void *f, u_int32_t *to, int size, int lsb)
@@ -63,10 +63,14 @@ krb_get_int(void *f, u_int32_t *to, int size, int lsb)
 }
 
 int
-krb_put_int(u_int32_t from, void *to, int size)
+krb_put_int(u_int32_t from, void *to, size_t rem, int size)
 {
     int i;
     unsigned char *p = (unsigned char *)to;
+
+    if (rem < size)
+	return -1;
+
     for(i = size - 1; i >= 0; i--){
 	p[i] = from & 0xff;
 	from >>= 8;
@@ -86,22 +90,27 @@ krb_get_address(void *from, u_int32_t *to)
 }
 
 int
-krb_put_address(u_int32_t addr, void *to)
+krb_put_address(u_int32_t addr, void *to, size_t rem)
 {
-    return krb_put_int(ntohl(addr), to, 4);
+    return krb_put_int(ntohl(addr), to, rem, 4);
 }
 
 int
-krb_put_string(char *from, void *to)
+krb_put_string(const char *from, void *to, size_t rem)
 {
-    strcpy((char *)to, from);
-    return strlen(from) + 1;
+    size_t len = strlen(from) + 1;
+
+    if (rem < len)
+	return -1;
+    memcpy(to, from, len);
+    return len;
 }
 
 int
-krb_get_string(void *from, char *to)
+krb_get_string(void *from, char *to, size_t to_size)
 {
-    return krb_put_string(from, to);
+    strcpy_truncate (to, (char *)from, to_size);
+    return strlen((char *)from) + 1;
 }
 
 int
@@ -109,20 +118,41 @@ krb_get_nir(void *from, char *name, char *instance, char *realm)
 {
     char *p = (char *)from;
 
-    p += krb_get_string(p, name);
-    p += krb_get_string(p, instance);
+    p += krb_get_string(p, name, ANAME_SZ);
+    p += krb_get_string(p, instance, INST_SZ);
     if(realm)
-	p += krb_get_string(p, realm);
+	p += krb_get_string(p, realm, REALM_SZ);
     return p - (char *)from;
 }
 
 int
-krb_put_nir(char *name, char *instance, char *realm, void *to)
+krb_put_nir(const char *name,
+	    const char *instance,
+	    const char *realm,
+	    void *to,
+	    size_t rem)
 {
     char *p = (char *)to;
-    p += krb_put_string(name, p);
-    p += krb_put_string(instance, p);
-    if(realm)
-	p += krb_put_string(realm, p);
+    int tmp;
+    
+    tmp = krb_put_string(name, p, rem);
+    if (tmp < 0)
+	return tmp;
+    p += tmp;
+    rem -= tmp;
+
+    tmp = krb_put_string(instance, p, rem);
+    if (tmp < 0)
+	return tmp;
+    p += tmp;
+    rem -= tmp;
+    
+    if (realm) {
+	tmp = krb_put_string(realm, p, rem);
+	if (tmp < 0)
+	    return tmp;
+	p += tmp;
+	rem -= tmp;
+    }
     return p - (char *)to;
 }
diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c
index 828b34d..04409be 100644
--- a/crypto/kerberosIV/lib/krb/send_to_kdc.c
+++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c
@@ -20,23 +20,17 @@ or implied warranty.
   */
 
 #include "krb_locl.h"
+#include <base64.h>
 
-RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.69 1999/06/29 21:18:09 bg Exp $");
 
 struct host {
-  struct sockaddr_in addr;
-  int proto;
+    struct sockaddr_in addr;
+    enum krb_host_proto proto;
 };
 
-static const char *prog = "send_to_kdc";
-static send_recv(KTEXT pkt, KTEXT rpkt, int f,
-		 struct sockaddr_in *_to, struct host *addrs,
-		 int h_hosts);
-
-/*
- * This file contains two routines, send_to_kdc() and send_recv().
- * send_recv() is a static routine used by send_to_kdc().
- */
+static int send_recv(KTEXT pkt, KTEXT rpkt, int f,
+		     struct sockaddr_in *adr);
 
 /*
  * send_to_kdc() sends a message to the Kerberos authentication
@@ -65,8 +59,21 @@ static send_recv(KTEXT pkt, KTEXT rpkt, int f,
  *		  after several retries
  */
 
+/* always use the admin server */
+static int krb_use_admin_server_flag = 0;
+
+static int client_timeout = -1;
+
 int
-send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
+krb_use_admin_server(int flag)
+{
+    int old = krb_use_admin_server_flag;
+    krb_use_admin_server_flag = flag;
+    return old;
+}
+
+int
+send_to_kdc(KTEXT pkt, KTEXT rpkt, const char *realm)
 {
     int i;
     int no_host; /* was a kerberos host found? */
@@ -78,53 +85,87 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
     struct krb_host *k_host;
     struct host *hosts = malloc(sizeof(*hosts));
 
+    if (client_timeout == -1) {
+	const char *to;
+
+	client_timeout = CLIENT_KRB_TIMEOUT;
+	to = krb_get_config_string ("kdc_timeout");
+	if (to != NULL) {
+	    int tmp;
+	    char *end;
+
+	    tmp = strtol (to, &end, 0);
+	    if (end != to)
+		client_timeout = tmp;
+	}
+    }
+
     if (hosts == NULL)
-      return SKDC_CANT;
+	return SKDC_CANT;
 
     /*
      * If "realm" is non-null, use that, otherwise get the
      * local realm.
      */
     if (realm)
-	strcpy(lrealm, realm);
+	strcpy_truncate(lrealm, realm, REALM_SZ);
     else
 	if (krb_get_lrealm(lrealm,1)) {
 	    if (krb_debug)
-		krb_warning("%s: can't get local realm\n", prog);
+		krb_warning("send_to_kdc: can't get local realm\n");
 	    return(SKDC_CANT);
 	}
     if (krb_debug)
-      krb_warning("lrealm is %s\n", lrealm);
+	krb_warning("lrealm is %s\n", lrealm);
 
     no_host = 1;
     /* get an initial allocation */
     n_hosts = 0;
-    for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) {
+    for (i = 1;
+	 (k_host = krb_get_host(i, lrealm, krb_use_admin_server_flag)); 
+	 ++i) {
 	char *p;
+	char **addr_list;
+	int j;
+	int n_addrs;
+	struct host *tmp;
 
         if (krb_debug)
-	  krb_warning("Getting host entry for %s...", k_host->host);
+	    krb_warning("Getting host entry for %s...", k_host->host);
         host = gethostbyname(k_host->host);
         if (krb_debug) {
-	  krb_warning("%s.\n",
-		      host ? "Got it" : "Didn't get it");
+	    krb_warning("%s.\n",
+			host ? "Got it" : "Didn't get it");
         }
-        if (!host)
+        if (host == NULL)
             continue;
         no_host = 0;    /* found at least one */
-	while ((p = *(host->h_addr_list)++)) {
-	    hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1));
-	    if (hosts == NULL)
-		return SKDC_CANT;
-	    memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr));
-	    hosts[n_hosts].addr.sin_family = host->h_addrtype;
-	    hosts[n_hosts].addr.sin_port = htons(k_host->port);
-	    hosts[n_hosts].proto = k_host->proto;
-	    memcpy(&hosts[n_hosts].addr.sin_addr, p,
-		   sizeof(hosts[n_hosts].addr.sin_addr));
-	    ++n_hosts;
-	    if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto,
-			  &hosts[n_hosts-1].addr, hosts, n_hosts)) {
+
+	n_addrs = 0;
+	for (addr_list = host->h_addr_list; *addr_list != NULL; ++addr_list)
+	    ++n_addrs;
+
+	tmp = realloc (hosts, (n_hosts + n_addrs) * sizeof(*hosts));
+	if (tmp == NULL) {
+	    free (hosts);
+	    return SKDC_CANT;
+	}
+	hosts = tmp;
+
+	for (addr_list = host->h_addr_list, j = 0;
+	     (p = *addr_list) != NULL;
+	     ++addr_list, ++j) {
+	    memset (&hosts[n_hosts + j].addr, 0, sizeof(struct sockaddr_in));
+	    hosts[n_hosts + j].addr.sin_family = host->h_addrtype;
+	    hosts[n_hosts + j].addr.sin_port   = htons(k_host->port);
+	    hosts[n_hosts + j].proto           = k_host->proto;
+	    memcpy(&hosts[n_hosts + j].addr.sin_addr, p,
+		   sizeof(struct in_addr));
+	}
+
+	for (j = 0; j < n_addrs; ++j) {
+	    if (send_recv(pkt, rpkt, hosts[n_hosts + j].proto,
+			  &hosts[n_hosts + j].addr)) {
 		retval = KSUCCESS;
 		goto rtn;
 	    }
@@ -132,11 +173,11 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
 		krb_warning("Timeout, error, or wrong descriptor\n");
 	    }
 	}
+	n_hosts += j;
     }
     if (no_host) {
 	if (krb_debug)
-	    krb_warning("%s: can't find any Kerberos host.\n",
-			prog);
+	    krb_warning("send_to_kdc: can't find any Kerberos host.\n");
         retval = SKDC_CANT;
         goto rtn;
     }
@@ -145,9 +186,7 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm)
 	for (i = 0; i < n_hosts; ++i) {
 	    if (send_recv(pkt, rpkt,
 			  hosts[i].proto,
-			  &hosts[i].addr,
-			  hosts,
-			  n_hosts)) {
+			  &hosts[i].addr)) {
 		retval = KSUCCESS;
 		goto rtn;
 	    }
@@ -159,93 +198,297 @@ rtn:
     return(retval);
 }
 
-/*
- * try to send out and receive message.
- * return 1 on success, 0 on failure
- */
+static int
+udp_socket(void)
+{
+    return socket(AF_INET, SOCK_DGRAM, 0);
+}
 
 static int
-send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, 
-	     struct sockaddr_in *_to, struct host *addrs, int n_hosts)
+udp_connect(int s, struct sockaddr_in *adr)
 {
-    fd_set readfds;
-    int numsent;
-    
-    /* CLIENT_KRB_TIMEOUT indicates the time to wait before
-     * retrying a server.  It's defined in "krb.h".
-     */
-    struct timeval timeout;
-    timeout.tv_sec = CLIENT_KRB_TIMEOUT;
-    timeout.tv_usec = 0;
-
-    if (krb_debug) {
-        if (_to->sin_family == AF_INET)
-	    krb_warning("Sending message to %s...",
-			inet_ntoa(_to->sin_addr));
-        else
-	    krb_warning("Sending message...");
-    }
-    if(stream){
-	unsigned char tmp[4];
-	krb_put_int(pkt->length, tmp, 4);
-	if((numsent = send(f, tmp, 4, 0)) != 4){
-	    if (krb_debug)
-		krb_warning("sent only %d/%d\n", numsent, 4);
-	    return 0;
-	}
+    if(krb_debug) {
+	krb_warning("connecting to %s udp, port %d\n", 
+		    inet_ntoa(adr->sin_addr), 
+		    ntohs(adr->sin_port));
     }
-    if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) {
-        if (krb_debug)
-            krb_warning("sent only %d/%d\n",numsent, pkt->length);
-        return 0;
+    return connect(s, (struct sockaddr*)adr, sizeof(*adr));
+}
+
+static int
+udp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
+{
+    if(krb_debug) {
+	krb_warning("sending %d bytes to %s, udp port %d\n", 
+		    pkt->length,
+		    inet_ntoa(adr->sin_addr), 
+		    ntohs(adr->sin_port));
     }
-    if (krb_debug)
-	krb_warning("Sent\nWaiting for reply...");
-    FD_ZERO(&readfds);
-    FD_SET(f, &readfds);
-    /* select - either recv is ready, or timeout */
-    /* see if timeout or error or wrong descriptor */
-    if (select(f + 1, &readfds, 0, 0, &timeout) < 1
-        || !FD_ISSET(f, &readfds)) {
-        if (krb_debug)
-            krb_warning("select failed: errno = %d", errno);
-        return 0;
-    }
-    if(stream){
-	if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0)
-	    return 0;
-    }else{
-	if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) {
-	    if (krb_debug)
-		krb_warning("recvfrom: errno = %d\n", errno);
-	    return 0;
+    return send(s, pkt->dat, pkt->length, 0);
+}
+
+static int
+tcp_socket(void)
+{
+    return socket(AF_INET, SOCK_STREAM, 0);
+}
+
+static int
+tcp_connect(int s, struct sockaddr_in *adr)
+{
+    if(krb_debug) {
+	krb_warning("connecting to %s, tcp port %d\n", 
+		    inet_ntoa(adr->sin_addr), 
+		    ntohs(adr->sin_port));
+    }
+    return connect(s, (struct sockaddr*)adr, sizeof(*adr));
+}
+
+static int
+tcp_send(int s, struct sockaddr_in* adr, KTEXT pkt)
+{
+    unsigned char len[4];
+    if(krb_debug) {
+	krb_warning("sending %d bytes to %s, tcp port %d\n", 
+		    pkt->length,
+		    inet_ntoa(adr->sin_addr), 
+		    ntohs(adr->sin_port));
+    }
+    krb_put_int(pkt->length, len, sizeof(len), 4);
+    if(send(s, len, sizeof(len), 0) != sizeof(len))
+	return -1;
+    return send(s, pkt->dat, pkt->length, 0);
+}
+
+static int
+udptcp_recv(void *buf, size_t len, KTEXT rpkt)
+{
+    int pktlen = min(len, MAX_KTXT_LEN);
+
+    if(krb_debug)
+	krb_warning("recieved %lu bytes on udp/tcp socket\n", 
+		    (unsigned long)len);
+    memcpy(rpkt->dat, buf, pktlen);
+    rpkt->length = pktlen;
+    return 0;
+}
+
+static int
+url_parse(const char *url, char *host, size_t len, short *port)
+{
+    const char *p;
+    size_t n;
+
+    if(strncmp(url, "http://", 7))
+	return -1;
+    url += 7;
+    p = strchr(url, ':');
+    if(p) {
+	char *end;
+
+	*port = htons(strtol(p + 1, &end, 0));
+	if (end == p + 1)
+	    return -1;
+	n = p - url;
+    } else {
+	*port = k_getportbyname ("http", "tcp", htons(80));
+	p = strchr(url, '/');
+	if (p)
+	    n = p - url;
+	else
+	    n = strlen(url);
+    }
+    if (n >= len)
+	return -1;
+    memcpy(host, url, n);
+    host[n] = '\0';
+    return 0;
+}
+
+#define PROXY_VAR "krb4_proxy"
+
+static int
+http_connect(int s, struct sockaddr_in *adr)
+{
+    const char *proxy = krb_get_config_string(PROXY_VAR);
+    char host[MaxHostNameLen];
+    short port;
+    struct hostent *hp;
+    struct sockaddr_in sin;
+    if(proxy == NULL) {
+	if(krb_debug)
+	    krb_warning("Not using proxy.\n");
+	return tcp_connect(s, adr);
+    }
+    if(url_parse(proxy, host, sizeof(host), &port) < 0)
+	return -1;
+    hp = gethostbyname(host);
+    if(hp == NULL)
+	return -1;
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
+    sin.sin_port = port;
+    if(krb_debug) {
+	krb_warning("connecting to proxy on %s (%s) port %d\n", 
+		    host, inet_ntoa(sin.sin_addr), ntohs(port));
+    }
+    return connect(s, (struct sockaddr*)&sin, sizeof(sin));
+}
+
+static int
+http_send(int s, struct sockaddr_in* adr, KTEXT pkt)
+{
+    char *str;
+    char *msg;
+
+    if(base64_encode(pkt->dat, pkt->length, &str) < 0)
+	return -1;
+    if(krb_get_config_string(PROXY_VAR)) {
+	if(krb_debug) {
+	    krb_warning("sending %d bytes to %s, tcp port %d (via proxy)\n", 
+			pkt->length,
+			inet_ntoa(adr->sin_addr), 
+			ntohs(adr->sin_port));
+	}
+	asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n",
+		 inet_ntoa(adr->sin_addr),
+		 ntohs(adr->sin_port),
+		 str);
+    } else {
+	if(krb_debug) {
+	    krb_warning("sending %d bytes to %s, http port %d\n", 
+			pkt->length,
+			inet_ntoa(adr->sin_addr), 
+			ntohs(adr->sin_port));
 	}
+	asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str);
+    }
+    free(str);
+
+    if (msg == NULL)
+	return -1;
+	
+    if(send(s, msg, strlen(msg), 0) != strlen(msg)){
+	free(msg);
+	return -1;
     }
-    return 1;
+    free(msg);
+    return 0;
 }
 
 static int
-send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to,
-	  struct host *addrs, int n_hosts)
+http_recv(void *buf, size_t len, KTEXT rpkt)
 {
-    int f;
-    int ret = 0;
-    if(proto == IPPROTO_UDP)
-	f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-    else if(proto == IPPROTO_TCP)
-	f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    else{
-	krb_warning("Unknown protocol `%d'.\n", proto);
-	return 0;
+    char *p;
+    char *tmp = malloc(len + 1);
+
+    if (tmp == NULL)
+	return -1;
+    memcpy(tmp, buf, len);
+    tmp[len] = 0;
+    p = strstr(tmp, "\r\n\r\n");
+    if(p == NULL){
+	free(tmp);
+	return -1;
     }
+    p += 4;
+    if(krb_debug)
+	krb_warning("recieved %lu bytes on http socket\n", 
+		    (unsigned long)((tmp + len) - p));
+    if((tmp + len) - p > MAX_KTXT_LEN) {
+	free(tmp);
+	return -1;
+    }
+    if (strncasecmp (tmp, "HTTP/1.0 2", 10) != 0
+	&& strncasecmp (tmp, "HTTP/1.1 2", 10) != 0) {
+	free (tmp);
+	return -1;
+    }
+    memcpy(rpkt->dat, p, (tmp + len) - p);
+    rpkt->length = (tmp + len) - p;
+    free(tmp);
+    return 0;
+}
+
+static struct proto_descr {
+    int proto;
+    int stream_flag;
+    int (*socket)(void);
+    int (*connect)(int, struct sockaddr_in*);
+    int (*send)(int, struct sockaddr_in*, KTEXT);
+    int (*recv)(void*, size_t, KTEXT);
+} protos[] = {
+    { PROTO_UDP, 0, udp_socket, udp_connect, udp_send, udptcp_recv },
+    { PROTO_TCP, 1, tcp_socket, tcp_connect, tcp_send, udptcp_recv },
+    { PROTO_HTTP, 1, tcp_socket, http_connect, http_send, http_recv }
+};
+
+static int
+send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *adr)
+{
+    int i;
+    int s;
+    unsigned char buf[MAX_KTXT_LEN];
+    int offset = 0;
     
-    if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0)
-	krb_warning("Connecting socket: errno = %d\n", errno);
-    else
-	ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, 
-			   _to, addrs, n_hosts);
-    
-    close(f);
-    return ret;
+    for(i = 0; i < sizeof(protos) / sizeof(protos[0]); i++){
+	if(protos[i].proto == proto)
+	    break;
+    }
+    if(i == sizeof(protos) / sizeof(protos[0]))
+	return FALSE;
+    if((s = (*protos[i].socket)()) < 0)
+	return FALSE;
+    if((*protos[i].connect)(s, adr) < 0){
+	close(s);
+	return FALSE;
+    }
+    if((*protos[i].send)(s, adr, pkt) < 0){
+	close(s);
+	return FALSE;
+    }
+    do{
+	fd_set readfds;
+	struct timeval timeout;
+	int len;
+	timeout.tv_sec = client_timeout;
+	timeout.tv_usec = 0;
+	FD_ZERO(&readfds);
+	FD_SET(s, &readfds);
+	
+	/* select - either recv is ready, or timeout */
+	/* see if timeout or error or wrong descriptor */
+	if(select(s + 1, &readfds, 0, 0, &timeout) < 1 
+	   || !FD_ISSET(s, &readfds)) {
+	    if (krb_debug)
+		krb_warning("select failed: errno = %d\n", errno);
+	    close(s);
+	    return FALSE;
+	}
+	len = recv(s, buf + offset, sizeof(buf) - offset, 0);
+	if (len < 0) {
+	    close(s);
+	    return FALSE;
+	}
+	if(len == 0)
+	    break;
+	offset += len;
+    } while(protos[i].stream_flag);
+    close(s);
+    if((*protos[i].recv)(buf, offset, rpkt) < 0)
+	return FALSE;
+    return TRUE;
 }
 
+/* The configuration line "hosts: dns files" in /etc/nsswitch.conf is
+ * rumored to avoid triggering this bug. */
+#if defined(linux) && defined(HAVE__DNS_GETHOSTBYNAME) && 0
+/* Linux libc 5.3 is broken probably somewhere in nsw_hosts.o,
+ * for now keep this kludge. */
+static
+struct hostent *gethostbyname(const char *name)
+{
+  return (void *)_dns_gethostbyname(name);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c
index 4240bcf..3debc49 100644
--- a/crypto/kerberosIV/lib/krb/sendauth.c
+++ b/crypto/kerberosIV/lib/krb/sendauth.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $");
+RCSID("$Id: sendauth.c,v 1.17 1998/06/09 19:25:26 joda Exp $");
 
 /*
  * krb_sendauth() transmits a ticket over a file descriptor for a
@@ -130,6 +130,7 @@ krb_sendauth(int32_t options,	/* bit-pattern of options */
 	char tmp[4];
 	u_int32_t len;
 	char inst[INST_SZ];
+	char *i;
 
 	ret = krb_net_read (fd, tmp, 4);
 	if (ret < 0)
@@ -144,9 +145,10 @@ krb_sendauth(int32_t options,	/* bit-pattern of options */
 	    return -1;
 
 	if (options & KOPT_DONT_CANON)
-	    strncpy (inst, instance, sizeof(inst));
+	    i = instance;
 	else
-	    strncpy (inst, krb_get_phost(instance), sizeof(inst));
+	    i = krb_get_phost(instance);
+	strcpy_truncate (inst, i, sizeof(inst));
 
 	ret = krb_get_cred (service, inst, realm, cred);
 	if (ret != KSUCCESS)
diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c
index d64bbeb..e683416 100644
--- a/crypto/kerberosIV/lib/krb/sizetest.c
+++ b/crypto/kerberosIV/lib/krb/sizetest.c
@@ -1,24 +1,23 @@
 #include "krb_locl.h"
 
-RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $");
+RCSID("$Id: sizetest.c,v 1.6 1998/01/01 22:29:04 assar Exp $");
 
-static
-void
-err(const char *msg)
+static void
+fatal(const char *msg)
 {
   fputs(msg, stderr);
   exit(1);
 }
 
 int
-main()
+main(void)
 {
   if (sizeof(u_int8_t) < 1)
-    err("sizeof(u_int8_t) is smaller than 1 byte\n");
+    fatal("sizeof(u_int8_t) is smaller than 1 byte\n");
   if (sizeof(u_int16_t) < 2)
-    err("sizeof(u_int16_t) is smaller than 2 bytes\n");
+    fatal("sizeof(u_int16_t) is smaller than 2 bytes\n");
   if (sizeof(u_int32_t) < 4)
-    err("sizeof(u_int32_t) is smaller than 4 bytes\n");
+    fatal("sizeof(u_int32_t) is smaller than 4 bytes\n");
 
   if (sizeof(u_int8_t) > 1)
     fputs("warning: sizeof(u_int8_t) is larger than 1 byte, "
@@ -31,7 +30,7 @@ main()
       u <<= 1;
 
     if (i < 8)
-      err("u_int8_t is smaller than 8 bits\n");
+      fatal("u_int8_t is smaller than 8 bits\n");
     else if (i > 8)
       fputs("warning: u_int8_t is larger than 8 bits, "
 	    "some stuff may not work properly!\n", stderr);
diff --git a/crypto/kerberosIV/lib/krb/solaris_compat.c b/crypto/kerberosIV/lib/krb/solaris_compat.c
new file mode 100644
index 0000000..ff59dcb
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/solaris_compat.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: solaris_compat.c,v 1.2.6.1 1999/07/22 03:15:53 assar Exp $");
+
+#if (SunOS + 0) >= 50
+/*
+ * Compatibility with solaris' libkrb.
+ */
+
+int32_t
+_C0095C2A(void *in, void *out, u_int32_t length, 
+	  struct des_ks_struct *schedule, des_cblock *key, 
+	  struct sockaddr_in *sender, struct sockaddr_in *receiver)
+{
+    return krb_mk_priv (in, out, length, schedule, key, sender, receiver);
+}
+
+int32_t
+_C0095C2B(void *in, u_int32_t in_length, 
+	  struct des_ks_struct *schedule, des_cblock *key, 
+	  struct sockaddr_in *sender, struct sockaddr_in *receiver, 
+	  MSG_DAT *m_data)
+{
+    return krb_rd_priv (in, in_length, schedule, key,
+			sender, receiver, m_data);
+}
+
+void
+_C0095B2B(des_cblock *input,des_cblock *output,
+	  des_key_schedule ks,int enc)
+{
+    des_ecb_encrypt(input, output, ks, enc);
+}
+
+void
+_C0095B2A(des_cblock (*input),
+	  des_cblock (*output),
+	  long length,
+	  des_key_schedule schedule,
+	  des_cblock (*ivec),
+	  int encrypt)
+{
+  des_cbc_encrypt(input, output, length, schedule, ivec, encrypt);
+}
+
+void
+_C0095B2C(des_cblock (*input),
+	  des_cblock (*output),
+	  long length,
+	  des_key_schedule schedule,
+	  des_cblock (*ivec),
+	  int encrypt)
+{
+  des_pcbc_encrypt(input, output, length, schedule, ivec, encrypt);
+}
+#endif /* (SunOS-0) >= 50 */
diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c
index 2b00fc1..71a2cea 100644
--- a/crypto/kerberosIV/lib/krb/str2key.c
+++ b/crypto/kerberosIV/lib/krb/str2key.c
@@ -6,9 +6,9 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $");
+RCSID("$Id: str2key.c,v 1.12.2.1 1999/08/19 13:35:01 assar Exp $");
 
-static void
+static inline void
 mklower(char *s)
 {
     for (; *s; s++)
@@ -19,8 +19,8 @@ mklower(char *s)
 /*
  * Short passwords, i.e 8 characters or less.
  */
-static void
-afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
+static inline void
+afs_cmu_StringToKey(const char *str, const char *cell, des_cblock *key)
 {
     char  password[8+1];	/* crypt is limited to 8 chars anyway */
     int   i;
@@ -29,7 +29,7 @@ afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
     memset (key, 0, sizeof(key));
     memset(password, 0, sizeof(password));
 
-    strncpy (password, cell, 8);
+    strcpy_truncate (password, cell, sizeof(password));
     passlen = strlen (str);
     if (passlen > 8) passlen = 8;
 
@@ -41,7 +41,7 @@ afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
 
     /* crypt only considers the first 8 characters of password but for some
        reason returns eleven characters of result (plus the two salt chars). */
-    strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock));
+    strncpy((char *)key, crypt(password, "p1") + 2, sizeof(des_cblock));
 
     /* parity is inserted into the LSB so leftshift each byte up one bit.  This
        allows ascii characters with a zero MSB to retain as much significance
@@ -60,8 +60,8 @@ afs_cmu_StringToKey (char *str, char *cell, des_cblock *key)
 /*
  * Long passwords, i.e 9 characters or more.
  */
-static void
-afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
+static inline void
+afs_transarc_StringToKey(const char *str, const char *cell, des_cblock *key)
 {
     des_key_schedule schedule;
     des_cblock temp_key;
@@ -69,10 +69,11 @@ afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
     char password[512];
     int  passlen;
 
-    strncpy (password, str, sizeof(password));
+    strcpy_truncate (password, str, sizeof(password));
     if ((passlen = strlen (password)) < sizeof(password)-1)
-        strncat (password, cell, sizeof(password)-passlen);
-    if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password);
+        strcat_truncate (password, cell, sizeof(password));
+    if ((passlen = strlen(password)) > sizeof(password))
+	passlen = sizeof(password);
 
     memcpy(&ivec, "kerberos", 8);
     memcpy(&temp_key, "kerberos", 8);
@@ -89,11 +90,11 @@ afs_transarc_StringToKey (char *str, char *cell, des_cblock *key)
 }
 
 void
-afs_string_to_key(char *str, char *cell, des_cblock *key)
+afs_string_to_key(const char *str, const char *cell, des_cblock *key)
 {
-    char realm[REALM_SZ+1];
-    strncpy(realm, cell, REALM_SZ);
-    realm[REALM_SZ] = 0;
+    char realm[REALM_SZ];
+
+    strcpy_truncate(realm, cell, REALM_SZ);
     mklower(realm);
 
     if (strlen(str) > 8)
diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c
index a196448..27a6125 100644
--- a/crypto/kerberosIV/lib/krb/tf_util.c
+++ b/crypto/kerberosIV/lib/krb/tf_util.c
@@ -21,7 +21,7 @@ or implied warranty.
         
 #include "krb_locl.h"
 
-RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $");
+RCSID("$Id: tf_util.c,v 1.35 1999/06/29 21:18:11 bg Exp $");
 
 
 #define TOO_BIG -1
@@ -121,6 +121,11 @@ static int tf_read(void *s, int n);
  * TKT_FIL_LCK  - couldn't lock the file, even after a retry
  */
 
+#ifdef _NO_LOCKING
+#undef flock
+#define flock(F, M) 0
+#endif
+
 int
 tf_init(char *tf_name, int rw)
 {
@@ -148,18 +153,21 @@ tf_init(char *tf_name, int rw)
     default:
       return TKT_FIL_ACC;
     }
-  /* The old code tried to guess when the calling program was
-   * running set-uid, this is now removed - the kerberos library
-   * does not (or shouldn't) know anything about user-ids.
-
-   * All library functions now assume that the right userids are set
-   * upon entry, therefore there is no need to test permissions like
-   * before. If the file is openable, just open it.
-   */
-
-  if(!S_ISREG(stat_buf.st_mode))
+  if (!S_ISREG(stat_buf.st_mode))
     return TKT_FIL_ACC;
 
+  /* The code tries to guess when the calling program is running
+   * set-uid and prevent unauthorized access.
+   *
+   * All library functions now assume that the right set of userids
+   * are set upon entry, therefore it's not strictly necessary to
+   * perform these test for programs adhering to these assumptions.
+   */
+  {
+    uid_t me = getuid();
+    if (stat_buf.st_uid != me && me != 0)
+      return TKT_FIL_ACC;
+  }
 
   /*
    * If "wflag" is set, open the ticket file in append-writeonly mode
@@ -177,7 +185,7 @@ tf_init(char *tf_name, int rw)
       return TKT_FIL_ACC;
     }
     for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
-      if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+      if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
 	if (krb_debug)
 	  krb_warning("tf_init: retry %d of write lock of `%s'.\n",
 		      i_retry, tf_name);
@@ -201,7 +209,7 @@ tf_init(char *tf_name, int rw)
   }
 
   for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) {
-    if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) {
+    if (flock(fd, LOCK_SH | LOCK_NB) < 0) {
       if (krb_debug)
 	krb_warning("tf_init: retry %d of read lock of `%s'.\n",
 		    i_retry, tf_name);
@@ -252,9 +260,9 @@ tf_create(char *tf_name)
   fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
   if (fd < 0)
     return TKT_FIL_ACC;
-  if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+  if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
     sleep(TF_LCK_RETRY);
-    if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) {
+    if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
       close(fd);
       fd = -1;
       return TKT_FIL_LCK;
@@ -295,7 +303,7 @@ tf_get_pname(char *p)
  */
 
 int
-tf_put_pname(char *p)
+tf_put_pname(const char *p)
 {
   unsigned count;
 
@@ -343,7 +351,7 @@ tf_get_pinst(char *inst)
  */
 
 int
-tf_put_pinst(char *inst)
+tf_put_pinst(const char *inst)
 {
   unsigned count;
 
@@ -369,6 +377,9 @@ tf_put_pinst(char *inst)
  * EOF          - end of file encountered
  */
 
+#define MAGIC_TICKET_NAME "magic"
+#define MAGIC_TICKET_INST "time-diff"
+	  
 int
 tf_get_cred(CREDENTIALS *c)
 {
@@ -380,6 +391,7 @@ tf_get_cred(CREDENTIALS *c)
       krb_warning ("tf_get_cred called before tf_init.\n");
     return TKT_FIL_INI;
   }
+again:
   if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
     switch (k_errno) {
     case TOO_BIG:
@@ -431,6 +443,16 @@ tf_get_cred(CREDENTIALS *c)
       krb_warning ("tf_get_cred: failed tf_read.\n");
     return TKT_FIL_FMT;
   }
+  if(strcmp(c->service, MAGIC_TICKET_NAME) == 0 &&
+     strcmp(c->instance, MAGIC_TICKET_INST) == 0) {
+      /* we found the magic `time diff' ticket; update the kdc time
+         differential, and then get the next ticket */
+      u_int32_t d;
+
+      krb_get_int(c->ticket_st.dat, &d, 4, 0);
+      krb_set_kdc_time_diff(d);
+      goto again;
+  }
   return KSUCCESS;
 }
 
@@ -446,7 +468,7 @@ void
 tf_close(void)
 {
   if (!(fd < 0)) {
-    k_flock(fd, K_LOCK_UN);
+    flock(fd, LOCK_UN);
     close(fd);
     fd = -1;		/* see declaration of fd above */
   }
@@ -603,9 +625,9 @@ tf_save_cred(char *service,	/* Service name */
 bad:
   return (KFAILURE);
 }
-	  
+
 int
-tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
+tf_setup(CREDENTIALS *cred, const char *pname, const char *pinst)
 {
     int ret;
     ret = tf_create(tkt_string());
@@ -617,7 +639,20 @@ tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
 	tf_close();
 	return INTK_ERR;
     }
-
+    
+    if(krb_get_kdc_time_diff() != 0) {
+	/* Add an extra magic ticket containing the time differential
+           to the kdc. The first ticket defines which realm we belong
+           to, but since this ticket gets the same realm as the tgt,
+           this shouldn't be a problem */
+	des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 };
+	KTEXT_ST t;
+	int d = krb_get_kdc_time_diff();
+	krb_put_int(d, t.dat, sizeof(t.dat), 4);
+	t.length = 4;
+	tf_save_cred(MAGIC_TICKET_NAME, MAGIC_TICKET_INST, cred->realm, s, 
+		     cred->lifetime, 0, &t, cred->issue_date);
+    }
     ret = tf_save_cred(cred->service, cred->instance, cred->realm, 
 		       cred->session, cred->lifetime, cred->kvno,
 		       &cred->ticket_st, cred->issue_date);
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c
index 04e20b6..d1fab2e 100644
--- a/crypto/kerberosIV/lib/krb/ticket_memory.c
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -45,7 +45,7 @@
 #include "krb_locl.h"
 #include "ticket_memory.h"
 
-RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $");
+RCSID("$Id: ticket_memory.c,v 1.13 1998/08/23 18:07:41 assar Exp $");
 
 void msg(char *text, int error);
 
@@ -55,40 +55,36 @@ tktmem	*SharedMemory;
 
 static int CredIndex = -1;
 
+void PostUpdateMessage(void);
+
 int
 newTktMem(const char *tf_name)
 {
-    if(!SharedMemory)
-    {
-	unsigned int MemorySize = sizeof(tktmem);
-	unsigned int MemorySizeHi = sizeof(tktmem)>>16;
-	unsigned int MemorySizeLo = MemorySize&0xFFFF;
-	SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0,
+    if(!SharedMemory){
+	SharedMemoryHandle = CreateFileMapping((HANDLE)-1, 0,
 					       PAGE_READWRITE,
-					       MemorySizeHi, MemorySizeLo,
+					       sizeof(tktmem) >> 16,
+					       sizeof(tktmem) & 0xffff,
 					       "krb_memory");
-
-	if(!SharedMemoryHandle)
-	{
+	
+	if(!SharedMemoryHandle){
 	    msg("Could not create shared memory.", GetLastError());
 	    return KFAILURE;
 	}
 		
 	SharedMemory = MapViewOfFile(SharedMemoryHandle,
 				     FILE_MAP_WRITE, 0, 0, 0);
-	if(!SharedMemory)
-	{
+	if(!SharedMemory){
 	    msg("Unable to alloc shared memory.", GetLastError());
 	    return KFAILURE;
 	}
-	if(GetLastError() != ERROR_ALREADY_EXISTS)
-	{
+	if(GetLastError() != ERROR_ALREADY_EXISTS) {
+            memset(SharedMemory, 0, sizeof(*SharedMemory));
 	    if(tf_name)
-		strcpy(SharedMemory->tmname, tf_name);
-	    SharedMemory->last_cred_no = 0;
+		strcpy_truncate(SharedMemory->tmname,
+				tf_name, sizeof(SharedMemory->tmname));
 	}
     }
-	
     CredIndex = 0;
     return KSUCCESS;
 }
@@ -96,8 +92,7 @@ newTktMem(const char *tf_name)
 int
 freeTktMem(const char *tf_name)
 {
-    if(SharedMemory)
-    {
+    if(SharedMemory) {
 	UnmapViewOfFile(SharedMemory);
 	CloseHandle(SharedMemoryHandle);
     }
@@ -184,9 +179,8 @@ in_tkt(char *pname, char *pinst)
 int
 dest_tkt(void)
 {
-    /* Here goes code to destroy tickets in shared memory. */
-    /* Not implemented yet. */
-    return KFAILURE;
+    memset(getTktMem(0), 0, sizeof(tktmem));
+    return 0;
 }
 
 /* Short description of routines:
@@ -265,9 +259,9 @@ tf_get_pname(char *p)
 
     if(!(TktStore =  getTktMem(0)))
 	return KFAILURE;
-    if(!TktStore->pname)
+    if(!TktStore->pname[0])
 	return KFAILURE;
-    strcpy(p, TktStore->pname);
+    strcpy_truncate(p, TktStore->pname, ANAME_SZ);
     return KSUCCESS;
 }
 
@@ -283,9 +277,7 @@ tf_put_pname(char *p)
 
     if(!(TktStore =  getTktMem(0)))
 	return KFAILURE;
-    if(!TktStore->pname)
-	return KFAILURE;
-    strcpy(TktStore->pname, p);
+    strcpy_truncate(TktStore->pname, p, sizeof(TktStore->pname));
     return KSUCCESS;
 }
 
@@ -306,9 +298,7 @@ tf_get_pinst(char *inst)
 
     if(!(TktStore =  getTktMem(0)))
 	return KFAILURE;
-    if(!TktStore->pinst)
-	return KFAILURE;
-    strcpy(inst, TktStore->pinst);
+    strcpy_truncate(inst, TktStore->pinst, INST_SZ);
     return KSUCCESS;
 }
 
@@ -324,9 +314,7 @@ tf_put_pinst(char *inst)
 
     if(!(TktStore =  getTktMem(0)))
 	return KFAILURE;
-    if(!TktStore->pinst)
-	return KFAILURE;
-    strcpy(TktStore->pinst, inst);
+    strcpy_truncate(TktStore->pinst, inst, sizeof(TktStore->pinst));
     return KSUCCESS;
 }
 
@@ -350,10 +338,11 @@ tf_get_cred(CREDENTIALS *c)
 
     if(!(TktStore =  getTktMem(0)))
 	return KFAILURE;
+    krb_set_kdc_time_diff(TktStore->kdc_diff);
     if((index = nextCredIndex()) == -1)
 	return EOF;
     if(!(cred = TktStore->cred_vec+index))
-       return KFAILURE;
+	return KFAILURE;
     if(!c)
 	return KFAILURE;
     memcpy(c, cred, sizeof(*c));
@@ -402,20 +391,31 @@ tf_save_cred(char *service,	/* Service name */
     if(last == -1)
 	return KFAILURE;
     cred = mem->cred_vec+last;
-    strcpy(cred->service, service);
-    strcpy(cred->instance, instance);
-    strcpy(cred->realm, realm);
-    strcpy(cred->session, session);
+    strcpy_truncate(cred->service, service, sizeof(cred->service));
+    strcpy_truncate(cred->instance, instance, sizeof(cred->instance));
+    strcpy_truncate(cred->realm, realm, sizeof(cred->realm));
+    memcpy(cred->session, session, sizeof(cred->session));
     cred->lifetime = lifetime;
     cred->kvno = kvno;
     memcpy(&(cred->ticket_st), ticket, sizeof(*ticket));
     cred->issue_date = issue_date;
-    strcpy(cred->pname, mem->pname);
-    strcpy(cred->pinst, mem->pinst);
+    strcpy_truncate(cred->pname, mem->pname, sizeof(cred->pname));
+    strcpy_truncate(cred->pinst, mem->pinst, sizeof(cred->pinst));
+    PostUpdateMessage();
     return KSUCCESS;
 }
 
 
+static void
+set_time_diff(time_t diff)
+{
+    tktmem *TktStore = getTktMem(0);
+    if(TktStore == NULL)
+	return;
+    TktStore->kdc_diff = diff;
+}
+
+
 int
 tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
 {
@@ -430,6 +430,8 @@ tf_setup(CREDENTIALS *cred, char *pname, char *pinst)
 	return INTK_ERR;
     }
 
+    set_time_diff(krb_get_kdc_time_diff());
+
     ret = tf_save_cred(cred->service, cred->instance, cred->realm, 
 		       cred->session, cred->lifetime, cred->kvno,
 		       &cred->ticket_st, cred->issue_date);
diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h
index e85e1a4..307fb9a 100644
--- a/crypto/kerberosIV/lib/krb/ticket_memory.h
+++ b/crypto/kerberosIV/lib/krb/ticket_memory.h
@@ -40,7 +40,7 @@
  * Author: d93-jka@nada.kth.se - June 1996
  */
 
-/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */
+/* $Id: ticket_memory.h,v 1.7 1998/06/03 02:31:05 joda Exp $ */
 
 #ifndef	TICKET_MEMORY_H
 #define TICKET_MEMORY_H
@@ -56,6 +56,7 @@ typedef struct _tktmem
   char pinst[INST_SZ];	/* Principal's instance */
   int last_cred_no;
   CREDENTIALS cred_vec[CRED_VEC_SZ];
+  time_t kdc_diff;
 } tktmem;
 
 int newTktMem(const char *tf_name);
diff --git a/crypto/kerberosIV/lib/krb/time.c b/crypto/kerberosIV/lib/krb/time.c
new file mode 100644
index 0000000..23831cf
--- /dev/null
+++ b/crypto/kerberosIV/lib/krb/time.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "krb_locl.h"
+
+RCSID("$Id: time.c,v 1.3 1998/09/30 22:36:19 assar Exp $");
+
+/* number of seconds the kdc clock is ahead of us */
+static int time_diff;
+
+void
+krb_set_kdc_time_diff(int diff)
+{
+    time_diff = diff;
+    if(krb_debug) 
+	krb_warning("Setting time diff to %d\n", diff);
+}
+
+int
+krb_get_kdc_time_diff(void)
+{
+    return time_diff;
+}
+
+/* return the time at the kdc (local time corrected with a time
+   differential) */
+void
+krb_kdctimeofday(struct timeval *tv)
+{
+    time_t t;
+
+    gettimeofday(tv, NULL);
+    t = tv->tv_sec;
+
+    if(krb_debug) 
+	krb_warning("Machine time: %s", ctime(&t));
+    t += krb_get_kdc_time_diff();
+    if(krb_debug) 
+	krb_warning("Correcting to %s", ctime(&t));
+    tv->tv_sec = t;
+}
diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c
index 2914abb..2c81288 100644
--- a/crypto/kerberosIV/lib/krb/tkt_string.c
+++ b/crypto/kerberosIV/lib/krb/tkt_string.c
@@ -21,7 +21,7 @@ or implied warranty.
 
 #include "krb_locl.h"
 
-RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $");
+RCSID("$Id: tkt_string.c,v 1.14 1998/06/09 19:25:28 joda Exp $");
 
 /*
  * This routine is used to generate the name of the file that holds
@@ -39,25 +39,19 @@ RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $");
 
 static char krb_ticket_string[MaxPathLen] = "";
 
-#ifndef HAVE_GETUID
-int getuid(void)
-{
-    return 27;
-}
-#endif
-
-char *tkt_string(void)
+char *
+tkt_string(void)
 {
     char *env;
 
     if (!*krb_ticket_string) {
         if ((env = getenv("KRBTKFILE"))) {
-	    strncpy(krb_ticket_string, env,
-			   sizeof(krb_ticket_string)-1);
-	    krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
+	    strcpy_truncate (krb_ticket_string,
+			     env,
+			     sizeof(krb_ticket_string));
 	} else {
 	    snprintf(krb_ticket_string, sizeof(krb_ticket_string),
-		     "%s%u",TKT_ROOT,(unsigned)getuid());
+		     "%s%u",TKT_ROOT, (unsigned)getuid());
         }
     }
     return krb_ticket_string;
@@ -75,11 +69,7 @@ char *tkt_string(void)
  */
 
 void
-krb_set_tkt_string(char *val)
+krb_set_tkt_string(const char *val)
 {
-
-    strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1);
-    krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
-
-    return;
+    strcpy_truncate (krb_ticket_string, val, sizeof(krb_ticket_string));
 }
diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c
index ddb938f..9d39f1d 100644
--- a/crypto/kerberosIV/lib/krb/unparse_name.c
+++ b/crypto/kerberosIV/lib/krb/unparse_name.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $");
+RCSID("$Id: unparse_name.c,v 1.8 1998/06/09 19:25:28 joda Exp $");
 
 static void
 quote_string(char *quote, char *from, char *to)
@@ -74,12 +74,13 @@ krb_unparse_name_long_r(char *name, char *instance, char *realm,
 			char *fullname)
 {
     krb_principal pr;
+
     memset(&pr, 0, sizeof(pr));
-    strcpy(pr.name, name);
+    strcpy_truncate(pr.name, name, sizeof(pr.name));
     if(instance)
-	strcpy(pr.instance, instance);
+	strcpy_truncate(pr.instance, instance, sizeof(pr.instance));
     if(realm)
-	strcpy(pr.realm, realm);
+	strcpy_truncate(pr.realm, realm, sizeof(pr.realm));
     return krb_unparse_name_r(&pr, fullname);
 }
 
@@ -95,11 +96,12 @@ char *
 krb_unparse_name_long(char *name, char *instance, char *realm)
 {
     krb_principal pr;
+
     memset(&pr, 0, sizeof(pr));
-    strcpy(pr.name, name);
+    strcpy_truncate(pr.name, name, sizeof(pr.name));
     if(instance)
-	strcpy(pr.instance, instance);
+	strcpy_truncate(pr.instance, instance, sizeof(pr.instance));
     if(realm)
-	strcpy(pr.realm, realm);
+	strcpy_truncate(pr.realm, realm, sizeof(pr.realm));
     return krb_unparse_name(&pr);
 }
diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c
index ce22b59..de692dd 100644
--- a/crypto/kerberosIV/lib/krb/verify_user.c
+++ b/crypto/kerberosIV/lib/krb/verify_user.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,22 +38,38 @@
 
 #include "krb_locl.h"
 
-RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $");
+RCSID("$Id: verify_user.c,v 1.14 1999/03/16 17:31:39 assar Exp $");
 
-/* Verify user with password. If secure, also verify against local
- * service key, this can (usually) only be done by root.
+/*
+ * Verify user (name.instance@realm) with `password'.
+ *
+ * If secure, also verify against local
+ * service key (`linstance'.hostname) (or rcmd if linstance == NULL),
+ * this can (usually) only be done by root.
+ *
+ * If secure == KRB_VERIFY_SECURE, fail if there's no key.
+ * If secure == KRB_VERIFY_SECURE_FAIL, don't fail if there's no such
+ * key in the srvtab.
  *
  * As a side effect, fresh tickets are obtained.
  *
+ * srvtab is where the key is found.
+ * 
  * Returns zero if ok, a positive kerberos error or -1 for system
  * errors.
  */
 
-int
-krb_verify_user(char *name, char *instance, char *realm, char *password, 
-		int secure, char *linstance)
+static int
+krb_verify_user_srvtab_exact(char *name,
+			     char *instance,
+			     char *realm,
+			     char *password, 
+			     int secure,
+			     char *linstance,
+			     char *srvtab)
 {
     int ret;
+
     ret = krb_get_pw_in_tkt(name, instance, realm,
 			    KRB_TICKET_GRANTING_TICKET,
 			    realm,
@@ -61,7 +77,7 @@ krb_verify_user(char *name, char *instance, char *realm, char *password,
     if(ret != KSUCCESS)
 	return ret;
 
-    if(secure){
+    if(secure == KRB_VERIFY_SECURE || secure == KRB_VERIFY_SECURE_FAIL){
 	struct hostent *hp;
 	int32_t addr;
 	
@@ -72,7 +88,7 @@ krb_verify_user(char *name, char *instance, char *realm, char *password,
 	char hostname[MaxHostNameLen];
 	char *phost;
 
-	if (k_gethostname(hostname, sizeof(hostname)) == -1) {
+	if (gethostname(hostname, sizeof(hostname)) == -1) {
 	    dest_tkt();
 	    return -1;
 	}
@@ -94,13 +110,21 @@ krb_verify_user(char *name, char *instance, char *realm, char *password,
 	if (linstance == NULL)
 	    linstance = "rcmd";
 
+	if(secure == KRB_VERIFY_SECURE_FAIL) {
+	    des_cblock key;
+	    ret = read_service_key(linstance, phost, lrealm, 0, srvtab, &key);
+	    memset(key, 0, sizeof(key));
+	    if(ret == KFAILURE)
+		return 0;
+	}
+	
 	ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33);
 	if(ret != KSUCCESS){
 	    dest_tkt();
 	    return ret;
 	}
 	
-	ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, "");
+	ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, srvtab);
 	if(ret != KSUCCESS){
 	    dest_tkt();
 	    return ret;
@@ -109,3 +133,77 @@ krb_verify_user(char *name, char *instance, char *realm, char *password,
     return 0;
 }
 		
+/*
+ *
+ */
+
+int
+krb_verify_user_srvtab(char *name,
+		       char *instance,
+		       char *realm,
+		       char *password, 
+		       int secure,
+		       char *linstance,
+		       char *srvtab)
+{
+  int n;
+  char rlm[256];
+#define ERICSSON_COMPAT 1
+#ifdef  ERICSSON_COMPAT
+  FILE *f;
+
+  f = fopen ("/etc/krb.localrealms", "r");
+  if (f != NULL) {
+    while (fgets(rlm, sizeof(rlm), f) != NULL) {
+      if (rlm[strlen(rlm) - 1] == '\n')
+	rlm[strlen(rlm) - 1] = '\0';
+
+      if (krb_verify_user_srvtab_exact(name, instance, rlm, password,
+				       secure, linstance, srvtab)
+	  == KSUCCESS) {
+	fclose(f);
+	return KSUCCESS;
+      }
+    }
+    fclose (f);
+    return krb_verify_user_srvtab_exact(name, instance, realm, password,
+					secure, linstance, srvtab);
+  }
+#endif
+  /* First try to verify against the supplied realm. */
+  if (krb_verify_user_srvtab_exact(name, instance, realm, password,
+				   secure, linstance, srvtab)
+      == KSUCCESS)
+    return KSUCCESS;
+
+  /* Verify all local realms, except the supplied realm. */
+  for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
+    if (strcmp(rlm, realm) != 0)
+      if (krb_verify_user_srvtab_exact(name, instance, rlm, password,
+				       secure, linstance, srvtab)
+	  == KSUCCESS)
+	return KSUCCESS;
+
+  return KFAILURE;
+}
+
+/*
+ * Compat function without srvtab.
+ */
+
+int
+krb_verify_user(char *name,
+		char *instance,
+		char *realm,
+		char *password, 
+		int secure,
+		char *linstance)
+{
+    return krb_verify_user_srvtab (name,
+				   instance,
+				   realm,
+				   password,
+				   secure,
+				   linstance,
+				   KEYFILE);
+}
diff --git a/crypto/kerberosIV/lib/roken/ChangeLog b/crypto/kerberosIV/lib/roken/ChangeLog
new file mode 100644
index 0000000..6c51e17
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/ChangeLog
@@ -0,0 +1,373 @@
+1999-07-08  Johan Danielsson  <joda@pdc.kth.se>
+
+	* roken.awk: use puts, as suggested by Jeffrey Hutzelman
+	<jhutz+@cmu.edu>
+
+1999-07-06  Assar Westerlund  <assar@sics.se>
+
+	* readv.c (readv): typo
+
+1999-07-03  Assar Westerlund  <assar@sics.se>
+
+	* writev.c (writev): error check malloc properly
+
+	* sendmsg.c (sendmsg): error check malloc properly
+
+	* resolve.c (parse_reply): error check malloc properly
+
+	* recvmsg.c (recvmsg): error check malloc properly
+
+	* readv.c (readv): error check malloc properly
+
+1999-06-23  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (acc_units): move the special case of 0 -> 1 to
+ 	parse_something to avoid having it happen at the end of the string
+
+1999-06-15  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add get_default_username
+
+	* get_default_username.c: new file
+
+	* roken.h.in (get_default_username): add prototype
+
+	* Makefile.am: add get_default_username
+
+1999-05-08  Assar Westerlund  <assar@sics.se>
+
+	* xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
+
+	* strnlen.c (strnlen): update prototype
+
+	* Makefile.am: strndup.c: add
+
+	* Makefile.in: strndup.c: add
+
+	* roken.h.in (strndup): add
+	(strnlen): update prototype
+
+	* strndup.c: new file
+
+Fri Apr 16 17:59:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: include strsep prototype if needed
+
+Thu Apr 15 14:04:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: make make-print-version.o depend on version.h
+
+Wed Apr  7 14:11:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: make it compile w/o krb4
+
+Sat Mar 27 17:33:03 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
+
+	* snprintf.c (vasnprintf): correct check if realloc returns NULL
+
+Sat Mar 27 12:37:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: link print_version with -ldes to avoid unresolved
+ 	references if -lkrb is shared
+
+Sat Mar 20 03:42:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* roken-common.h (eread, ewrite): add
+
+	* simple_exec.c: add <roken.h>
+
+Fri Mar 19 21:29:58 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add eread, ewrite
+
+	* eread.c, ewrite.c: new files
+
+	* Makefile.am (libroken_la_SOURCES): add eread and ewrite
+
+Fri Mar 19 14:52:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add version-info
+
+Thu Mar 18 12:53:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: remove include_dir hack
+
+	* Makefile.am: parse_units.h
+
+	* Makefile.am: include Makefile.am.common
+
+Sat Mar 13 23:31:35 1999  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add glob.c
+
+Thu Mar 11 15:02:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* iruserok.c: move innetgr() to separate file
+
+	* innetgr.c: move innetgr() to separate file
+
+	* hstrerror.c (hstrerror): add const to return type
+
+	* erealloc.c: fix types in format string
+
+	* emalloc.c: fix types in format string
+
+Wed Mar 10 16:36:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* resolve.c: ugly fix for crays
+
+Mon Mar  8 11:52:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* roken.h.in: protos for {un,}setenv
+
+1999-02-16  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add fnmatch
+
+	* roken-common.h (abs): add
+
+Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
+
+	* emalloc.c, erealloc.c, estrup.c: new files
+
+	* roken.h.in (mkstemp, gethostname): also includes prototypes if
+ 	they are needed.
+
+1998-12-23  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: mkstemp: add prototype
+
+1998-12-20  Assar Westerlund  <assar@sics.se>
+
+	* snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
+
+	* roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
+
+	* roken-common.h: __attribute__: check for autoconf'd
+	HAVE___ATTRIBUTE__ instead of GNUC
+
+Sun Dec  6 19:53:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (parse_something): func is called with val == 0 if
+ 	no unit was given
+	(acc_flags, acc_units): update to new standard
+
+Fri Nov 27 03:09:42 1998  Assar Westerlund  <assar@sics.se>
+
+	* resolve.c (stot): constify
+	(type_to_string): always declare
+	(dns_lookup_int): correct debug output
+
+Thu Nov 26 23:43:55 1998  Assar Westerlund  <assar@sics.se>
+
+	* resolve.c (dns_lookup_int): send rr_class to res_search
+
+Thu Nov 26 17:09:47 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* resolve.c: some cleanup
+
+	* resolve.h: add T_NAPTR
+
+Sun Nov 22 10:23:07 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (WFLAGS): set
+
+	* k_getpwnam.c (k_getpwnam): check for `struct spwd'
+
+	* k_getpwuid.c (k_getpwuid): check for `struct spwd'
+
+Tue Sep  8 05:18:31 1998  Assar Westerlund  <assar@sics.se>
+
+	* recvmsg.c (recvmsg): patch from bpreece@unity.ncsu.edu
+
+Fri Sep  4 16:29:27 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* vsyslog.c: asprintf -> vasprintf
+
+Tue Aug 18 22:25:52 1998  Assar Westerlund  <assar@sics.se>
+
+	* getarg.h (arg_printusage): new signature
+
+	* getarg.c (arg_printusage): new parameter `progname'.  NULL means
+ 	__progname.
+
+Sun Aug  9 14:53:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: net_{read,write}.c
+
+Fri Jul 24 21:56:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* simple_exec.c (simple_execvp): loop around waitpid when errno ==
+ 	EINTR
+
+Thu Jul 23 20:24:35 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: net_{read,write}.c
+
+Wed Jul 22 21:38:35 1998  Assar Westerlund  <assar@sics.se>
+
+	* simple_exec.c (simple_execlp): initialize `argv'
+
+Mon Jul 13 23:01:22 1998  Assar Westerlund  <assar@sics.se>
+
+	* inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
+ 	use a copy instead
+
+Fri Jul 10 01:20:08 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (net_write, net_read): add prototypes
+
+	* Makefile.in: net_{read,write}.c: add
+
+	* net_{read,write}.c: new files
+
+Tue Jun 30 17:29:09 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in (issuid): add
+
+	* get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
+ 	fields
+
+Sun May 31 03:24:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Put short and long options in
+ 	SYNOPSIS within the same [ ] pair.
+
+Sat May 30 00:13:01 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (arg_printusage): try to keep options shorter than
+ 	column width
+
+	* get_window_size.c (get_window_size): check COLUMNS and LINES
+
+Fri May 29 00:05:04 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Put short and long options in
+ 	DESCRIPTION on the same line.
+
+	* getarg.c (arg_match_long): make sure you only get an exact match
+ 	if the strings are the same length
+
+Thu May 14 02:23:40 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.awk: stupid cray awk wants \#
+
+Fri May  1 01:29:36 1998  Assar Westerlund  <assar@sics.se>
+
+	* print_version.c (print_version): according to ISO/ANSI C the
+ 	elements of `arg' are not constant and therefore not settable at
+ 	compile-time.  Set the at run-time instead.
+
+Sun Apr 19 10:00:06 1998  Assar Westerlund  <assar@sics.se>
+
+	* roken.h.in: include paths.h
+
+Sun Apr  5 12:30:49 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (SOURCES): add roken_gethostby.c to make solaris
+ 	make happy
+
+Thu Mar 19 20:41:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* simple_exec.c: Simple fork+exec system() replacement.
+
+Fri Mar  6 00:21:53 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* roken_gethostby.c: Make `roken_gethostby_setup' take url-like
+ 	specification instead of split up versions. Makes it easier for
+ 	calling applications.
+
+	* roken_gethostby.c: Another miracle of the 20th century:
+ 	gethostby* over HTTP.
+
+Sat Feb 21 15:18:36 1998  assar westerlund  <assar@sics.se>
+
+	* parse_time.c (unparse_time_approx): new function that calls
+ 	`unparse_units_approx'
+
+	* parse_units.c (unparse_units_approx): new function that will
+ 	only print the first unit.
+
+	* Makefile.in: include parse_{time,units}
+
+Thu Feb 12 03:30:08 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse_time.c (print_time_table): don't return a void value.
+
+Tue Feb  3 11:06:24 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c (mandoc_template): Change date format to full month
+ 	name, and day of month without leading zero.
+
+Thu Jan 22 21:23:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c: Fix long form of negative flags.
+
+Mon Dec 29 23:31:10 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* roken.h.in: Include <err.h>, to get linux __progname.
+
+Sun Dec 21 09:45:18 1997  Assar Westerlund  <assar@sics.se>
+
+	* parse_time.c (print_time_table): new function
+
+	* parse_units.c (print_flags_table, print_units_table): new
+ 	functions.
+
+Thu Dec  4 02:51:46 1997  Assar Westerlund  <assar@sics.se>
+
+	* iruserok.c: moved here.
+
+	* snprintf.c (sn_append_char): don't write any terminating zero.
+	(as_reserve): don't loop.  better heuristic for how much space to
+ 	realloc.
+	(vasnprintf): simplify initializing to one.
+
+Sun Nov 30 14:56:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* getarg.c: Add mandoc help back-end to getarg.
+
+Wed Nov 12 01:09:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* verr.c, verrx.c: Fix warnings by moving exit from.
+
+Tue Nov 11 21:12:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* parse_units.c: Change the list of separating characters (between
+ 	units) to comma, space, and tab, removing digits. Having digits in
+ 	this list makes a flag like `T42 generate a parse error. This
+ 	change makes `17m3s' an invalid time-spec (you need a space).
+
+Tue Nov 11 02:38:44 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: add <sys/socket.h>
+
+Sun Nov  9 04:48:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* fnmatch.c: Add fnmatch from NetBSD
+
+Sun Nov  9 02:00:08 1997  Assar Westerlund  <assar@sics.se>
+
+	* parse_units.c (parse_something): ignore white-space and ','
+
+Mon Nov  3 22:38:32 1997  Assar Westerlund  <assar@sics.se>
+	
+	* roken.h: fclose prototype
+
+	* roken.h: add prototype for vsyslog
+
+	* Makefile.in: add some more source files to make soriasis make
+ 	happy
+
+Sat Nov  1 00:19:21 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: include <sys/uio.h> and <errno.h>.
+	prototypes for readv and writev
+
+	* readv.c, writev.c: new files
+
+Wed Oct 29 02:21:38 1997  Assar Westerlund  <assar@sics.se>
+
+	* roken.h: Add ugly macros for openlog, gethostbyname,
+ 	gethostbyaddr, and getservbyname for the benefit of Crays.  Add
+ 	default definition of MAXPATHLEN
diff --git a/crypto/kerberosIV/lib/roken/Makefile.am b/crypto/kerberosIV/lib/roken/Makefile.am
new file mode 100644
index 0000000..7f1e06e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/Makefile.am
@@ -0,0 +1,157 @@
+# $Id: Makefile.am,v 1.38 1999/06/15 02:47:26 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = roken.h make-roken.c print_version.h
+
+lib_LTLIBRARIES = libroken.la
+libroken_la_LDFLAGS = -version-info 0:0:0
+
+noinst_PROGRAMS = make-roken make-print-version
+
+if KRB4
+if KRB5
+## need to link with des here; otherwise, if krb4 is shared the link
+## will fail with unresolved references
+make_print_version_LDADD += $(LIB_krb4) -ldes
+endif
+endif
+
+libroken_la_SOURCES =		\
+	base64.c		\
+	concat.c		\
+	emalloc.c		\
+	eread.c			\
+	erealloc.c		\
+	estrdup.c		\
+	ewrite.c		\
+	get_default_username.c	\
+	get_window_size.c	\
+	getarg.c		\
+	inaddr2str.c		\
+	issuid.c		\
+	k_getpwnam.c		\
+	k_getpwuid.c		\
+	mini_inetd.c		\
+	net_read.c		\
+	net_write.c		\
+	parse_time.c		\
+	parse_units.c		\
+	parse_units.h		\
+	print_version.c		\
+	resolve.c		\
+	roken_gethostby.c	\
+	signal.c		\
+	simple_exec.c		\
+	snprintf.c		\
+	strcat_truncate.c	\
+	strcpy_truncate.c	\
+	tm2time.c		\
+	verify.c		\
+	warnerr.c		\
+	xdbm.h
+
+EXTRA_libroken_la_SOURCES =	\
+	chown.c			\
+	daemon.c		\
+	err.c			\
+	err.h			\
+	errx.c			\
+	fchown.c		\
+	flock.c			\
+	fnmatch.c		\
+	fnmatch.h		\
+	getdtablesize.c		\
+	getegid.c		\
+	geteuid.c		\
+	getgid.c		\
+	gethostname.c		\
+	getopt.c		\
+	gettimeofday.c		\
+	getuid.c		\
+	getusershell.c		\
+	glob.h			\
+	hstrerror.c		\
+	inet_aton.c		\
+	initgroups.c		\
+	innetgr.c		\
+	iruserok.c		\
+	lstat.c			\
+	memmove.c		\
+	mkstemp.c		\
+	putenv.c		\
+	rcmd.c			\
+	readv.c			\
+	recvmsg.c		\
+	sendmsg.c		\
+	setegid.c		\
+	setenv.c		\
+	seteuid.c		\
+	strcasecmp.c		\
+	strdup.c		\
+	strerror.c		\
+	strftime.c		\
+	strlwr.c		\
+	strncasecmp.c		\
+	strndup.c		\
+	strnlen.c		\
+	strsep.c		\
+	strtok_r.c		\
+	strupr.c		\
+	swab.c			\
+	unsetenv.c		\
+	verr.c			\
+	verrx.c			\
+	vsyslog.c		\
+	vwarn.c			\
+	vwarnx.c		\
+	warn.c			\
+	warnx.c			\
+	writev.c
+
+EXTRA_DIST = resource.h roken.awk roken.def roken.dsp roken.h.in \
+	roken.mak roken.rc
+
+
+
+libroken_la_LIBADD = @LTLIBOBJS@
+
+$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h
+
+include_HEADERS = $(err_h) base64.h getarg.h parse_time.h parse_units.h \
+	resolve.h roken.h roken-common.h
+
+build_HEADERZ = $(err_h) $(fnmatch_h) $(glob_h) xdbm.h
+
+if have_err_h
+err_h =
+else
+err_h = err.h
+endif
+
+if have_fnmatch_h
+fnmatch_h =
+else
+fnmatch_h = fnmatch.h
+endif
+
+if have_glob_h
+glob_h =
+else
+glob_h = glob.h
+endif
+
+roken.h: make-roken
+	@./make-roken > tmp.h ;\
+	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+	else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken.c: roken.h.in roken.awk
+	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+
+print_version.lo: print_version.h
+
+print_version.h: make-print-version
+	./make-print-version print_version.h
+
+make-print-version.o: $(top_builddir)/include/version.h
diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in
index 26f3142..1226913 100644
--- a/crypto/kerberosIV/lib/roken/Makefile.in
+++ b/crypto/kerberosIV/lib/roken/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $
+# $Id: Makefile.in,v 1.69 1999/06/15 03:14:11 assar Exp $
 #
 
 SHELL = /bin/sh
@@ -8,11 +8,14 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC	= @CC@
+LINK = @LINK@
 CPP	= @CPP@
 AR	= ar
 RANLIB	= @RANLIB@
 DEFS	= @DEFS@
-CFLAGS	= @CFLAGS@
+CFLAGS	= @CFLAGS@ $(WFLAGS)
+WFLAGS	= @WFLAGS@
+AWK	= @AWK@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -21,7 +24,7 @@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 libdir = @libdir@
-
+EXECSUFFIX = @EXECSUFFIX@
 PICFLAGS = # @PICFLAGS@
  
 LIBNAME = $(LIBPREFIX)roken
@@ -33,40 +36,138 @@ LDSHARED = @LDSHARED@
 LIB = $(LIBNAME).$(LIBEXT)
 
 SOURCES = \
-	chown.c daemon.c err.c errx.c fchown.c get_window_size.c \
-	getcwd.c getdtablesize.c getopt.c getusershell.c \
-	hstrerror.c inaddr2str.c inet_aton.c \
-	initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \
-	memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \
-	setenv.c seteuid.c signal.c snprintf.c \
-	strcasecmp.c strdup.c strerror.c strftime.c \
-	strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \
-	unsetenv.c verify.c verr.c verrx.c vwarn.c \
-	vwarnx.c warn.c warnerr.c warnx.c
-
-OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \
-	  verify.o inaddr2str.o mini_inetd.o get_window_size.o \
-	  warnerr.o snprintf.o @LIBOBJS@
-
-all: $(LIB)
+	base64.c \
+	chown.c \
+	concat.c \
+	daemon.c \
+	emalloc.c \
+	erealloc.c \
+	estrdup.c \
+	eread.c \
+	err.c \
+	errx.c \
+	ewrite.c \
+	fchown.c \
+	flock.c \
+	fnmatch.c \
+	get_window_size.c \
+	getarg.c \
+	getcwd.c \
+	get_default_username.c \
+	getdtablesize.c \
+	gethostname.c \
+	getopt.c \
+	getusershell.c \
+	glob.c \
+	hstrerror.c \
+	inaddr2str.c \
+	inet_aton.c \
+	initgroups.c \
+	iruserok.c \
+	issuid.c \
+	k_getpwnam.c \
+	k_getpwuid.c \
+	lstat.c \
+	memmove.c \
+	mini_inetd.c \
+	mkstemp.c \
+	net_read.c \
+	net_write.c \
+	parse_time.c \
+	parse_units.c \
+	print_version.c \
+	putenv.c \
+	resolve.c \
+	rcmd.c \
+	roken_gethostby.c \
+	readv.c \
+	setegid.c \
+	setenv.c \
+	seteuid.c \
+	signal.c \
+	simple_exec.c \
+	snprintf.c \
+	strcasecmp.c \
+	strcat_truncate.c \
+	strcpy_truncate.c \
+	strdup.c \
+	strerror.c \
+	strftime.c \
+	strlwr.c \
+	strncasecmp.c \
+	strndup.c \
+	strnlen.c \
+	strsep.c \
+	strtok_r.c \
+	strupr.c \
+	tm2time.c \
+	unsetenv.c \
+	verify.c \
+	verr.c \
+	verrx.c \
+	vsyslog.c \
+	vwarn.c \
+	vwarnx.c \
+	warn.c \
+	warnerr.c \
+	warnx.c
+
+EXTRA_SOURCES = \
+	make-print-version.c
+
+OBJECTS = \
+	base64.o \
+	concat.o \
+	emalloc.o \
+	eread.o \
+	erealloc.o \
+	estrdup.o \
+	ewrite.o \
+	get_default_username.o \
+	get_window_size.o \
+	getarg.o \
+	inaddr2str.o \
+	issuid.o \
+	k_getpwnam.o \
+	k_getpwuid.o \
+	mini_inetd.o \
+	net_read.o \
+	net_write.o \
+	parse_time.o \
+	parse_units.o \
+	print_version.o \
+	resolve.o \
+	roken_gethostby.o \
+	strcat_truncate.o \
+	strcpy_truncate.o \
+	signal.o \
+	simple_exec.o \
+	snprintf.o \
+	tm2time.o \
+	verify.o \
+	warnerr.o \
+	@LIBOBJS@
+
+all: $(LIB) install-roken-h
 
 Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I. -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
 
 uninstall:
 
-TAGS: $(SOURCES)
-	etags $(SOURCES)
+TAGS: $(SOURCES) $(EXTRA_SOURCES)
+	etags $(SOURCES) $(EXTRA_SOURCES)
 
 check:
 
 clean:
-	rm -f $(LIB) *.o *.a
+	rm -f $(LIB) *.o *.a roken.h make-roken$(EXECSUFFIX) make-roken.c \
+		make-print-version$(EXECSUFFIX) print_version.h
 
 mostlyclean: clean
 
@@ -76,12 +177,6 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 $(LIBNAME).a: $(OBJECTS)
 	rm -f $@
 	$(AR) cr $@ $(OBJECTS)
@@ -91,4 +186,31 @@ $(LIBNAME).$(SHLIBEXT): $(OBJECTS)
 	rm -f $@
 	$(LDSHARED) -o $@ $(OBJECTS)
 
-$(OBJECTS): ../../include/config.h
+roken.h: make-roken$(EXECSUFFIX)
+	@./make-roken > tmp.h ;\
+	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+	else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken$(EXECSUFFIX): make-roken.o
+	$(LINK) $(CFLAGS) -o $@ make-roken.o
+
+make-roken.c: roken.h.in roken.awk
+	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+
+print_version.o: print_version.h
+
+print_version.h: make-print-version$(EXECSUFFIX)
+	@./make-print-version$(EXECSUFFIX) print_version.h
+
+make-print-version$(EXECSUFFIX): make-print-version.o
+	$(LINK) $(CFLAGS) -o $@ make-print-version.o
+
+install-roken-h: roken.h
+	@if [ -f ../../include/roken.h ] && cmp -s ../../include/roken.h roken.h ; \
+	then :; else \
+	echo "  $(INSTALL) roken.h ../../include/roken.h"; \
+	$(INSTALL) roken.h ../../include/roken.h; fi
+
+$(OBJECTS): ../../include/config.h roken.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean install-roken-h
diff --git a/crypto/kerberosIV/lib/roken/base64.c b/crypto/kerberosIV/lib/roken/base64.c
new file mode 100644
index 0000000..cbc5859
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/base64.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.2 1997/12/05 02:37:15 assar Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int pos(char c)
+{
+  char *p;
+  for(p = base64; *p; p++)
+    if(*p == c)
+      return p - base64;
+  return -1;
+}
+
+int base64_encode(const void *data, int size, char **str)
+{
+  char *s, *p;
+  int i;
+  int c;
+  unsigned char *q;
+
+  p = s = (char*)malloc(size*4/3+4);
+  if (p == NULL)
+      return -1;
+  q = (unsigned char*)data;
+  i=0;
+  for(i = 0; i < size;){
+    c=q[i++];
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    c*=256;
+    if(i < size)
+      c+=q[i];
+    i++;
+    p[0]=base64[(c&0x00fc0000) >> 18];
+    p[1]=base64[(c&0x0003f000) >> 12];
+    p[2]=base64[(c&0x00000fc0) >> 6];
+    p[3]=base64[(c&0x0000003f) >> 0];
+    if(i > size)
+      p[3]='=';
+    if(i > size+1)
+      p[2]='=';
+    p+=4;
+  }
+  *p=0;
+  *str = s;
+  return strlen(s);
+}
+
+int base64_decode(const char *str, void *data)
+{
+  const char *p;
+  unsigned char *q;
+  int c;
+  int x;
+  int done = 0;
+  q=(unsigned char*)data;
+  for(p=str; *p && !done; p+=4){
+    x = pos(p[0]);
+    if(x >= 0)
+      c = x;
+    else{
+      done = 3;
+      break;
+    }
+    c*=64;
+    
+    x = pos(p[1]);
+    if(x >= 0)
+      c += x;
+    else
+      return -1;
+    c*=64;
+    
+    if(p[2] == '=')
+      done++;
+    else{
+      x = pos(p[2]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    c*=64;
+    
+    if(p[3] == '=')
+      done++;
+    else{
+      if(done)
+	return -1;
+      x = pos(p[3]);
+      if(x >= 0)
+	c += x;
+      else
+	return -1;
+    }
+    if(done < 3)
+      *q++=(c&0x00ff0000)>>16;
+      
+    if(done < 2)
+      *q++=(c&0x0000ff00)>>8;
+    if(done < 1)
+      *q++=(c&0x000000ff)>>0;
+  }
+  return q - (unsigned char*)data;
+}
diff --git a/crypto/kerberosIV/lib/roken/base64.h b/crypto/kerberosIV/lib/roken/base64.h
new file mode 100644
index 0000000..59104ff
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/base64.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.1 1997/08/27 22:41:48 joda Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+int base64_encode(const void *data, int size, char **str);
+int base64_decode(const char *str, void *data);
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/concat.c b/crypto/kerberosIV/lib/roken/concat.c
new file mode 100644
index 0000000..d4177ea
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/concat.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: concat.c,v 1.3 1998/06/09 19:25:35 joda Exp $");
+#endif
+#include "roken.h"
+
+int
+roken_concat (char *s, size_t len, ...)
+{
+    int ret;
+    va_list args;
+
+    va_start(args, len);
+    ret = roken_vconcat (s, len, args);
+    va_end(args);
+    return ret;
+}
+
+int
+roken_vconcat (char *s, size_t len, va_list args)
+{
+    const char *a;
+
+    while ((a = va_arg(args, const char*))) {
+	size_t n = strlen (a);
+
+	if (n >= len)
+	    return -1;
+	memcpy (s, a, n);
+	s += n;
+	len -= n;
+    }
+    *s = '\0';
+    return 0;
+}
+
+size_t
+roken_vmconcat (char **s, size_t max_len, va_list args)
+{
+    const char *a;
+    char *p, *q;
+    size_t len = 0;
+    *s = NULL;
+    p = malloc(1);
+    if(p == NULL)
+	return 0;
+    len = 1;
+    while ((a = va_arg(args, const char*))) {
+	size_t n = strlen (a);
+	
+	if(max_len && len + n > max_len){
+	    free(p);
+	    return 0;
+	}
+	q = realloc(p, len + n);
+	if(q == NULL){
+	    free(p);
+	    return 0;
+	}
+	p = q;
+	memcpy (p + len - 1, a, n);
+	len += n;
+    }
+    p[len - 1] = '\0';
+    *s = p;
+    return len;
+}
+
+size_t
+roken_mconcat (char **s, size_t max_len, ...)
+{
+    int ret;
+    va_list args;
+
+    va_start(args, max_len);
+    ret = roken_vmconcat (s, max_len, args);
+    va_end(args);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c
index ffab298..758856c 100644
--- a/crypto/kerberosIV/lib/roken/daemon.c
+++ b/crypto/kerberosIV/lib/roken/daemon.c
@@ -39,7 +39,7 @@ static char sccsid[] = "@(#)daemon.c	8.1 (Berkeley) 6/4/93";
 #include <config.h>
 #endif
 
-RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $");
+RCSID("$Id: daemon.c,v 1.3 1997/10/04 21:55:48 joda Exp $");
 
 #ifndef HAVE_DAEMON
 
@@ -56,34 +56,33 @@ RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $");
 #include "roken.h"
 
 int
-daemon(nochdir, noclose)
-	int nochdir, noclose;
+daemon(int nochdir, int noclose)
 {
-	int fd;
+    int fd;
 
-	switch (fork()) {
-	case -1:
-		return (-1);
-	case 0:
-		break;
-	default:
-		_exit(0);
-	}
+    switch (fork()) {
+    case -1:
+	return (-1);
+    case 0:
+	break;
+    default:
+	_exit(0);
+    }
 
-	if (setsid() == -1)
-		return (-1);
+    if (setsid() == -1)
+	return (-1);
 
-	if (!nochdir)
-		(void)chdir("/");
+    if (!nochdir)
+	chdir("/");
 
-	if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-		(void)dup2(fd, STDIN_FILENO);
-		(void)dup2(fd, STDOUT_FILENO);
-		(void)dup2(fd, STDERR_FILENO);
-		if (fd > 2)
-			(void)close (fd);
-	}
-	return (0);
+    if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+	dup2(fd, STDIN_FILENO);
+	dup2(fd, STDOUT_FILENO);
+	dup2(fd, STDERR_FILENO);
+	if (fd > 2)
+	    close (fd);
+    }
+    return (0);
 }
 
 #endif /* HAVE_DAEMON */
diff --git a/crypto/kerberosIV/lib/roken/emalloc.c b/crypto/kerberosIV/lib/roken/emalloc.c
new file mode 100644
index 0000000..a5740a9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/emalloc.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: emalloc.c,v 1.3 1999/03/11 14:02:20 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like malloc but never fails.
+ */
+
+void *
+emalloc (size_t sz)
+{
+    void *tmp = malloc (sz);
+
+    if (tmp == NULL && sz != 0)
+	err (1, "malloc %lu", (unsigned long)sz);
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/eread.c b/crypto/kerberosIV/lib/roken/eread.c
new file mode 100644
index 0000000..3ea4022
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/eread.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: eread.c,v 1.1 1999/03/19 20:30:20 assar Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like read but never fails (and never returns partial data).
+ */
+
+ssize_t
+eread (int fd, void *buf, size_t nbytes)
+{
+    ssize_t ret;
+
+    ret = net_read (fd, buf, nbytes);
+    if (ret < 0)
+	err (1, "read");
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/erealloc.c b/crypto/kerberosIV/lib/roken/erealloc.c
new file mode 100644
index 0000000..2b0b6bb
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/erealloc.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: erealloc.c,v 1.3 1999/03/11 14:02:28 joda Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like realloc but never fails.
+ */
+
+void *
+erealloc (void *ptr, size_t sz)
+{
+    void *tmp = realloc (ptr, sz);
+
+    if (tmp == NULL && sz != 0)
+	err (1, "realloc %lu", (unsigned long)sz);
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h
index 6f25435..a134949 100644
--- a/crypto/kerberosIV/lib/roken/err.h
+++ b/crypto/kerberosIV/lib/roken/err.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */
+/* $Id: err.h,v 1.14 1997/11/12 00:08:57 joda Exp $ */
 
 #ifndef __ERR_H__
 #define __ERR_H__
@@ -53,8 +53,8 @@ extern const char *__progname;
 #define __attribute__(x)
 #endif
 
-void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 4, 0)));
+void warnerr(int doerrno, const char *fmt, va_list ap)
+     __attribute__ ((format (printf, 2, 0)));
 
 void verr(int eval, const char *fmt, va_list ap)
      __attribute__ ((noreturn, format (printf, 2, 0)));
diff --git a/crypto/kerberosIV/lib/roken/estrdup.c b/crypto/kerberosIV/lib/roken/estrdup.c
new file mode 100644
index 0000000..7f3bae3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/estrdup.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: estrdup.c,v 1.1 1999/02/13 05:13:06 assar Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like strdup but never fails.
+ */
+
+char *
+estrdup (const char *str)
+{
+    char *tmp = strdup (str);
+
+    if (tmp == NULL)
+	err (1, "strdup");
+    return tmp;
+}
diff --git a/crypto/kerberosIV/lib/roken/ewrite.c b/crypto/kerberosIV/lib/roken/ewrite.c
new file mode 100644
index 0000000..d1ffba4
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/ewrite.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ewrite.c,v 1.1 1999/03/19 20:30:21 assar Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include <roken.h>
+
+/*
+ * Like write but never fails (and never returns partial data).
+ */
+
+ssize_t
+ewrite (int fd, const void *buf, size_t nbytes)
+{
+    ssize_t ret;
+
+    ret = net_write (fd, buf, nbytes);
+    if (ret < 0)
+	err (1, "write");
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/flock.c b/crypto/kerberosIV/lib/roken/flock.c
new file mode 100644
index 0000000..b8fbfc3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/flock.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_FLOCK
+RCSID("$Id: flock.c,v 1.3 1997/12/11 15:02:20 bg Exp $");
+
+#include "roken.h"
+
+
+#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
+
+int
+flock(int fd, int operation)
+{
+#if defined(HAVE_FCNTL) && defined(F_SETLK)
+  struct flock arg;
+  int code, cmd;
+  
+  arg.l_whence = SEEK_SET;
+  arg.l_start = 0;
+  arg.l_len = 0;		/* means to EOF */
+
+  if (operation & LOCK_NB)
+    cmd = F_SETLK;
+  else
+    cmd = F_SETLKW;		/* Blocking */
+
+  switch (operation & OP_MASK) {
+  case LOCK_UN:
+    arg.l_type = F_UNLCK;
+    code = fcntl(fd, F_SETLK, &arg);
+    break;
+  case LOCK_SH:
+    arg.l_type = F_RDLCK;
+    code = fcntl(fd, cmd, &arg);
+    break;
+  case LOCK_EX:
+    arg.l_type = F_WRLCK;
+    code = fcntl(fd, cmd, &arg);
+    break;
+  default:
+    errno = EINVAL;
+    code = -1;
+    break;
+  }
+  return code;
+#else
+  return -1;
+#endif
+}
+
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/fnmatch.c b/crypto/kerberosIV/lib/roken/fnmatch.c
new file mode 100644
index 0000000..dc01d6e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fnmatch.c
@@ -0,0 +1,173 @@
+/*	$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $	*/
+
+/*
+ * Copyright (c) 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
+#else
+static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include <fnmatch.h>
+#include <string.h>
+
+#define	EOS	'\0'
+
+static const char *rangematch (const char *, int, int);
+
+int
+fnmatch(const char *pattern, const char *string, int flags)
+{
+	const char *stringstart;
+	char c, test;
+
+	for (stringstart = string;;)
+		switch (c = *pattern++) {
+		case EOS:
+			return (*string == EOS ? 0 : FNM_NOMATCH);
+		case '?':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && (flags & FNM_PATHNAME))
+				return (FNM_NOMATCH);
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		case '*':
+			c = *pattern;
+			/* Collapse multiple stars. */
+			while (c == '*')
+				c = *++pattern;
+
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+
+			/* Optimize for pattern with * at end or before /. */
+			if (c == EOS)
+				if (flags & FNM_PATHNAME)
+					return (strchr(string, '/') == NULL ?
+					    0 : FNM_NOMATCH);
+				else
+					return (0);
+			else if (c == '/' && flags & FNM_PATHNAME) {
+				if ((string = strchr(string, '/')) == NULL)
+					return (FNM_NOMATCH);
+				break;
+			}
+
+			/* General case, use recursion. */
+			while ((test = *string) != EOS) {
+				if (!fnmatch(pattern, string, flags & ~FNM_PERIOD))
+					return (0);
+				if (test == '/' && flags & FNM_PATHNAME)
+					break;
+				++string;
+			}
+			return (FNM_NOMATCH);
+		case '[':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && flags & FNM_PATHNAME)
+				return (FNM_NOMATCH);
+			if ((pattern =
+			    rangematch(pattern, *string, flags)) == NULL)
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		case '\\':
+			if (!(flags & FNM_NOESCAPE)) {
+				if ((c = *pattern++) == EOS) {
+					c = '\\';
+					--pattern;
+				}
+			}
+			/* FALLTHROUGH */
+		default:
+			if (c != *string++)
+				return (FNM_NOMATCH);
+			break;
+		}
+	/* NOTREACHED */
+}
+
+static const char *
+rangematch(const char *pattern, int test, int flags)
+{
+	int negate, ok;
+	char c, c2;
+
+	/*
+	 * A bracket expression starting with an unquoted circumflex
+	 * character produces unspecified results (IEEE 1003.2-1992,
+	 * 3.13.2).  This implementation treats it like '!', for
+	 * consistency with the regular expression syntax.
+	 * J.T. Conklin (conklin@ngai.kaleida.com)
+	 */
+	if (negate = (*pattern == '!' || *pattern == '^'))
+		++pattern;
+	
+	for (ok = 0; (c = *pattern++) != ']';) {
+		if (c == '\\' && !(flags & FNM_NOESCAPE))
+			c = *pattern++;
+		if (c == EOS)
+			return (NULL);
+		if (*pattern == '-' 
+		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
+			pattern += 2;
+			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
+				c2 = *pattern++;
+			if (c2 == EOS)
+				return (NULL);
+			if (c <= test && test <= c2)
+				ok = 1;
+		} else if (c == test)
+			ok = 1;
+	}
+	return (ok == negate ? NULL : pattern);
+}
diff --git a/crypto/kerberosIV/lib/roken/fnmatch.h b/crypto/kerberosIV/lib/roken/fnmatch.h
new file mode 100644
index 0000000..95c91d6
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/fnmatch.h
@@ -0,0 +1,49 @@
+/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
+
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef	_FNMATCH_H_
+#define	_FNMATCH_H_
+
+#define	FNM_NOMATCH	1	/* Match failed. */
+
+#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
+#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
+#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
+
+int	 fnmatch (const char *, const char *, int);
+
+#endif /* !_FNMATCH_H_ */
diff --git a/crypto/kerberosIV/lib/roken/get_default_username.c b/crypto/kerberosIV/lib/roken/get_default_username.c
new file mode 100644
index 0000000..209bcf0
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/get_default_username.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_default_username.c,v 1.1.2.1 1999/07/22 03:19:27 assar Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+
+/*
+ * Try to return what should be considered the default username or
+ * NULL if we can't guess at all.
+ */
+
+const char *
+get_default_username (void)
+{
+    const char *user;
+
+    user = getenv ("USER");
+    if (user == NULL)
+	user = getenv ("LOGNAME");
+    if (user == NULL)
+	user = getenv ("USERNAME");
+
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+    if (user == NULL) {
+	user = (const char *)getlogin ();
+	if (user != NULL)
+	    return user;
+    }
+#endif
+#ifdef HAVE_PWD_H
+    {
+	uid_t uid = getuid ();
+	struct passwd *pwd;
+
+	if (user != NULL) {
+	    pwd = k_getpwnam ((char *)user);
+	    if (pwd != NULL && pwd->pw_uid == uid)
+		return user;
+	}
+	pwd = k_getpwuid (uid);
+	if (pwd != NULL)
+	    return pwd->pw_name;
+    }
+#endif
+    return user;
+}
diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c
index d31d18d..4ac3e53 100644
--- a/crypto/kerberosIV/lib/roken/get_window_size.c
+++ b/crypto/kerberosIV/lib/roken/get_window_size.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $");
+RCSID("$Id: get_window_size.c,v 1.8 1998/07/31 09:40:21 bg Exp $");
 #endif
 
 #include <stdlib.h>
@@ -68,29 +68,40 @@ RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $");
 int
 get_window_size(int fd, struct winsize *wp)
 {
+    int ret = -1;
+    
+    memset(wp, 0, sizeof(*wp));
+
 #if defined(TIOCGWINSZ)
-  return ioctl(fd, TIOCGWINSZ, wp);
+    ret = ioctl(fd, TIOCGWINSZ, wp);
 #elif defined(TIOCGSIZE)
-  struct ttysize ts;
-  int error;
-
-  if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0)
-    return (error);
-  wp->ws_row = ts.ts_lines;
-  wp->ws_col = ts.ts_cols;
-  wp->ws_xpixel = 0;
-  wp->ws_ypixel = 0;
-  return 0;
+    {
+	struct ttysize ts;
+	
+	ret = ioctl(fd, TIOCGSIZE, &ts);
+	if(ret == 0) {
+	    wp->ws_row = ts.ts_lines;
+	    wp->ws_col = ts.ts_cols;
+	}
+    }
 #elif defined(HAVE__SCRSIZE)
-  int dst[2];
-
-  _scrsize(dst);
-  wp->ws_row = dst[1];
-  wp->ws_col = dst[0];
-  wp->ws_xpixel = 0;
-  wp->ws_ypixel = 0;
-  return 0;
-#else
-  return -1;
+    {
+	int dst[2];
+	
+	_scrsize(dst);
+	wp->ws_row = dst[1];
+	wp->ws_col = dst[0];
+	ret = 0;
+    }
 #endif
+    if (ret != 0) {
+        char *s;
+        if((s = getenv("COLUMNS")))
+	    wp->ws_col = atoi(s);
+	if((s = getenv("LINES")))
+	    wp->ws_row = atoi(s);
+	if(wp->ws_col > 0 && wp->ws_row > 0)
+	    ret = 0;
+    }
+    return ret;
 }
diff --git a/crypto/kerberosIV/lib/roken/getarg.c b/crypto/kerberosIV/lib/roken/getarg.c
new file mode 100644
index 0000000..7de5b55
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getarg.c
@@ -0,0 +1,488 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getarg.c,v 1.25 1998/11/22 09:45:05 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <roken.h>
+#include "getarg.h"
+
+#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
+
+static size_t
+print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
+{
+    const char *s;
+
+    *string = '\0';
+
+    if (ISFLAG(*arg))
+	return 0;
+
+    if(mdoc){
+	if(longp)
+	    strcat_truncate(string, "= Ns", len);
+	strcat_truncate(string, " Ar ", len);
+    }else
+	if (longp)
+	    strcat_truncate (string, "=", len);
+	else
+	    strcat_truncate (string, " ", len);
+
+    if (arg->arg_help)
+	s = arg->arg_help;
+    else if (arg->type == arg_integer)
+	s = "number";
+    else if (arg->type == arg_string)
+	s = "string";
+    else
+	s = "<undefined>";
+
+    strcat_truncate(string, s, len);
+    return 1 + strlen(s);
+}
+
+static void
+mandoc_template(struct getargs *args,
+		size_t num_args,
+		const char *progname,
+		const char *extra_string)
+{
+    int i;
+    char timestr[64], cmd[64];
+    char buf[128];
+    const char *p;
+    time_t t;
+
+    printf(".\\\" Things to fix:\n");
+    printf(".\\\"   * correct section, and operating system\n");
+    printf(".\\\"   * remove Op from mandatory flags\n");
+    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
+    printf(".\\\"\n");
+    t = time(NULL);
+    strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
+    printf(".Dd %s\n", timestr);
+    p = strrchr(progname, '/');
+    if(p) p++; else p = progname;
+    strcpy_truncate(cmd, p, sizeof(cmd));
+    strupr(cmd);
+       
+    printf(".Dt %s SECTION\n", cmd);
+    printf(".Os OPERATING_SYSTEM\n");
+    printf(".Sh NAME\n");
+    printf(".Nm %s\n", p);
+    printf(".Nd\n");
+    printf("in search of a description\n");
+    printf(".Sh SYNOPSIS\n");
+    printf(".Nm\n");
+    for(i = 0; i < num_args; i++){
+	/* we seem to hit a limit on number of arguments if doing
+           short and long flags with arguments -- split on two lines */
+	if(ISFLAG(args[i]) || 
+	   args[i].short_name == 0 || args[i].long_name == NULL) {
+	    printf(".Op ");
+
+	    if(args[i].short_name) {
+		print_arg(buf, sizeof(buf), 1, 0, args + i);
+		printf("Fl %c%s", args[i].short_name, buf);
+		if(args[i].long_name)
+		    printf(" | ");
+	    }
+	    if(args[i].long_name) {
+		print_arg(buf, sizeof(buf), 1, 1, args + i);
+		printf("Fl -%s%s", args[i].long_name, buf);
+	    }
+	    printf("\n");
+	} else {
+	    print_arg(buf, sizeof(buf), 1, 0, args + i);
+	    printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
+	    print_arg(buf, sizeof(buf), 1, 1, args + i);
+	    printf(".Fl -%s%s Oc\n.Xc\n", args[i].long_name, buf);
+	}
+    /*
+	    if(args[i].type == arg_strings)
+		fprintf (stderr, "...");
+		*/
+    }
+    if (extra_string && *extra_string)
+	printf (".Ar %s\n", extra_string);
+    printf(".Sh DESCRIPTION\n");
+    printf("Supported options:\n");
+    printf(".Bl -tag -width Ds\n");
+    for(i = 0; i < num_args; i++){
+	printf(".It Xo\n");
+	if(args[i].short_name){
+	    printf(".Fl %c", args[i].short_name);
+	    print_arg(buf, sizeof(buf), 1, 0, args + i);
+	    printf("%s", buf);
+	    if(args[i].long_name)
+		printf(" Ns ,");
+	    printf("\n");
+	}
+	if(args[i].long_name){
+	    printf(".Fl -%s", args[i].long_name);
+	    print_arg(buf, sizeof(buf), 1, 1, args + i);
+	    printf("%s\n", buf);
+	}
+	printf(".Xc\n");
+	if(args[i].help)
+	    printf("%s\n", args[i].help);
+    /*
+	    if(args[i].type == arg_strings)
+		fprintf (stderr, "...");
+		*/
+    }
+    printf(".El\n");
+    printf(".\\\".Sh ENVIRONMENT\n");
+    printf(".\\\".Sh FILES\n");
+    printf(".\\\".Sh EXAMPLES\n");
+    printf(".\\\".Sh DIAGNOSTICS\n");
+    printf(".\\\".Sh SEE ALSO\n");
+    printf(".\\\".Sh STANDARDS\n");
+    printf(".\\\".Sh HISTORY\n");
+    printf(".\\\".Sh AUTHORS\n");
+    printf(".\\\".Sh BUGS\n");
+}
+
+static int
+check_column(FILE *f, int col, int len, int columns)
+{
+    if(col + len > columns) {
+	fprintf(f, "\n");
+	col = fprintf(f, "  ");
+    }
+    return col;
+}
+
+void
+arg_printusage (struct getargs *args,
+		size_t num_args,
+		const char *progname,
+		const char *extra_string)
+{
+    int i;
+    size_t max_len = 0;
+    char buf[128];
+    int col = 0, columns;
+    struct winsize ws;
+
+    if (progname == NULL)
+	progname = __progname;
+
+    if(getenv("GETARGMANDOC")){
+	mandoc_template(args, num_args, progname, extra_string);
+	return;
+    }
+    if(get_window_size(2, &ws) == 0)
+	columns = ws.ws_col;
+    else
+	columns = 80;
+    col = 0;
+    col += fprintf (stderr, "Usage: %s", progname);
+    for (i = 0; i < num_args; ++i) {
+	size_t len = 0;
+
+	if (args[i].long_name) {
+	    buf[0] = '\0';
+	    strcat_truncate(buf, "[--", sizeof(buf));
+	    len += 2;
+	    if(args[i].type == arg_negative_flag) {
+		strcat_truncate(buf, "no-", sizeof(buf));
+		len += 3;
+	    }
+	    strcat_truncate(buf, args[i].long_name, sizeof(buf));
+	    len += strlen(args[i].long_name);
+	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
+			     0, 1, &args[i]);
+	    strcat_truncate(buf, "]", sizeof(buf));
+	    if(args[i].type == arg_strings)
+		strcat_truncate(buf, "...", sizeof(buf));
+	    col = check_column(stderr, col, strlen(buf) + 1, columns);
+	    col += fprintf(stderr, " %s", buf);
+	}
+	if (args[i].short_name) {
+	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
+	    len += 2;
+	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
+			     0, 0, &args[i]);
+	    strcat_truncate(buf, "]", sizeof(buf));
+	    if(args[i].type == arg_strings)
+		strcat_truncate(buf, "...", sizeof(buf));
+	    col = check_column(stderr, col, strlen(buf) + 1, columns);
+	    col += fprintf(stderr, " %s", buf);
+	}
+	if (args[i].long_name && args[i].short_name)
+	    len += 2; /* ", " */
+	max_len = max(max_len, len);
+    }
+    if (extra_string) {
+	col = check_column(stderr, col, strlen(extra_string) + 1, columns);
+	fprintf (stderr, " %s\n", extra_string);
+    } else
+	fprintf (stderr, "\n");
+    for (i = 0; i < num_args; ++i) {
+	if (args[i].help) {
+	    size_t count = 0;
+
+	    if (args[i].short_name) {
+		count += fprintf (stderr, "-%c", args[i].short_name);
+		print_arg (buf, sizeof(buf), 0, 0, &args[i]);
+		count += fprintf(stderr, "%s", buf);
+	    }
+	    if (args[i].short_name && args[i].long_name)
+		count += fprintf (stderr, ", ");
+	    if (args[i].long_name) {
+		count += fprintf (stderr, "--");
+		if (args[i].type == arg_negative_flag)
+		    count += fprintf (stderr, "no-");
+		count += fprintf (stderr, "%s", args[i].long_name);
+		print_arg (buf, sizeof(buf), 0, 1, &args[i]);
+		count += fprintf(stderr, "%s", buf);
+	    }
+	    while(count++ <= max_len)
+		putc (' ', stderr);
+	    fprintf (stderr, "%s\n", args[i].help);
+	}
+    }
+}
+
+static void
+add_string(getarg_strings *s, char *value)
+{
+    s->strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
+    s->strings[s->num_strings] = value;
+    s->num_strings++;
+}
+
+static int
+arg_match_long(struct getargs *args, size_t num_args,
+	       char *argv)
+{
+    int i;
+    char *optarg = NULL;
+    int negate = 0;
+    int partial_match = 0;
+    struct getargs *partial = NULL;
+    struct getargs *current = NULL;
+    int argv_len;
+    char *p;
+
+    argv_len = strlen(argv);
+    p = strchr (argv, '=');
+    if (p != NULL)
+	argv_len = p - argv;
+
+    for (i = 0; i < num_args; ++i) {
+	if(args[i].long_name) {
+	    int len = strlen(args[i].long_name);
+	    char *p = argv;
+	    int p_len = argv_len;
+	    negate = 0;
+
+	    for (;;) {
+		if (strncmp (args[i].long_name, p, p_len) == 0) {
+		    if(p_len == len)
+			current = &args[i];
+		    else {
+			++partial_match;
+			partial = &args[i];
+		    }
+		    optarg  = p + p_len;
+		} else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
+		    negate = !negate;
+		    p += 3;
+		    p_len -= 3;
+		    continue;
+		}
+		break;
+	    }
+	    if (current)
+		break;
+	}
+    }
+    if (current == NULL) {
+	if (partial_match == 1)
+	    current = partial;
+	else
+	    return ARG_ERR_NO_MATCH;
+    }
+    
+    if(*optarg == '\0' && !ISFLAG(*current))
+	return ARG_ERR_NO_MATCH;
+    switch(current->type){
+    case arg_integer:
+    {
+	int tmp;
+	if(sscanf(optarg + 1, "%d", &tmp) != 1)
+	    return ARG_ERR_BAD_ARG;
+	*(int*)current->value = tmp;
+	return 0;
+    }
+    case arg_string:
+    {
+	*(char**)current->value = optarg + 1;
+	return 0;
+    }
+    case arg_strings:
+    {
+	add_string((getarg_strings*)current->value, optarg + 1);
+	return 0;
+    }
+    case arg_flag:
+    case arg_negative_flag:
+    {
+	int *flag = current->value;
+	if(*optarg == '\0' ||
+	   strcmp(optarg + 1, "yes") == 0 || 
+	   strcmp(optarg + 1, "true") == 0){
+	    *flag = !negate;
+	    return 0;
+	} else if (*optarg && strcmp(optarg + 1, "maybe") == 0) {
+	    *flag = rand() & 1;
+	} else {
+	    *flag = negate;
+	    return 0;
+	}
+	return ARG_ERR_BAD_ARG;
+    }
+    default:
+	abort ();
+    }
+}
+
+int
+getarg(struct getargs *args, size_t num_args, 
+       int argc, char **argv, int *optind)
+{
+    int i, j, k;
+    int ret = 0;
+
+    srand (time(NULL));
+    (*optind)++;
+    for(i = *optind; i < argc; i++) {
+	if(argv[i][0] != '-')
+	    break;
+	if(argv[i][1] == '-'){
+	    if(argv[i][2] == 0){
+		i++;
+		break;
+	    }
+	    ret = arg_match_long (args, num_args, argv[i] + 2);
+	    if(ret)
+		return ret;
+	}else{
+	    for(j = 1; argv[i][j]; j++) {
+		for(k = 0; k < num_args; k++) {
+		    char *optarg;
+		    if(args[k].short_name == 0)
+			continue;
+		    if(argv[i][j] == args[k].short_name){
+			if(args[k].type == arg_flag){
+			    *(int*)args[k].value = 1;
+			    break;
+			}
+			if(args[k].type == arg_negative_flag){
+			    *(int*)args[k].value = 0;
+			    break;
+			}
+			if(argv[i][j + 1])
+			    optarg = &argv[i][j + 1];
+			else{
+			    i++;
+			    optarg = argv[i];
+			}
+			if(optarg == NULL)
+			    return ARG_ERR_NO_ARG;
+			if(args[k].type == arg_integer){
+			    int tmp;
+			    if(sscanf(optarg, "%d", &tmp) != 1)
+				return ARG_ERR_BAD_ARG;
+			    *(int*)args[k].value = tmp;
+			    goto out;
+			}else if(args[k].type == arg_string){
+			    *(char**)args[k].value = optarg;
+			    goto out;
+			}else if(args[k].type == arg_strings){
+			    add_string((getarg_strings*)args[k].value, optarg);
+			    goto out;
+			}
+			return ARG_ERR_BAD_ARG;
+		    }
+			
+		}
+		if (k == num_args)
+		    return ARG_ERR_NO_MATCH;
+	    }
+	out:;
+	}
+    }
+    *optind = i;
+    return 0;
+}
+
+#if TEST
+int foo_flag = 2;
+int flag1 = 0;
+int flag2 = 0;
+int bar_int;
+char *baz_string;
+
+struct getargs args[] = {
+    { NULL, '1', arg_flag, &flag1, "one", NULL },
+    { NULL, '2', arg_flag, &flag2, "two", NULL },
+    { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
+    { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
+    { "baz", 'x', arg_string, &baz_string, "baz", "name" },
+};
+
+int main(int argc, char **argv)
+{
+    int optind = 0;
+    while(getarg(args, 5, argc, argv, &optind))
+	printf("Bad arg: %s\n", argv[optind]);
+    printf("flag1 = %d\n", flag1);  
+    printf("flag2 = %d\n", flag2);  
+    printf("foo_flag = %d\n", foo_flag);  
+    printf("bar_int = %d\n", bar_int);
+    printf("baz_flag = %s\n", baz_string);
+    arg_printusage (args, 5, argv[0], "nothing here");
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getarg.h b/crypto/kerberosIV/lib/roken/getarg.h
new file mode 100644
index 0000000..8a02fa2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getarg.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: getarg.h,v 1.5 1998/08/18 20:26:11 assar Exp $ */
+
+#ifndef __GETARG_H__
+#define __GETARG_H__
+
+#include <stddef.h>
+
+struct getargs{
+    const char *long_name;
+    char short_name;
+    enum { arg_integer, arg_string, arg_flag, arg_negative_flag, arg_strings } type;
+    void *value;
+    const char *help;
+    const char *arg_help;
+};
+
+enum {
+    ARG_ERR_NO_MATCH  = 1,
+    ARG_ERR_BAD_ARG,
+    ARG_ERR_NO_ARG
+};
+
+typedef struct getarg_strings {
+    int num_strings;
+    char **strings;
+} getarg_strings;
+
+int getarg(struct getargs *args, size_t num_args, 
+	   int argc, char **argv, int *optind);
+
+void arg_printusage (struct getargs *args,
+		     size_t num_args,
+		     const char *progname,
+		     const char *extra_string);
+
+#endif /* __GETARG_H__ */
diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c
index a27451f..ac80a79 100644
--- a/crypto/kerberosIV/lib/roken/getcwd.c
+++ b/crypto/kerberosIV/lib/roken/getcwd.c
@@ -38,13 +38,16 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $");
+RCSID("$Id: getcwd.c,v 1.10 1998/06/09 19:25:36 joda Exp $");
 #endif
 
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
 
-#include "protos.h"
 #include "roken.h"
 
 char*
@@ -54,6 +57,6 @@ getcwd(char *path, size_t size)
     char *ret;
     ret = getwd(xxx);
     if(ret)
-	strncpy(path, xxx, size);
+	strcpy_truncate(path, xxx, size);
     return ret;
 }
diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c
index afd47d2b..029f5f6 100644
--- a/crypto/kerberosIV/lib/roken/getdtablesize.c
+++ b/crypto/kerberosIV/lib/roken/getdtablesize.c
@@ -38,12 +38,14 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $");
+RCSID("$Id: getdtablesize.c,v 1.9 1997/07/11 20:20:26 assar Exp $");
 #endif
 
 #include "roken.h"
 
+#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
+#endif
 #ifdef TIME_WITH_SYS_TIME
 #include <sys/time.h>
 #include <time.h>
@@ -55,7 +57,9 @@ RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $");
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
diff --git a/crypto/kerberosIV/lib/roken/getegid.c b/crypto/kerberosIV/lib/roken/getegid.c
new file mode 100644
index 0000000..ba5828d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getegid.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEGID
+
+RCSID("$Id: getegid.c,v 1.1 1998/05/09 17:17:18 joda Exp $");
+
+int getegid(void)
+{
+    return getgid();
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/geteuid.c b/crypto/kerberosIV/lib/roken/geteuid.c
new file mode 100644
index 0000000..bc20d3c
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/geteuid.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEUID
+
+RCSID("$Id: geteuid.c,v 1.1 1998/05/09 17:17:38 joda Exp $");
+
+int geteuid(void)
+{
+    return getuid();
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getgid.c b/crypto/kerberosIV/lib/roken/getgid.c
new file mode 100644
index 0000000..1512139
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getgid.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETGID
+
+RCSID("$Id: getgid.c,v 1.1 1998/05/09 17:17:29 joda Exp $");
+
+int getgid(void)
+{
+    return 17;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/gethostname.c b/crypto/kerberosIV/lib/roken/gethostname.c
new file mode 100644
index 0000000..9795fb3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/gethostname.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETHOSTNAME
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+/*
+ * Return the local host's name in "name", up to "namelen" characters.
+ * "name" will be null-terminated if "namelen" is big enough.
+ * The return code is 0 on success, -1 on failure.  (The calling
+ * interface is identical to gethostname(2).)
+ */
+
+int
+gethostname(char *name, int namelen)
+{
+#if defined(HAVE_UNAME)
+    {
+	struct utsname utsname;
+	int ret;
+
+	ret = uname (&utsname);
+	if (ret < 0)
+	    return ret;
+	strcpy_truncate (name, utsname.nodename, namelen);
+	return 0;
+    }
+#else
+    strcpy_truncate (name, "some.random.host", namelen);
+    return 0;
+#endif
+}
+
+#endif /* GETHOSTNAME */
diff --git a/crypto/kerberosIV/lib/roken/gettimeofday.c b/crypto/kerberosIV/lib/roken/gettimeofday.c
new file mode 100644
index 0000000..8752ba2
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/gettimeofday.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifndef HAVE_GETTIMEOFDAY
+
+RCSID("$Id: gettimeofday.c,v 1.7 1997/12/04 22:51:48 joda Exp $");
+
+/*
+ * Simple gettimeofday that only returns seconds.
+ */
+int
+gettimeofday (struct timeval *tp, void *ignore)
+{
+     time_t t;
+
+     t = time(NULL);
+     tp->tv_sec  = t;
+     tp->tv_usec = 0;
+     return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/getuid.c b/crypto/kerberosIV/lib/roken/getuid.c
new file mode 100644
index 0000000..1b7d70a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/getuid.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETUID
+
+RCSID("$Id: getuid.c,v 1.2 1997/12/04 22:51:20 joda Exp $");
+
+int getuid(void)
+{
+    return 17;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/glob.c b/crypto/kerberosIV/lib/roken/glob.c
new file mode 100644
index 0000000..7dd6951
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/glob.c
@@ -0,0 +1,835 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ *	Escaping convention: \ inhibits any special meaning the following
+ *	character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ *	Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ *	Same as GLOB_NOCHECK, but it will only append pattern if it did
+ *	not contain any magic characters.  [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ *	Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ *	expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ *	expand {1,2}{a,b} to 1a 1b 2a 2b 
+ * gl_matchc:
+ *	Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#define	CHAR_DOLLAR		'$'
+#define	CHAR_DOT		'.'
+#define	CHAR_EOS		'\0'
+#define	CHAR_LBRACKET		'['
+#define	CHAR_NOT		'!'
+#define	CHAR_QUESTION		'?'
+#define	CHAR_QUOTE		'\\'
+#define	CHAR_RANGE		'-'
+#define	CHAR_RBRACKET		']'
+#define	CHAR_SEP		'/'
+#define	CHAR_STAR		'*'
+#define	CHAR_TILDE		'~'
+#define	CHAR_UNDERSCORE		'_'
+#define	CHAR_LBRACE		'{'
+#define	CHAR_RBRACE		'}'
+#define	CHAR_SLASH		'/'
+#define	CHAR_COMMA		','
+
+#ifndef DEBUG
+
+#define	M_QUOTE		0x8000
+#define	M_PROTECT	0x4000
+#define	M_MASK		0xffff
+#define	M_ASCII		0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define	M_QUOTE		0x80
+#define	M_PROTECT	0x40
+#define	M_MASK		0xff
+#define	M_ASCII		0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define	CHAR(c)		((Char)((c)&M_ASCII))
+#define	META(c)		((Char)((c)|M_QUOTE))
+#define	M_ALL		META('*')
+#define	M_END		META(']')
+#define	M_NOT		META('!')
+#define	M_ONE		META('?')
+#define	M_RNG		META('-')
+#define	M_SET		META('[')
+#define	ismeta(c)	(((c)&M_QUOTE) != 0)
+
+
+static int	 compare (const void *, const void *);
+static void	 g_Ctoc (const Char *, char *);
+static int	 g_lstat (Char *, struct stat *, glob_t *);
+static DIR	*g_opendir (Char *, glob_t *);
+static Char	*g_strchr (Char *, int);
+#ifdef notdef
+static Char	*g_strcat (Char *, const Char *);
+#endif
+static int	 g_stat (Char *, struct stat *, glob_t *);
+static int	 glob0 (const Char *, glob_t *);
+static int	 glob1 (Char *, glob_t *);
+static int	 glob2 (Char *, Char *, Char *, glob_t *);
+static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *);
+static int	 globextend (const Char *, glob_t *);
+static const Char *	 globtilde (const Char *, Char *, glob_t *);
+static int	 globexp1 (const Char *, glob_t *);
+static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
+static int	 match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void	 qprintf (const char *, Char *);
+#endif
+
+int
+glob(const char *pattern, 
+     int flags, 
+     int (*errfunc)(const char *, int), 
+     glob_t *pglob)
+{
+	const u_char *patnext;
+	int c;
+	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+	patnext = (u_char *) pattern;
+	if (!(flags & GLOB_APPEND)) {
+		pglob->gl_pathc = 0;
+		pglob->gl_pathv = NULL;
+		if (!(flags & GLOB_DOOFFS))
+			pglob->gl_offs = 0;
+	}
+	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+	pglob->gl_errfunc = errfunc;
+	pglob->gl_matchc = 0;
+
+	bufnext = patbuf;
+	bufend = bufnext + MaxPathLen;
+	if (flags & GLOB_QUOTE) {
+		/* Protect the quoted characters. */
+		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+			if (c == CHAR_QUOTE) {
+				if ((c = *patnext++) == CHAR_EOS) {
+					c = CHAR_QUOTE;
+					--patnext;
+				}
+				*bufnext++ = c | M_PROTECT;
+			}
+			else
+				*bufnext++ = c;
+	}
+	else 
+	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
+		    *bufnext++ = c;
+	*bufnext = CHAR_EOS;
+
+	if (flags & GLOB_BRACE)
+	    return globexp1(patbuf, pglob);
+	else
+	    return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+	const Char* ptr = pattern;
+	int rv;
+
+	/* Protect a single {}, for find(1), like csh */
+	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+		return glob0(pattern, pglob);
+
+	while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
+		if (!globexp2(ptr, pattern, pglob, &rv))
+			return rv;
+
+	return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern, 
+		    glob_t *pglob, int *rv)
+{
+	int     i;
+	Char   *lm, *ls;
+	const Char *pe, *pm, *pl;
+	Char    patbuf[MaxPathLen + 1];
+
+	/* copy part up to the brace */
+	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+		continue;
+	ls = lm;
+
+	/* Find the balanced brace */
+	for (i = 0, pe = ++ptr; *pe; pe++)
+		if (*pe == CHAR_LBRACKET) {
+			/* Ignore everything between [] */
+			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+				continue;
+			if (*pe == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pe = pm;
+			}
+		}
+		else if (*pe == CHAR_LBRACE)
+			i++;
+		else if (*pe == CHAR_RBRACE) {
+			if (i == 0)
+				break;
+			i--;
+		}
+
+	/* Non matching braces; just glob the pattern */
+	if (i != 0 || *pe == CHAR_EOS) {
+		*rv = glob0(patbuf, pglob);
+		return 0;
+	}
+
+	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+		switch (*pm) {
+		case CHAR_LBRACKET:
+			/* Ignore everything between [] */
+			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+				continue;
+			if (*pm == CHAR_EOS) {
+				/* 
+				 * We could not find a matching CHAR_RBRACKET.
+				 * Ignore and just look for CHAR_RBRACE
+				 */
+				pm = pl;
+			}
+			break;
+
+		case CHAR_LBRACE:
+			i++;
+			break;
+
+		case CHAR_RBRACE:
+			if (i) {
+			    i--;
+			    break;
+			}
+			/* FALLTHROUGH */
+		case CHAR_COMMA:
+			if (i && *pm == CHAR_COMMA)
+				break;
+			else {
+				/* Append the current string */
+				for (lm = ls; (pl < pm); *lm++ = *pl++)
+					continue;
+				/* 
+				 * Append the rest of the pattern after the
+				 * closing brace
+				 */
+				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+					continue;
+
+				/* Expand the current pattern */
+#ifdef DEBUG
+				qprintf("globexp2:", patbuf);
+#endif
+				*rv = globexp1(patbuf, pglob);
+
+				/* move after the comma, to the next string */
+				pl = pm + 1;
+			}
+			break;
+
+		default:
+			break;
+		}
+	*rv = 0;
+	return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+	struct passwd *pwd;
+	char *h;
+	const Char *p;
+	Char *b;
+
+	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+		return pattern;
+
+	/* Copy up to the end of the string or / */
+	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
+	     *h++ = *p++)
+		continue;
+
+	*h = CHAR_EOS;
+
+	if (((char *) patbuf)[0] == CHAR_EOS) {
+		/* 
+		 * handle a plain ~ or ~/ by expanding $HOME 
+		 * first and then trying the password file
+		 */
+		if ((h = getenv("HOME")) == NULL) {
+			if ((pwd = k_getpwuid(getuid())) == NULL)
+				return pattern;
+			else
+				h = pwd->pw_dir;
+		}
+	}
+	else {
+		/*
+		 * Expand a ~user
+		 */
+		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+			return pattern;
+		else
+			h = pwd->pw_dir;
+	}
+
+	/* Copy the home directory */
+	for (b = patbuf; *h; *b++ = *h++)
+		continue;
+	
+	/* Append the rest of the pattern */
+	while ((*b++ = *p++) != CHAR_EOS)
+		continue;
+
+	return patbuf;
+}
+	
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested).  Returns 0
+ * if things went well, nonzero if errors occurred.  It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+	const Char *qpatnext;
+	int c, err, oldpathc;
+	Char *bufnext, patbuf[MaxPathLen+1];
+
+	qpatnext = globtilde(pattern, patbuf, pglob);
+	oldpathc = pglob->gl_pathc;
+	bufnext = patbuf;
+
+	/* We don't need to check for buffer overflow any more. */
+	while ((c = *qpatnext++) != CHAR_EOS) {
+		switch (c) {
+		case CHAR_LBRACKET:
+			c = *qpatnext;
+			if (c == CHAR_NOT)
+				++qpatnext;
+			if (*qpatnext == CHAR_EOS ||
+			    g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
+				*bufnext++ = CHAR_LBRACKET;
+				if (c == CHAR_NOT)
+					--qpatnext;
+				break;
+			}
+			*bufnext++ = M_SET;
+			if (c == CHAR_NOT)
+				*bufnext++ = M_NOT;
+			c = *qpatnext++;
+			do {
+				*bufnext++ = CHAR(c);
+				if (*qpatnext == CHAR_RANGE &&
+				    (c = qpatnext[1]) != CHAR_RBRACKET) {
+					*bufnext++ = M_RNG;
+					*bufnext++ = CHAR(c);
+					qpatnext += 2;
+				}
+			} while ((c = *qpatnext++) != CHAR_RBRACKET);
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_END;
+			break;
+		case CHAR_QUESTION:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_ONE;
+			break;
+		case CHAR_STAR:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			/* collapse adjacent stars to one, 
+			 * to avoid exponential behavior
+			 */
+			if (bufnext == patbuf || bufnext[-1] != M_ALL)
+			    *bufnext++ = M_ALL;
+			break;
+		default:
+			*bufnext++ = CHAR(c);
+			break;
+		}
+	}
+	*bufnext = CHAR_EOS;
+#ifdef DEBUG
+	qprintf("glob0:", patbuf);
+#endif
+
+	if ((err = glob1(patbuf, pglob)) != 0)
+		return(err);
+
+	/*
+	 * If there was no match we are going to append the pattern 
+	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+	 * and the pattern did not contain any magic characters
+	 * GLOB_NOMAGIC is there just for compatibility with csh.
+	 */
+	if (pglob->gl_pathc == oldpathc && 
+	    ((pglob->gl_flags & GLOB_NOCHECK) || 
+	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
+	       !(pglob->gl_flags & GLOB_MAGCHAR))))
+		return(globextend(pattern, pglob));
+	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
+		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+	return(0);
+}
+
+static int
+compare(const void *p, const void *q)
+{
+	return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(Char *pattern, glob_t *pglob)
+{
+	Char pathbuf[MaxPathLen+1];
+
+	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+	if (*pattern == CHAR_EOS)
+		return(0);
+	return(glob2(pathbuf, pathbuf, pattern, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+
+#ifndef S_ISLNK
+#if defined(S_IFLNK) && defined(S_IFMT)
+#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
+#else
+#define S_ISLNK(mode) 0
+#endif
+#endif
+
+static int
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
+{
+	struct stat sb;
+	Char *p, *q;
+	int anymeta;
+
+	/*
+	 * Loop over pattern segments until end of pattern or until
+	 * segment with meta character found.
+	 */
+	for (anymeta = 0;;) {
+		if (*pattern == CHAR_EOS) {		/* End of pattern? */
+			*pathend = CHAR_EOS;
+			if (g_lstat(pathbuf, &sb, pglob))
+				return(0);
+		
+			if (((pglob->gl_flags & GLOB_MARK) &&
+			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
+			    || (S_ISLNK(sb.st_mode) &&
+			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+			    S_ISDIR(sb.st_mode)))) {
+				*pathend++ = CHAR_SEP;
+				*pathend = CHAR_EOS;
+			}
+			++pglob->gl_matchc;
+			return(globextend(pathbuf, pglob));
+		}
+
+		/* Find end of next segment, copy tentatively to pathend. */
+		q = pathend;
+		p = pattern;
+		while (*p != CHAR_EOS && *p != CHAR_SEP) {
+			if (ismeta(*p))
+				anymeta = 1;
+			*q++ = *p++;
+		}
+
+		if (!anymeta) {		/* No expansion, do next segment. */
+			pathend = q;
+			pattern = p;
+			while (*pattern == CHAR_SEP)
+				*pathend++ = *pattern++;
+		} else			/* Need expansion, recurse. */
+			return(glob3(pathbuf, pathend, pattern, p, pglob));
+	}
+	/* CHAR_NOTREACHED */
+}
+
+static int
+glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
+      glob_t *pglob)
+{
+	struct dirent *dp;
+	DIR *dirp;
+	int err;
+	char buf[MaxPathLen];
+
+	/*
+	 * The readdirfunc declaration can't be prototyped, because it is
+	 * assigned, below, to two functions which are prototyped in glob.h
+	 * and dirent.h as taking pointers to differently typed opaque
+	 * structures.
+	 */
+	struct dirent *(*readdirfunc)(void *);
+
+	*pathend = CHAR_EOS;
+	errno = 0;
+	    
+	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+		/* TODO: don't call for ENOENT or ENOTDIR? */
+		if (pglob->gl_errfunc) {
+			g_Ctoc(pathbuf, buf);
+			if (pglob->gl_errfunc(buf, errno) ||
+			    pglob->gl_flags & GLOB_ERR)
+				return (GLOB_ABEND);
+		}
+		return(0);
+	}
+
+	err = 0;
+
+	/* Search directory for matching names. */
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		readdirfunc = pglob->gl_readdir;
+	else
+		readdirfunc = (struct dirent *(*)(void *))readdir;
+	while ((dp = (*readdirfunc)(dirp))) {
+		u_char *sc;
+		Char *dc;
+
+		/* Initial CHAR_DOT must be matched literally. */
+		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
+			continue;
+		for (sc = (u_char *) dp->d_name, dc = pathend; 
+		     (*dc++ = *sc++) != CHAR_EOS;)
+			continue;
+		if (!match(pathend, pattern, restpattern)) {
+			*pathend = CHAR_EOS;
+			continue;
+		}
+		err = glob2(pathbuf, --dc, restpattern, pglob);
+		if (err)
+			break;
+	}
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		(*pglob->gl_closedir)(dirp);
+	else
+		closedir(dirp);
+	return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(const Char *path, glob_t *pglob)
+{
+	char **pathv;
+	int i;
+	u_int newsize;
+	char *copy;
+	const Char *p;
+
+	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+	pathv = pglob->gl_pathv ? 
+		    realloc(pglob->gl_pathv, newsize) :
+		    malloc(newsize);
+	if (pathv == NULL)
+		return(GLOB_NOSPACE);
+
+	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+		/* first time around -- clear initial gl_offs items */
+		pathv += pglob->gl_offs;
+		for (i = pglob->gl_offs; --i >= 0; )
+			*--pathv = NULL;
+	}
+	pglob->gl_pathv = pathv;
+
+	for (p = path; *p++;)
+		continue;
+	if ((copy = malloc(p - path)) != NULL) {
+		g_Ctoc(path, copy);
+		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+	}
+	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+	return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames.  Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(Char *name, Char *pat, Char *patend)
+{
+	int ok, negate_range;
+	Char c, k;
+
+	while (pat < patend) {
+		c = *pat++;
+		switch (c & M_MASK) {
+		case M_ALL:
+			if (pat == patend)
+				return(1);
+			do 
+			    if (match(name, pat, patend))
+				    return(1);
+			while (*name++ != CHAR_EOS);
+			return(0);
+		case M_ONE:
+			if (*name++ == CHAR_EOS)
+				return(0);
+			break;
+		case M_SET:
+			ok = 0;
+			if ((k = *name++) == CHAR_EOS)
+				return(0);
+			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
+				++pat;
+			while (((c = *pat++) & M_MASK) != M_END)
+				if ((*pat & M_MASK) == M_RNG) {
+					if (c <= k && k <= pat[1])
+						ok = 1;
+					pat += 2;
+				} else if (c == k)
+					ok = 1;
+			if (ok == negate_range)
+				return(0);
+			break;
+		default:
+			if (*name++ != c)
+				return(0);
+			break;
+		}
+	}
+	return(*name == CHAR_EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(glob_t *pglob)
+{
+	int i;
+	char **pp;
+
+	if (pglob->gl_pathv != NULL) {
+		pp = pglob->gl_pathv + pglob->gl_offs;
+		for (i = pglob->gl_pathc; i--; ++pp)
+			if (*pp)
+				free(*pp);
+		free(pglob->gl_pathv);
+	}
+}
+
+static DIR *
+g_opendir(Char *str, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	if (!*str)
+		strcpy_truncate(buf, ".", sizeof(buf));
+	else
+		g_Ctoc(str, buf);
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_opendir)(buf));
+
+	return(opendir(buf));
+}
+
+static int
+g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_lstat)(buf, sb));
+	return(lstat(buf, sb));
+}
+
+static int
+g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+	char buf[MaxPathLen];
+
+	g_Ctoc(fn, buf);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_stat)(buf, sb));
+	return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(Char *str, int ch)
+{
+	do {
+		if (*str == ch)
+			return (str);
+	} while (*str++);
+	return (NULL);
+}
+
+#ifdef notdef
+static Char *
+g_strcat(Char *dst, const Char *src)
+{
+	Char *sdst = dst;
+
+	while (*dst++)
+		continue;
+	--dst;
+	while((*dst++ = *src++) != CHAR_EOS)
+	    continue;
+
+	return (sdst);
+}
+#endif
+
+static void
+g_Ctoc(const Char *str, char *buf)
+{
+	char *dc;
+
+	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
+		continue;
+}
+
+#ifdef DEBUG
+static void 
+qprintf(const Char *str, Char *s)
+{
+	Char *p;
+
+	printf("%s:\n", str);
+	for (p = s; *p; p++)
+		printf("%c", CHAR(*p));
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", *p & M_PROTECT ? '"' : ' ');
+	printf("\n");
+	for (p = s; *p; p++)
+		printf("%c", ismeta(*p) ? '_' : ' ');
+	printf("\n");
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/glob.h b/crypto/kerberosIV/lib/roken/glob.h
new file mode 100644
index 0000000..bece48a
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/glob.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define	_GLOB_H_
+
+struct stat;
+typedef struct {
+	int gl_pathc;		/* Count of total paths so far. */
+	int gl_matchc;		/* Count of paths matching pattern. */
+	int gl_offs;		/* Reserved at beginning of gl_pathv. */
+	int gl_flags;		/* Copy of flags parameter to glob. */
+	char **gl_pathv;	/* List of paths matching pattern. */
+				/* Copy of errfunc parameter to glob. */
+	int (*gl_errfunc) (const char *, int);
+
+	/*
+	 * Alternate filesystem access methods for glob; replacement
+	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
+	 * and lstat(2).
+	 */
+	void (*gl_closedir) (void *);
+	struct dirent *(*gl_readdir) (void *);	
+	void *(*gl_opendir) (const char *);
+	int (*gl_lstat) (const char *, struct stat *);
+	int (*gl_stat) (const char *, struct stat *);
+} glob_t;
+
+#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
+#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
+#define	GLOB_ERR	0x0004	/* Return on error. */
+#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
+#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
+#define	GLOB_NOSORT	0x0020	/* Don't sort. */
+
+#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
+#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
+#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
+#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
+
+#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+#define	GLOB_ABEND	(-2)	/* Unignored error. */
+
+int	glob (const char *, int, int (*)(const char *, int), glob_t *);
+void	globfree (glob_t *);
+
+#endif /* !_GLOB_H_ */
diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c
index 9e47cb5..3653352 100644
--- a/crypto/kerberosIV/lib/roken/hstrerror.c
+++ b/crypto/kerberosIV/lib/roken/hstrerror.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,15 +38,22 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $");
+RCSID("$Id: hstrerror.c,v 1.20.2.1 1999/07/22 03:20:06 assar Exp $");
 #endif
 
-#include "roken.h"
-
 #ifndef HAVE_HSTRERROR
 
+#include "roken.h"
+
 #include <stdio.h>
+
+#ifdef HAVE_NETDB_H
+#if (defined(SunOS) && (SunOS >= 50))
+#define hstrerror broken_proto
+#endif
 #include <netdb.h>
+#undef hstrerror
+#endif
 
 #ifndef HAVE_H_ERRNO
 int h_errno = -17; /* Some magic number */
@@ -73,11 +80,11 @@ extern int h_nerr;
 
 #endif
 
-char *
+const char *
 hstrerror(int herr)
 {
     if (0 <= herr && herr < h_nerr)
-	return (char *) h_errlist[herr];
+	return h_errlist[herr];
     else if(herr == -17)
 	return "unknown error";
     else
diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c
index af158aa..a676bca 100644
--- a/crypto/kerberosIV/lib/roken/inaddr2str.c
+++ b/crypto/kerberosIV/lib/roken/inaddr2str.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $");
+RCSID("$Id: inaddr2str.c,v 1.10 1998/07/13 13:59:46 assar Exp $");
 #endif
 
 #include <stdlib.h>
@@ -52,6 +52,13 @@ RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $");
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
@@ -69,20 +76,20 @@ void
 inaddr2str(struct in_addr addr, char *s, size_t len)
 {
   struct hostent *h;
-  char *p;
+  char **p;
 
-  h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET);
+  h = roken_gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET);
   if (h) {
-    h = gethostbyname (h->h_name);
+    h = roken_gethostbyname (h->h_name);
     if(h)
-      while ((p = *(h->h_addr_list)++))
-	if (memcmp (p, &addr, sizeof(addr)) == 0) {
-	  strncpy (s, h->h_name, len);
-	  s[len - 1] = '\0';
+      for(p = h->h_addr_list;
+	  *p;
+	  ++p)
+	if (memcmp (*p, &addr, sizeof(addr)) == 0) {
+	  strcpy_truncate (s, h->h_name, len);
 	  return;
 	}
   }
-  strncpy (s, inet_ntoa (addr), len);
-  s[len - 1] = '\0';
+  strcpy_truncate (s, inet_ntoa (addr), len);
   return;
 }
diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c
index c97ef74..65687c7 100644
--- a/crypto/kerberosIV/lib/roken/inet_aton.c
+++ b/crypto/kerberosIV/lib/roken/inet_aton.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $");
+RCSID("$Id: inet_aton.c,v 1.11 1997/09/29 14:00:28 assar Exp $");
 #endif
 
 #include "roken.h"
@@ -50,6 +50,13 @@ RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $");
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
diff --git a/crypto/kerberosIV/lib/roken/innetgr.c b/crypto/kerberosIV/lib/roken/innetgr.c
new file mode 100644
index 0000000..4bc57f9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/innetgr.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_INNETGR
+
+RCSID("$Id: innetgr.c,v 1.1 1999/03/11 14:04:01 joda Exp $");
+
+int
+innetgr(const char *netgroup, const char *machine, 
+	const char *user, const char *domain)
+{
+    return 0;
+}
+#endif
+
diff --git a/crypto/kerberosIV/lib/roken/iruserok.c b/crypto/kerberosIV/lib/roken/iruserok.c
new file mode 100644
index 0000000..63eaccf
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/iruserok.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 1983, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: iruserok.c,v 1.21 1999/03/11 14:04:15 joda Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "roken.h"
+
+int     __check_rhosts_file = 1;
+char    *__rcmd_errstr = 0;
+
+/*
+ * Returns "true" if match, 0 if no match.
+ */
+static
+int
+__icheckhost(unsigned raddr, const char *lhost)
+{
+	struct hostent *hp;
+	u_long laddr;
+	char **pp;
+
+	/* Try for raw ip address first. */
+	if (isdigit((unsigned char)*lhost)
+	    && (long)(laddr = inet_addr(lhost)) != -1)
+		return (raddr == laddr);
+
+	/* Better be a hostname. */
+	if ((hp = gethostbyname(lhost)) == NULL)
+		return (0);
+
+	/* Spin through ip addresses. */
+	for (pp = hp->h_addr_list; *pp; ++pp)
+	        if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
+			return (1);
+
+	/* No match. */
+	return (0);
+}
+
+/*
+ * Returns 0 if ok, -1 if not ok.
+ */
+static
+int
+__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
+	     const char *ruser)
+{
+	char *user, *p;
+	int ch;
+	char buf[MaxHostNameLen + 128];		/* host + login */
+	char hname[MaxHostNameLen];
+	struct hostent *hp;
+	/* Presumed guilty until proven innocent. */
+	int userok = 0, hostok = 0;
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+	char *ypdomain;
+
+	if (yp_get_default_domain(&ypdomain))
+		ypdomain = NULL;
+#else
+#define	ypdomain NULL
+#endif
+	/* We need to get the damn hostname back for netgroup matching. */
+	if ((hp = gethostbyaddr((char *)&raddr,
+				sizeof(u_long),
+				AF_INET)) == NULL)
+		return (-1);
+	strcpy_truncate(hname, hp->h_name, sizeof(hname));
+
+	while (fgets(buf, sizeof(buf), hostf)) {
+		p = buf;
+		/* Skip lines that are too long. */
+		if (strchr(p, '\n') == NULL) {
+			while ((ch = getc(hostf)) != '\n' && ch != EOF);
+			continue;
+		}
+		if (*p == '\n' || *p == '#') {
+			/* comment... */
+			continue;
+		}
+		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+		        if (isupper((unsigned char)*p))
+			    *p = tolower((unsigned char)*p);
+			p++;
+		}
+		if (*p == ' ' || *p == '\t') {
+			*p++ = '\0';
+			while (*p == ' ' || *p == '\t')
+				p++;
+			user = p;
+			while (*p != '\n' && *p != ' ' &&
+			    *p != '\t' && *p != '\0')
+				p++;
+		} else
+			user = p;
+		*p = '\0';
+		/*
+		 * Do +/- and +@/-@ checking. This looks really nasty,
+		 * but it matches SunOS's behavior so far as I can tell.
+		 */
+		switch(buf[0]) {
+		case '+':
+			if (!buf[1]) {     /* '+' matches all hosts */
+				hostok = 1;
+				break;
+			}
+			if (buf[1] == '@')  /* match a host by netgroup */
+				hostok = innetgr((char *)&buf[2],
+					(char *)&hname, NULL, ypdomain);
+			else		/* match a host by addr */
+				hostok = __icheckhost(raddr,(char *)&buf[1]);
+			break;
+		case '-':     /* reject '-' hosts and all their users */
+			if (buf[1] == '@') {
+				if (innetgr((char *)&buf[2],
+					      (char *)&hname, NULL, ypdomain))
+					return(-1);
+			} else {
+				if (__icheckhost(raddr,(char *)&buf[1]))
+					return(-1);
+			}
+			break;
+		default:  /* if no '+' or '-', do a simple match */
+			hostok = __icheckhost(raddr, buf);
+			break;
+		}
+		switch(*user) {
+		case '+':
+			if (!*(user+1)) {      /* '+' matches all users */
+				userok = 1;
+				break;
+			}
+			if (*(user+1) == '@')  /* match a user by netgroup */
+				userok = innetgr(user+2, NULL, (char *)ruser,
+						 ypdomain);
+			else	   /* match a user by direct specification */
+				userok = !(strcmp(ruser, user+1));
+			break;
+		case '-': 		/* if we matched a hostname, */
+			if (hostok) {   /* check for user field rejections */
+				if (!*(user+1))
+					return(-1);
+				if (*(user+1) == '@') {
+					if (innetgr(user+2, NULL,
+						    (char *)ruser, ypdomain))
+						return(-1);
+				} else {
+					if (!strcmp(ruser, user+1))
+						return(-1);
+				}
+			}
+			break;
+		default:	/* no rejections: try to match the user */
+			if (hostok)
+				userok = !(strcmp(ruser,*user ? user : luser));
+			break;
+		}
+		if (hostok && userok)
+			return(0);
+	}
+	return (-1);
+}
+
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver.  When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
+{
+	char *cp;
+	struct stat sbuf;
+	struct passwd *pwd;
+	FILE *hostf;
+	uid_t uid;
+	int first;
+	char pbuf[MaxPathLen];
+
+	first = 1;
+	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+	if (hostf) {
+		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
+			fclose(hostf);
+			return (0);
+		}
+		fclose(hostf);
+	}
+	if (first == 1 && (__check_rhosts_file || superuser)) {
+		first = 0;
+		if ((pwd = k_getpwnam((char*)luser)) == NULL)
+			return (-1);
+		snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
+
+		/*
+		 * Change effective uid while opening .rhosts.  If root and
+		 * reading an NFS mounted file system, can't read files that
+		 * are protected read/write owner only.
+		 */
+		uid = geteuid();
+		seteuid(pwd->pw_uid);
+		hostf = fopen(pbuf, "r");
+		seteuid(uid);
+
+		if (hostf == NULL)
+			return (-1);
+		/*
+		 * If not a regular file, or is owned by someone other than
+		 * user or root or if writeable by anyone but the owner, quit.
+		 */
+		cp = NULL;
+		if (lstat(pbuf, &sbuf) < 0)
+			cp = ".rhosts lstat failed";
+		else if (!S_ISREG(sbuf.st_mode))
+			cp = ".rhosts not regular file";
+		else if (fstat(fileno(hostf), &sbuf) < 0)
+			cp = ".rhosts fstat failed";
+		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+			cp = "bad .rhosts owner";
+		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+			cp = ".rhosts writeable by other than owner";
+		/* If there were any problems, quit. */
+		if (cp) {
+			__rcmd_errstr = cp;
+			fclose(hostf);
+			return (-1);
+		}
+		goto again;
+	}
+	return (-1);
+}
diff --git a/crypto/kerberosIV/lib/roken/issuid.c b/crypto/kerberosIV/lib/roken/issuid.c
new file mode 100644
index 0000000..9b84621
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/issuid.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: issuid.c,v 1.2 1998/05/09 17:35:47 joda Exp $");
+#endif
+
+#include "roken.h"
+
+int
+issuid(void)
+{
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+    if(getuid() != geteuid())
+	return 1;
+#endif
+#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
+    if(getgid() != getegid())
+	return 2;
+#endif
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c
index 580b1a2..b11be41 100644
--- a/crypto/kerberosIV/lib/roken/k_getpwnam.c
+++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $");
+RCSID("$Id: k_getpwnam.c,v 1.7 1998/11/22 09:23:18 assar Exp $");
 #endif /* HAVE_CONFIG_H */
 
 #include "roken.h"
@@ -52,7 +52,7 @@ k_getpwnam (char *user)
      struct passwd *p;
 
      p = getpwnam (user);
-#ifdef HAVE_GETSPNAM
+#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
      if(p)
      {
 	  struct spwd *spwd;
diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c
index a3a8f04..76f7f85 100644
--- a/crypto/kerberosIV/lib/roken/k_getpwuid.c
+++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $");
+RCSID("$Id: k_getpwuid.c,v 1.7 1998/11/22 09:23:04 assar Exp $");
 #endif /* HAVE_CONFIG_H */
 
 #include "roken.h"
@@ -52,7 +52,7 @@ k_getpwuid (uid_t uid)
      struct passwd *p;
 
      p = getpwuid (uid);
-#ifdef HAVE_GETSPUID
+#if defined(HAVE_GETSPUID) && defined(HAVE_STRUCT_SPWD)
      if (p)
      {
 	  struct spwd *spwd;
diff --git a/crypto/kerberosIV/lib/roken/make-print-version.c b/crypto/kerberosIV/lib/roken/make-print-version.c
new file mode 100644
index 0000000..ef39372
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/make-print-version.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: make-print-version.c,v 1.1 1998/05/11 20:38:06 joda Exp $");
+#endif
+
+#include <stdio.h>
+
+#ifdef KRB5
+extern char *heimdal_version;
+#endif
+#ifdef KRB4
+extern char *krb4_version;
+#endif
+#include <version.h>
+
+int
+main(int argc, char **argv)
+{
+    FILE *f;
+    if(argc != 2)
+	return 1;
+    f = fopen(argv[1], "w");
+    if(f == NULL)
+	return 1;
+    fprintf(f, "#define VERSIONLIST { ");
+#ifdef KRB5
+    fprintf(f, "\"%s\", ", heimdal_version);
+#endif
+#ifdef KRB4
+    fprintf(f, "\"%s\", ", krb4_version);
+#endif
+    fprintf(f, "}\n");
+    fclose(f);
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c
index 315ff05..e3f7d5a 100644
--- a/crypto/kerberosIV/lib/roken/memmove.c
+++ b/crypto/kerberosIV/lib/roken/memmove.c
@@ -38,14 +38,16 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $");
+RCSID("$Id: memmove.c,v 1.6 1997/07/11 20:20:30 assar Exp $");
 #endif
 
 /* 
  * memmove for systems that doesn't have it 
  */
 
+#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
+#endif
 
 void* memmove(void *s1, const void *s2, size_t n)
 {
diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c
index ccfcfe7..75169d3 100644
--- a/crypto/kerberosIV/lib/roken/mini_inetd.c
+++ b/crypto/kerberosIV/lib/roken/mini_inetd.c
@@ -38,9 +38,11 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $");
+RCSID("$Id: mini_inetd.c,v 1.13 1998/02/05 22:54:33 assar Exp $");
 #endif
 
+#include <stdio.h>
+
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -53,6 +55,13 @@ RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $");
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
 
 #include <roken.h>
 
@@ -60,18 +69,23 @@ void
 mini_inetd (int port)
 {
      struct sockaddr_in sa;
-     int s = socket(AF_INET, SOCK_STREAM, 0);
+     int s;
      int s2;
-     int one = 1;
-     if(s < 0){
+
+     s = socket(AF_INET, SOCK_STREAM, 0);
+     if(s < 0) {
 	  perror("socket");
 	  exit(1);
      }
 #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
-     if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-		   sizeof(one)) < 0){
-	  perror("setsockopt");
-	  exit(1);
+     {
+	 int one = 1;
+
+	 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
+		       sizeof(one)) < 0){
+	     perror("setsockopt");
+	     exit(1);
+	 }
      }
 #endif
      memset(&sa, 0, sizeof(sa));
diff --git a/crypto/kerberosIV/lib/roken/net_read.c b/crypto/kerberosIV/lib/roken/net_read.c
new file mode 100644
index 0000000..2d47d96
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/net_read.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_read.c,v 1.2 1998/11/22 09:45:16 assar Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <roken.h>
+
+/*
+ * Like read but never return partial data.
+ */
+
+ssize_t
+net_read (int fd, void *buf, size_t nbytes)
+{
+    char *cbuf = (char *)buf;
+    ssize_t count;
+    size_t rem = nbytes;
+
+    while (rem > 0) {
+#ifdef WIN32
+	count = recv (fd, cbuf, rem, 0);
+#else
+	count = read (fd, cbuf, rem);
+#endif
+	if (count < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		return count;
+	} else if (count == 0) {
+	    return count;
+	}
+	cbuf += count;
+	rem -= count;
+    }
+    return nbytes;
+}
diff --git a/crypto/kerberosIV/lib/roken/net_write.c b/crypto/kerberosIV/lib/roken/net_write.c
new file mode 100644
index 0000000..35c2d73
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/net_write.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_write.c,v 1.2 1998/11/22 09:45:21 assar Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <roken.h>
+
+/*
+ * Like write but never return partial data.
+ */
+
+ssize_t
+net_write (int fd, const void *buf, size_t nbytes)
+{
+    const char *cbuf = (char *)buf;
+    ssize_t count;
+    size_t rem = nbytes;
+
+    while (rem > 0) {
+#ifdef WIN32
+	count = send (fd, cbuf, rem, 0);
+#else
+	count = write (fd, cbuf, rem);
+#endif
+	if (count < 0) {
+	    if (errno == EINTR)
+		continue;
+	    else
+		return count;
+	}
+	cbuf += count;
+	rem -= count;
+    }
+    return nbytes;
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_time.c b/crypto/kerberosIV/lib/roken/parse_time.c
new file mode 100644
index 0000000..8428251
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_time.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_time.c,v 1.4 1998/02/20 07:51:44 assar Exp $");
+#endif
+
+#include <parse_units.h>
+#include "parse_time.h"
+
+static units time_units[] = {
+    {"year",	365 * 24 * 60 * 60},
+    {"month",	30 * 24 * 60 * 60},
+    {"week",	7 * 24 * 60 * 60},
+    {"day",	24 * 60 * 60},
+    {"hour",	60 * 60},
+    {"h",	60 * 60},
+    {"minute",	60},
+    {"m",	60},
+    {"second",	1},
+    {"s",	1},
+    {NULL, 0},
+};
+
+int
+parse_time (const char *s, const char *def_unit)
+{
+    return parse_units (s, time_units, def_unit);
+}
+
+size_t
+unparse_time (int t, char *s, size_t len)
+{
+    return unparse_units (t, time_units, s, len);
+}
+
+size_t
+unparse_time_approx (int t, char *s, size_t len)
+{
+    return unparse_units_approx (t, time_units, s, len);
+}
+
+void
+print_time_table (FILE *f)
+{
+    print_units_table (time_units, f);
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_time.h b/crypto/kerberosIV/lib/roken/parse_time.h
new file mode 100644
index 0000000..d05d37e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_time.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: parse_time.h,v 1.3 1998/02/20 07:51:55 assar Exp $ */
+
+#ifndef __PARSE_TIME_H__
+#define __PARSE_TIME_H__
+
+int
+parse_time (const char *s, const char *def_unit);
+
+size_t
+unparse_time (int t, char *s, size_t len);
+
+size_t
+unparse_time_approx (int t, char *s, size_t len);
+
+void
+print_time_table (FILE *f);
+
+#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/kerberosIV/lib/roken/parse_units.c b/crypto/kerberosIV/lib/roken/parse_units.c
new file mode 100644
index 0000000..7dafa77
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_units.c
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_units.c,v 1.10 1999/06/23 12:41:35 assar Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <roken.h>
+#include "parse_units.h"
+
+/*
+ * Parse string in `s' according to `units' and return value.
+ * def_unit defines the default unit.
+ */
+
+static int
+parse_something (const char *s, const struct units *units,
+		 const char *def_unit,
+		 int (*func)(int res, int val, unsigned mult),
+		 int init,
+		 int accept_no_val_p)
+{
+    const char *p;
+    int res = init;
+    unsigned def_mult = 1;
+
+    if (def_unit != NULL) {
+	const struct units *u;
+
+	for (u = units; u->name; ++u) {
+	    if (strcasecmp (u->name, def_unit) == 0) {
+		def_mult = u->mult;
+		break;
+	    }
+	}
+	if (u->name == NULL)
+	    return -1;
+    }
+
+    p = s;
+    while (*p) {
+	double val;
+	char *next;
+	const struct units *u, *partial_unit;
+	size_t u_len;
+	unsigned partial;
+
+	while(isspace((unsigned char)*p) || *p == ',')
+	    ++p;
+
+	val = strtod (p, &next); /* strtol(p, &next, 0); */
+	if (val == 0 && p == next) {
+	    if(!accept_no_val_p)
+		return -1;
+	}
+	p = next;
+	while (isspace((unsigned char)*p))
+	    ++p;
+	if (*p == '\0') {
+	    res = (*func)(res, val, def_mult);
+	    if (res < 0)
+		return res;
+	    break;
+	} else if (*p == '+') {
+	    ++p;
+	    val = 1;
+	} else if (*p == '-') {
+	    ++p;
+	    val = -1;
+	}
+	if (val == 0)
+	    val = 1;
+	u_len = strcspn (p, ", \t");
+	partial = 0;
+	partial_unit = NULL;
+	if (u_len > 1 && p[u_len - 1] == 's')
+	    --u_len;
+	for (u = units; u->name; ++u) {
+	    if (strncasecmp (p, u->name, u_len) == 0) {
+		if (u_len == strlen (u->name)) {
+		    p += u_len;
+		    res = (*func)(res, val, u->mult);
+		    if (res < 0)
+			return res;
+		    break;
+		} else {
+		    ++partial;
+		    partial_unit = u;
+		}
+	    }
+	}
+	if (u->name == NULL) {
+	    if (partial == 1) {
+		p += u_len;
+		res = (*func)(res, val, partial_unit->mult);
+		if (res < 0)
+		    return res;
+	    } else {
+		return -1;
+	    }
+	}
+	if (*p == 's')
+	    ++p;
+    }
+    return res;
+}
+
+/*
+ * The string consists of a sequence of `n unit'
+ */
+
+static int
+acc_units(int res, int val, unsigned mult)
+{
+    return res + val * mult;
+}
+
+int
+parse_units (const char *s, const struct units *units,
+	     const char *def_unit)
+{
+    return parse_something (s, units, def_unit, acc_units, 0, 0);
+}
+
+/*
+ * The string consists of a sequence of `[+-]flag'.  `orig' consists
+ * the original set of flags, those are then modified and returned as
+ * the function value.
+ */
+
+static int
+acc_flags(int res, int val, unsigned mult)
+{
+    if(val == 1)
+	return res | mult;
+    else if(val == -1)
+	return res & ~mult;
+    else if (val == 0)
+	return mult;
+    else
+	return -1;
+}
+
+int
+parse_flags (const char *s, const struct units *units,
+	     int orig)
+{
+    return parse_something (s, units, NULL, acc_flags, orig, 1);
+}
+
+/*
+ * Return a string representation according to `units' of `num' in `s'
+ * with maximum length `len'.  The actual length is the function value.
+ */
+
+static size_t
+unparse_something (int num, const struct units *units, char *s, size_t len,
+		   int (*print) (char *s, size_t len, int div,
+				const char *name, int rem),
+		   int (*update) (int in, unsigned mult),
+		   const char *zero_string)
+{
+    const struct units *u;
+    size_t ret = 0, tmp;
+
+    if (num == 0)
+	return snprintf (s, len, "%s", zero_string);
+
+    for (u = units; num > 0 && u->name; ++u) {
+	int div;
+
+	div = num / u->mult;
+	if (div) {
+	    num = (*update) (num, u->mult);
+	    tmp = (*print) (s, len, div, u->name, num);
+
+	    len -= tmp;
+	    s += tmp;
+	    ret += tmp;
+	}
+    }
+    return ret;
+}
+
+static int
+print_unit (char *s, size_t len, int div, const char *name, int rem)
+{
+    return snprintf (s, len, "%u %s%s%s",
+		     div, name,
+		     div == 1 ? "" : "s",
+		     rem > 0 ? " " : "");
+}
+
+static int
+update_unit (int in, unsigned mult)
+{
+    return in % mult;
+}
+
+static int
+update_unit_approx (int in, unsigned mult)
+{
+    if (in / mult > 0)
+	return 0;
+    else
+	return update_unit (in, mult);
+}
+
+size_t
+unparse_units (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_unit,
+			      update_unit,
+			      "0");
+}
+
+size_t
+unparse_units_approx (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_unit,
+			      update_unit_approx,
+			      "0");
+}
+
+void
+print_units_table (const struct units *units, FILE *f)
+{
+    const struct units *u, *u2;
+    unsigned max_sz = 0;
+
+    for (u = units; u->name; ++u) {
+	max_sz = max(max_sz, strlen(u->name));
+    }
+
+    for (u = units; u->name;) {
+	char buf[1024];
+	const struct units *next;
+
+	for (next = u + 1; next->name && next->mult == u->mult; ++next)
+	    ;
+
+	if (next->name) {
+	    for (u2 = next;
+		 u2->name && u->mult % u2->mult != 0;
+		 ++u2)
+		;
+	    if (u2->name == NULL)
+		--u2;
+	    unparse_units (u->mult, u2, buf, sizeof(buf));
+	    fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
+	} else {
+	    fprintf (f, "1 %s\n", u->name);
+	}
+	u = next;
+    }
+}
+
+static int
+print_flag (char *s, size_t len, int div, const char *name, int rem)
+{
+    return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
+}
+
+static int
+update_flag (int in, unsigned mult)
+{
+    return in - mult;
+}
+
+size_t
+unparse_flags (int num, const struct units *units, char *s, size_t len)
+{
+    return unparse_something (num, units, s, len,
+			      print_flag,
+			      update_flag,
+			      "");
+}
+
+void
+print_flags_table (const struct units *units, FILE *f)
+{
+    const struct units *u;
+
+    for(u = units; u->name; ++u)
+	fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
+}
diff --git a/crypto/kerberosIV/lib/roken/parse_units.h b/crypto/kerberosIV/lib/roken/parse_units.h
new file mode 100644
index 0000000..e3c0341
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/parse_units.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: parse_units.h,v 1.5 1998/02/20 07:51:18 assar Exp $ */
+
+#ifndef __PARSE_UNITS_H__
+#define __PARSE_UNITS_H__
+
+#include <stdio.h>
+#include <stddef.h>
+
+struct units {
+    const char *name;
+    unsigned mult;
+};
+
+typedef struct units units;
+
+int
+parse_units (const char *s, const struct units *units,
+	     const char *def_unit);
+
+void
+print_units_table (const struct units *units, FILE *f);
+
+int
+parse_flags (const char *s, const struct units *units,
+	     int orig);
+
+size_t
+unparse_units (int num, const struct units *units, char *s, size_t len);
+
+size_t
+unparse_units_approx (int num, const struct units *units, char *s,
+		      size_t len);
+
+size_t
+unparse_flags (int num, const struct units *units, char *s, size_t len);
+
+void
+print_flags_table (const struct units *units, FILE *f);
+
+#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/kerberosIV/lib/roken/print_version.c b/crypto/kerberosIV/lib/roken/print_version.c
new file mode 100644
index 0000000..00e612f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/print_version.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: print_version.c,v 1.4 1999/02/20 14:48:43 joda Exp $");
+#endif
+#include "roken.h"
+
+#include "print_version.h"
+
+void
+print_version(const char *progname)
+{
+    const char *arg[] = VERSIONLIST;
+    const int num_args = sizeof(arg) / sizeof(arg[0]);
+    char *msg;
+    size_t len = 0;
+    int i;
+    
+    if(progname == NULL)
+	progname = __progname;
+    
+    if(num_args == 0)
+	msg = "no version information";
+    else {
+	for(i = 0; i < num_args; i++) {
+	    if(i > 0)
+		len += 2;
+	    len += strlen(arg[i]);
+	}
+	msg = malloc(len + 1);
+	if(msg == NULL) {
+	    fprintf(stderr, "%s: out of memory\n", progname);
+	    return;
+	}
+	msg[0] = '\0';
+	for(i = 0; i < num_args; i++) {
+	    if(i > 0)
+		strcat(msg, ", ");
+	    strcat(msg, arg[i]);
+	}
+    }
+    fprintf(stderr, "%s (%s)\n", progname, msg);
+    fprintf(stderr, "Copyright (c) 1999 Kungliga Tekniska Högskolan\n");
+    if(num_args != 0)
+	free(msg);
+}
diff --git a/crypto/kerberosIV/lib/roken/readv.c b/crypto/kerberosIV/lib/roken/readv.c
new file mode 100644
index 0000000..aee8441
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/readv.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: readv.c,v 1.4 1999/07/06 04:01:06 assar Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+readv(int d, const struct iovec *iov, int iovcnt)
+{
+    ssize_t ret, nb;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+
+    for(i = 0; i < iovcnt; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    nb = ret = read (d, buf, tot);
+    p = buf;
+    while (nb > 0) {
+	ssize_t cnt = min(nb, iov->iov_len);
+
+	memcpy (iov->iov_base, p, cnt);
+	p += cnt;
+	nb -= cnt;
+    }
+    free(buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/recvmsg.c b/crypto/kerberosIV/lib/roken/recvmsg.c
new file mode 100644
index 0000000..cf1fed7
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/recvmsg.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: recvmsg.c,v 1.4 1999/07/03 02:35:48 assar Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+recvmsg(int s, struct msghdr *msg, int flags)
+{
+    ssize_t ret, nb;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+    struct iovec *iov = msg->msg_iov;
+
+    for(i = 0; i < msg->msg_iovlen; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
+    p = buf;
+    while (nb > 0) {
+	ssize_t cnt = min(nb, iov->iov_len);
+
+	memcpy (iov->iov_base, p, cnt);
+	p += cnt;
+	nb -= cnt;
+	++iov;
+    }
+    free(buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/resolve.c b/crypto/kerberosIV/lib/roken/resolve.c
new file mode 100644
index 0000000..d7c2218
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resolve.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include "resolve.h"
+
+RCSID("$Id: resolve.c,v 1.21 1999/07/03 02:36:26 assar Exp $");
+
+#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND)
+
+#define DECL(X) {#X, T_##X}
+
+static struct stot{
+    const char *name;
+    int type;
+}stot[] = {
+    DECL(A),
+    DECL(NS),
+    DECL(CNAME),
+    DECL(PTR),
+    DECL(MX),
+    DECL(TXT),
+    DECL(AFSDB),
+    DECL(SRV),
+    {NULL, 	0}
+};
+
+int _resolve_debug;
+
+static int
+string_to_type(const char *name)
+{
+    struct stot *p = stot;
+    for(p = stot; p->name; p++)
+	if(strcasecmp(name, p->name) == 0)
+	    return p->type;
+    return -1;
+}
+
+static const char *
+type_to_string(int type)
+{
+    struct stot *p = stot;
+    for(p = stot; p->name; p++)
+	if(type == p->type)
+	    return p->name;
+    return NULL;
+}
+
+void
+dns_free_data(struct dns_reply *r)
+{
+    struct resource_record *rr;
+    if(r->q.domain)
+	free(r->q.domain);
+    for(rr = r->head; rr;){
+	struct resource_record *tmp = rr;
+	if(rr->domain)
+	    free(rr->domain);
+	if(rr->u.data)
+	    free(rr->u.data);
+	rr = rr->next;
+	free(tmp);
+    }
+    free (r);
+}
+
+static struct dns_reply*
+parse_reply(unsigned char *data, int len)
+{
+    unsigned char *p;
+    char host[128];
+    int status;
+    
+    struct dns_reply *r;
+    struct resource_record **rr;
+    
+    r = calloc(1, sizeof(*r));
+    if (r == NULL)
+	return NULL;
+
+    p = data;
+#if 0
+    /* doesn't work on Crays */
+    memcpy(&r->h, p, sizeof(HEADER));
+    p += sizeof(HEADER);
+#else
+    memcpy(&r->h, p, 12); /* XXX this will probably be mostly garbage */
+    p += 12;
+#endif
+    status = dn_expand(data, data + len, p, host, sizeof(host));
+    if(status < 0){
+	dns_free_data(r);
+	return NULL;
+    }
+    r->q.domain = strdup(host);
+    if(r->q.domain == NULL) {
+	dns_free_data(r);
+	return NULL;
+    }
+    p += status;
+    r->q.type = (p[0] << 8 | p[1]);
+    p += 2;
+    r->q.class = (p[0] << 8 | p[1]);
+    p += 2;
+    rr = &r->head;
+    while(p < data + len){
+	int type, class, ttl, size;
+	status = dn_expand(data, data + len, p, host, sizeof(host));
+	if(status < 0){
+	    dns_free_data(r);
+	    return NULL;
+	}
+	p += status;
+	type = (p[0] << 8) | p[1];
+	p += 2;
+	class = (p[0] << 8) | p[1];
+	p += 2;
+	ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	p += 4;
+	size = (p[0] << 8) | p[1];
+	p += 2;
+	*rr = (struct resource_record*)calloc(1, 
+					      sizeof(struct resource_record));
+	if(*rr == NULL) {
+	    dns_free_data(r);
+	    return NULL;
+	}
+	(*rr)->domain = strdup(host);
+	if((*rr)->domain == NULL) {
+	    dns_free_data(r);
+	    return NULL;
+	}
+	(*rr)->type = type;
+	(*rr)->class = class;
+	(*rr)->ttl = ttl;
+	(*rr)->size = size;
+	switch(type){
+	case T_NS:
+	case T_CNAME:
+	case T_PTR:
+	    status = dn_expand(data, data + len, p, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.txt = strdup(host);
+	    if((*rr)->u.txt == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    break;
+	case T_MX:
+	case T_AFSDB:{
+	    status = dn_expand(data, data + len, p + 2, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + 
+						    strlen(host));
+	    if((*rr)->u.mx == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.mx->preference = (p[0] << 8) | p[1];
+	    strcpy((*rr)->u.mx->domain, host);
+	    break;
+	}
+	case T_SRV:{
+	    status = dn_expand(data, data + len, p + 6, host, sizeof(host));
+	    if(status < 0){
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.srv = 
+		(struct srv_record*)malloc(sizeof(struct srv_record) + 
+					   strlen(host));
+	    if((*rr)->u.srv == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    (*rr)->u.srv->priority = (p[0] << 8) | p[1];
+	    (*rr)->u.srv->weight = (p[2] << 8) | p[3];
+	    (*rr)->u.srv->port = (p[4] << 8) | p[5];
+	    strcpy((*rr)->u.srv->target, host);
+	    break;
+	}
+	case T_TXT:{
+	    (*rr)->u.txt = (char*)malloc(size + 1);
+	    if((*rr)->u.txt == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    strncpy((*rr)->u.txt, (char*)p + 1, *p);
+	    (*rr)->u.txt[*p] = 0;
+	    break;
+	}
+	    
+	default:
+	    (*rr)->u.data = (unsigned char*)malloc(size);
+	    if(size != 0 && (*rr)->u.data == NULL) {
+		dns_free_data(r);
+		return NULL;
+	    }
+	    memcpy((*rr)->u.data, p, size);
+	}
+	p += size;
+	rr = &(*rr)->next;
+    }
+    *rr = NULL;
+    return r;
+}
+
+static struct dns_reply *
+dns_lookup_int(const char *domain, int rr_class, int rr_type)
+{
+    unsigned char reply[1024];
+    int len;
+    struct dns_reply *r = NULL;
+    u_long old_options = 0;
+    
+    if (_resolve_debug) {
+        old_options = _res.options;
+	_res.options |= RES_DEBUG;
+	fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain,
+		rr_class, type_to_string(rr_type));
+    }
+    len = res_search(domain, rr_class, rr_type, reply, sizeof(reply));
+    if (_resolve_debug) {
+        _res.options = old_options;
+	fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
+		domain, rr_class, type_to_string(rr_type), len);
+    }
+    if (len >= 0)
+	r = parse_reply(reply, len);
+    return r;
+}
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+    int type;
+    
+    type = string_to_type(type_name);
+    if(type == -1) {
+	if(_resolve_debug)
+	    fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", 
+		    type_name);
+	return NULL;
+    }
+    return dns_lookup_int(domain, C_IN, type);
+}
+
+#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
+
+struct dns_reply *
+dns_lookup(const char *domain, const char *type_name)
+{
+    return NULL;
+}
+
+void
+dns_free_data(struct dns_reply *r)
+{
+}
+
+#endif
+
+#ifdef TEST
+int 
+main(int argc, char **argv)
+{
+    struct dns_reply *r;
+    struct resource_record *rr;
+    r = dns_lookup(argv[1], argv[2]);
+    if(r == NULL){
+	printf("No reply.\n");
+	return 1;
+    }
+    for(rr = r->head; rr;rr=rr->next){
+	printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl);
+	switch(rr->type){
+	case T_NS:
+	    printf("%s\n", (char*)rr->u.data);
+	    break;
+	case T_A:
+	    printf("%d.%d.%d.%d\n", 
+		   ((unsigned char*)rr->u.data)[0],
+		   ((unsigned char*)rr->u.data)[1],
+		   ((unsigned char*)rr->u.data)[2],
+		   ((unsigned char*)rr->u.data)[3]);
+	    break;
+	case T_MX:
+	case T_AFSDB:{
+	    struct mx_record *mx = (struct mx_record*)rr->u.data;
+	    printf("%d %s\n", mx->preference, mx->domain);
+	    break;
+	}
+	case T_SRV:{
+	    struct srv_record *srv = (struct srv_record*)rr->u.data;
+	    printf("%d %d %d %s\n", srv->priority, srv->weight, 
+		   srv->port, srv->target);
+	    break;
+	}
+	default:
+	    printf("\n");
+	    break;
+	}
+    }
+    
+    return 0;
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/resolve.h b/crypto/kerberosIV/lib/roken/resolve.h
new file mode 100644
index 0000000..a77827f
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resolve.h
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: resolve.h,v 1.7 1998/11/26 16:09:41 joda Exp $ */
+
+#ifndef __RESOLVE_H__
+#define __RESOLVE_H__
+
+/* We use these, but they are not always present in <arpa/nameser.h> */
+
+#ifndef T_TXT
+#define T_TXT		16
+#endif
+#ifndef T_AFSDB
+#define T_AFSDB		18
+#endif
+#ifndef T_SRV
+#define T_SRV		33
+#endif
+#ifndef T_NAPTR
+#define T_NAPTR		35
+#endif
+
+struct dns_query{
+    char *domain;
+    unsigned type;
+    unsigned class;
+};
+
+struct mx_record{
+    unsigned  preference;
+    char domain[1];
+};
+
+struct srv_record{
+    unsigned priority;
+    unsigned weight;
+    unsigned port;
+    char target[1];
+};
+
+struct resource_record{
+    char *domain;
+    unsigned type;
+    unsigned class;
+    unsigned ttl;
+    unsigned size;
+    union {
+	void *data;
+	struct mx_record *mx;
+	struct mx_record *afsdb; /* mx and afsdb are identical */
+	struct srv_record *srv;
+	struct in_addr *a;
+	char *txt;
+    }u;
+    struct resource_record *next;
+};
+
+#ifndef T_A /* XXX if <arpa/nameser.h> isn't included */
+typedef int HEADER; /* will never be used */
+#endif
+
+struct dns_reply{
+    HEADER h;
+    struct dns_query q;
+    struct resource_record *head;
+};
+
+
+struct dns_reply* dns_lookup(const char *, const char *);
+void dns_free_data(struct dns_reply *);
+
+#endif /* __RESOLVE_H__ */
diff --git a/crypto/kerberosIV/lib/roken/resource.h b/crypto/kerberosIV/lib/roken/resource.h
new file mode 100644
index 0000000..01cd01d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/resource.h
@@ -0,0 +1,15 @@
+//{{NO_DEPENDENCIES}}

+// Microsoft Developer Studio generated include file.

+// Used by roken.rc

+//

+

+// Next default values for new objects

+// 

+#ifdef APSTUDIO_INVOKED

+#ifndef APSTUDIO_READONLY_SYMBOLS

+#define _APS_NEXT_RESOURCE_VALUE        101

+#define _APS_NEXT_COMMAND_VALUE         40001

+#define _APS_NEXT_CONTROL_VALUE         1000

+#define _APS_NEXT_SYMED_VALUE           101

+#endif

+#endif

diff --git a/crypto/kerberosIV/lib/roken/roken-common.h b/crypto/kerberosIV/lib/roken/roken-common.h
new file mode 100644
index 0000000..53003a9
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken-common.h
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken-common.h,v 1.13 1999/03/20 02:46:16 assar Exp $ */
+
+#ifndef __ROKEN_COMMON_H__
+#define __ROKEN_COMMON_H__
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+#ifndef SOMAXCONN
+#define SOMAXCONN 5
+#endif
+
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
+
+#ifndef max
+#define max(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#ifndef min
+#define min(a,b) (((a)<(b))?(a):(b))
+#endif
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#ifndef LOG_DAEMON
+#define openlog(id,option,facility) openlog((id),(option))
+#define	LOG_DAEMON	0
+#endif
+#ifndef LOG_ODELAY
+#define LOG_ODELAY 0
+#endif
+#ifndef LOG_NDELAY
+#define LOG_NDELAY 0x08
+#endif
+#ifndef LOG_CONS
+#define LOG_CONS 0
+#endif
+#ifndef LOG_AUTH
+#define LOG_AUTH 0
+#endif
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+
+#ifndef F_OK
+#define F_OK 0
+#endif
+
+#ifndef O_ACCMODE
+#define O_ACCMODE	003
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef MAXPATHLEN
+#define MAXPATHLEN (1024+4)
+#endif
+
+#ifndef SIG_ERR
+#define SIG_ERR ((RETSIGTYPE (*)())-1)
+#endif
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+#if IRIX != 4 /* fix for compiler bug */
+#ifdef RETSIGTYPE
+typedef RETSIGTYPE (*SigAction)(/* int??? */);
+SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
+#endif
+#endif
+
+int ROKEN_LIB_FUNCTION simple_execvp(const char*, char *const[]);
+int ROKEN_LIB_FUNCTION simple_execlp(const char*, ...);
+
+void ROKEN_LIB_FUNCTION print_version(const char *);
+
+void *ROKEN_LIB_FUNCTION emalloc (size_t);
+void *ROKEN_LIB_FUNCTION erealloc (void *, size_t);
+char *ROKEN_LIB_FUNCTION estrdup (const char *);
+
+ssize_t ROKEN_LIB_FUNCTION eread (int fd, void *buf, size_t nbytes);
+ssize_t ROKEN_LIB_FUNCTION ewrite (int fd, const void *buf, size_t nbytes);
+
+#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/kerberosIV/lib/roken/roken.awk b/crypto/kerberosIV/lib/roken/roken.awk
new file mode 100644
index 0000000..c9ecab3
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.awk
@@ -0,0 +1,35 @@
+BEGIN {
+	print "#include <stdio.h>"
+	print "#ifdef HAVE_CONFIG_H"
+	print "#include <config.h>"
+	print "#endif"
+	print ""
+	print "int main()"
+	print "{"
+	    print "puts(\"/* This is an OS dependent, generated file */\");"
+	print "puts(\"\\n\");"
+	print "puts(\"#ifndef __ROKEN_H__\");"
+	print "puts(\"#define __ROKEN_H__\");"
+	print "puts(\"\");"
+}
+END {
+	print "puts(\"#endif /* __ROKEN_H__ */\");"
+	print "exit(0);"
+	print "}"
+}
+
+$1 == "\#ifdef" || $1 == "\#ifndef" || $1 == "\#if" || $1 == "\#else" || $1 == "\#elif" || $1 == "\#endif" {
+	print $0;
+	next
+}
+
+{
+	s = ""
+	for(i = 1; i <= length; i++){
+		x = substr($0, i, 1)
+		if(x == "\"" || x == "\\")
+			s = s "\\";
+		s = s x;
+	}
+	print "puts(\"" s "\");"
+}
diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def
index 13e3572..f9b0369 100644
--- a/crypto/kerberosIV/lib/roken/roken.def
+++ b/crypto/kerberosIV/lib/roken/roken.def
@@ -1,4 +1,17 @@
-LIBRARY roken
+LIBRARY roken BASE=0x68f0000
 EXPORTS
 	gettimeofday
 	strcasecmp
+	strtok_r
+	snprintf
+	asprintf
+	vsnprintf
+	base64_decode
+	base64_encode
+	roken_concat
+	roken_vconcat
+	roken_vmconcat
+	roken_mconcat
+	getuid
+	dns_free_data
+	dns_lookup
diff --git a/crypto/kerberosIV/lib/roken/roken.dsp b/crypto/kerberosIV/lib/roken/roken.dsp
new file mode 100644
index 0000000..d84854e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.dsp
@@ -0,0 +1,156 @@
+# Microsoft Developer Studio Project File - Name="roken" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 5.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=roken - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "roken.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "roken - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir ".\Release"
+# PROP BASE Intermediate_Dir ".\Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir ".\Release"
+# PROP Intermediate_Dir ".\Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x68e7780" /subsystem:windows /dll /machine:I386
+
+!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir ".\Debug"
+# PROP BASE Intermediate_Dir ".\Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir ".\Debug"
+# PROP Intermediate_Dir ".\Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
+# ADD CPP /nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386 /def:".\roken.def"
+# SUBTRACT LINK32 /pdb:none
+
+!ENDIF 
+
+# Begin Target
+
+# Name "roken - Win32 Release"
+# Name "roken - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+# Begin Source File
+
+SOURCE=.\base64.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\concat.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\gettimeofday.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\getuid.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\resolve.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\roken.def
+
+!IF  "$(CFG)" == "roken - Win32 Release"
+
+!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+
+# PROP Exclude_From_Build 1
+
+!ENDIF 
+
+# End Source File
+# Begin Source File
+
+SOURCE=.\snprintf.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\strcasecmp.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\strtok_r.c
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
+# Begin Source File
+
+SOURCE=.\resolve.h
+# End Source File
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+# Begin Source File
+
+SOURCE=.\roken.rc
+# End Source File
+# End Group
+# End Target
+# End Project
diff --git a/crypto/kerberosIV/lib/roken/roken.h.in b/crypto/kerberosIV/lib/roken/roken.h.in
new file mode 100644
index 0000000..b86da81
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.h.in
@@ -0,0 +1,435 @@
+/* -*- C -*- */
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken.h.in,v 1.113.2.1 1999/07/22 03:20:59 assar Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <signal.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef ROKEN_LIB_FUNCTION
+#if defined(__BORLANDC__)
+#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet */
+#elif defined(_MSC_VER)
+#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet2 */
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#include <roken-common.h>
+
+#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
+#define setsid _setsid
+#endif
+
+#ifndef HAVE_PUTENV
+int putenv(const char *string);
+#endif
+
+#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
+int setenv(const char *var, const char *val, int rewrite);
+#endif
+
+#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
+void unsetenv(const char *name);
+#endif
+
+#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
+char *getusershell(void);
+void endusershell(void);
+#endif
+
+#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
+int snprintf (char *str, size_t sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
+int vsnprintf (char *str, size_t sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+#endif
+
+#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
+int asprintf (char **ret, const char *format, ...)
+     __attribute__ ((format (printf, 2, 3)));
+#endif
+
+#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
+int vasprintf (char **ret, const char *format, va_list ap)
+     __attribute__((format (printf, 2, 0)));
+#endif
+
+#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
+int asnprintf (char **ret, size_t max_sz, const char *format, ...)
+     __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
+int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
+     __attribute__((format (printf, 3, 0)));
+#endif
+
+#ifndef HAVE_STRDUP
+char * strdup(const char *old);
+#endif
+
+#ifndef HAVE_STRNDUP
+char * strndup(const char *old, size_t sz);
+#endif
+
+#ifndef HAVE_STRLWR
+char * strlwr(char *);
+#endif
+
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char*, size_t);
+#endif
+
+#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
+char *strsep(char**, const char*);
+#endif
+
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+#endif
+
+#ifdef NEED_FCLOSE_PROTO
+int fclose(FILE *);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char *strtok_r(char *s1, const char *s2, char **lasts);
+#endif
+
+#ifndef HAVE_STRUPR
+char * strupr(char *);
+#endif
+
+#ifndef HAVE_STRCPY_TRUNCATE
+int strcpy_truncate (char *dst, const char *src, size_t dst_sz);
+#endif
+
+#ifndef HAVE_STRCAT_TRUNCATE
+int strcat_truncate (char *dst, const char *src, size_t dst_sz);
+#endif
+
+#ifndef HAVE_GETDTABLESIZE
+int getdtablesize(void);
+#endif
+
+#if !defined(HAVE_STRERROR) && !defined(strerror)
+char *strerror(int eno);
+#endif
+
+#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
+/* This causes a fatal error under Psoriasis */
+#if !(defined(SunOS) && (SunOS >= 50))
+const char *hstrerror(int herr);
+#endif
+#endif
+
+#ifndef HAVE_H_ERRNO_DECLARATION
+extern int h_errno;
+#endif
+
+#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
+int inet_aton(const char *cp, struct in_addr *adr);
+#endif
+
+#if !defined(HAVE_GETCWD)
+char* getcwd(char *path, size_t size);
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+struct passwd *k_getpwnam (char *user);
+struct passwd *k_getpwuid (uid_t uid);
+#endif
+
+const char *get_default_username (void);
+
+#ifndef HAVE_SETEUID
+int seteuid(uid_t euid);
+#endif
+
+#ifndef HAVE_SETEGID
+int setegid(gid_t egid);
+#endif
+
+#ifndef HAVE_LSTAT
+int lstat(const char *path, struct stat *buf);
+#endif
+
+#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
+int mkstemp(char *);
+#endif
+
+#ifndef HAVE_INITGROUPS
+int initgroups(const char *name, gid_t basegid);
+#endif
+
+#ifndef HAVE_FCHOWN
+int fchown(int fd, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_DAEMON
+int daemon(int nochdir, int noclose);
+#endif
+
+#ifndef HAVE_INNETGR
+int innetgr(const char *netgroup, const char *machine, 
+	    const char *user, const char *domain);
+#endif
+
+#ifndef HAVE_CHOWN
+int chown(const char *path, uid_t owner, gid_t group);
+#endif
+
+#ifndef HAVE_RCMD
+int rcmd(char **ahost, unsigned short inport, const char *locuser,
+	 const char *remuser, const char *cmd, int *fd2p);
+#endif
+
+#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
+int innetgr(const char*, const char*, const char*, const char*);
+#endif
+
+#ifndef HAVE_IRUSEROK
+int iruserok(unsigned raddr, int superuser, const char *ruser,
+	     const char *luser);
+#endif
+
+#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
+int gethostname(char *name, int namelen);
+#endif
+
+#ifndef HAVE_WRITEV
+ssize_t
+writev(int d, const struct iovec *iov, int iovcnt);
+#endif
+
+#ifndef HAVE_READV
+ssize_t
+readv(int d, const struct iovec *iov, int iovcnt);
+#endif
+
+#ifndef HAVE_MKSTEMP
+int
+mkstemp(char *template);
+#endif
+
+#ifndef HAVE_FLOCK
+#ifndef LOCK_SH
+#define LOCK_SH   1		/* Shared lock */
+#endif
+#ifndef	LOCK_EX
+#define LOCK_EX   2		/* Exclusive lock */
+#endif
+#ifndef LOCK_NB
+#define LOCK_NB   4		/* Don't block when locking */
+#endif
+#ifndef LOCK_UN
+#define LOCK_UN   8		/* Unlock */
+#endif
+
+int flock(int fd, int operation);
+#endif /* HAVE_FLOCK */
+
+time_t tm2time (struct tm tm, int local);
+
+int unix_verify_user(char *user, char *password);
+
+void inaddr2str(struct in_addr addr, char *s, size_t len);
+
+void mini_inetd (int port);
+
+int roken_concat (char *s, size_t len, ...);
+
+size_t roken_mconcat (char **s, size_t max_len, ...);
+
+int roken_vconcat (char *s, size_t len, va_list args);
+
+size_t roken_vmconcat (char **s, size_t max_len, va_list args);
+
+ssize_t net_write (int fd, const void *buf, size_t nbytes);
+
+ssize_t net_read (int fd, void *buf, size_t nbytes);
+
+int issuid(void);
+
+#ifndef HAVE_STRUCT_WINSIZE
+struct winsize {
+	unsigned short ws_row, ws_col;
+	unsigned short ws_xpixel, ws_ypixel;
+};
+#endif
+
+int get_window_size(int fd, struct winsize *);
+
+#ifndef HAVE_VSYSLOG
+void vsyslog(int pri, const char *fmt, va_list ap);
+#endif
+
+#ifndef HAVE_OPTARG_DECLARATION
+extern char *optarg;
+#endif
+#ifndef HAVE_OPTIND_DECLARATION
+extern int optind;
+#endif
+#ifndef HAVE_OPTERR_DECLARATION
+extern int opterr;
+#endif
+
+#ifndef HAVE___PROGNAME_DECLARATION
+extern const char *__progname;
+#endif
+
+#ifndef HAVE_ENVIRON_DECLARATION
+extern char **environ;
+#endif
+
+/*
+ * kludges and such
+ */
+
+#if 1
+int roken_gethostby_setup(const char*, const char*);
+struct hostent* roken_gethostbyname(const char*);
+struct hostent* roken_gethostbyaddr(const void*, size_t, int);
+#else
+#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
+#define roken_gethostbyname(x) gethostbyname(x)
+#else
+#define roken_gethostbyname(x) gethostbyname((char *)x)
+#endif
+
+#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
+#else
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
+#endif
+#endif
+
+#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
+#define roken_getservbyname(x,y) getservbyname(x,y)
+#else
+#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
+#endif
+
+#ifdef OPENLOG_PROTO_COMPATIBLE
+#define roken_openlog(a,b,c) openlog(a,b,c)
+#else
+#define roken_openlog(a,b,c) openlog((char *)a,b,c)
+#endif
+
+void set_progname(char *argv0);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak
index d0c4a6f..da9a834 100644
--- a/crypto/kerberosIV/lib/roken/roken.mak
+++ b/crypto/kerberosIV/lib/roken/roken.mak
@@ -1,19 +1,15 @@
-# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
-
+# Microsoft Developer Studio Generated NMAKE File, Based on roken.dsp
 !IF "$(CFG)" == ""
-CFG=roken - Win32 Debug
-!MESSAGE No configuration specified.  Defaulting to roken - Win32 Debug.
+CFG=roken - Win32 Release
+!MESSAGE No configuration specified. Defaulting to roken - Win32 Release.
 !ENDIF 
 
 !IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug"
 !MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE on this makefile
+!MESSAGE You can specify a configuration when running NMAKE
 !MESSAGE by defining the macro CFG on the command line.  For example:
 !MESSAGE 
-!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug"
+!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
 !MESSAGE 
 !MESSAGE Possible choices for configuration are:
 !MESSAGE 
@@ -28,251 +24,293 @@ NULL=
 !ELSE 
 NULL=nul
 !ENDIF 
-################################################################################
-# Begin Project
-# PROP Target_Last_Scanned "roken - Win32 Debug"
-RSC=rc.exe
-MTL=mktyplib.exe
+
 CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
 
 !IF  "$(CFG)" == "roken - Win32 Release"
 
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Target_Dir ""
 OUTDIR=.\Release
 INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\.\Release
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
+
+ALL : "$(OUTDIR)\roken.dll"
 
-ALL : ".\Release\roken.dll"
+!ELSE 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ENDIF 
 
 CLEAN : 
-	-@erase ".\Release\gettimeofday.obj"
-	-@erase ".\Release\roken.dll"
-	-@erase ".\Release\roken.exp"
-	-@erase ".\Release\roken.lib"
-	-@erase ".\Release\strcasecmp.obj"
+	-@erase "$(INTDIR)\base64.obj"
+	-@erase "$(INTDIR)\concat.obj"
+	-@erase "$(INTDIR)\gettimeofday.obj"
+	-@erase "$(INTDIR)\getuid.obj"
+	-@erase "$(INTDIR)\resolve.obj"
+	-@erase "$(INTDIR)\roken.res"
+	-@erase "$(INTDIR)\snprintf.obj"
+	-@erase "$(INTDIR)\strcasecmp.obj"
+	-@erase "$(INTDIR)\strtok_r.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(OUTDIR)\roken.dll"
+	-@erase "$(OUTDIR)\roken.exp"
+	-@erase "$(OUTDIR)\roken.lib"
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\
+CPP_PROJ=/nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\
  "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\
- "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c 
+ "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\
+ /FD /c 
 CPP_OBJS=.\Release/
-CPP_SBRS=.\.
-# ADD BASE MTL /nologo /D "NDEBUG" /win32
-# ADD MTL /nologo /D "NDEBUG" /win32
-MTL_PROJ=/nologo /D "NDEBUG" /win32 
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
+CPP_SBRS=.
+MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "NDEBUG" 
 BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" 
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
 LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
- advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\
- odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\
- /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\
- /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" 
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
+ /base:"0x68e7780" /subsystem:windows /dll /incremental:no\
+ /pdb:"$(OUTDIR)\roken.pdb" /machine:I386 /def:".\roken.def"\
+ /out:"$(OUTDIR)\roken.dll" /implib:"$(OUTDIR)\roken.lib" 
 DEF_FILE= \
 	".\roken.def"
 LINK32_OBJS= \
-	".\Release\gettimeofday.obj" \
-	".\Release\strcasecmp.obj"
-
-".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+	"$(INTDIR)\base64.obj" \
+	"$(INTDIR)\concat.obj" \
+	"$(INTDIR)\gettimeofday.obj" \
+	"$(INTDIR)\getuid.obj" \
+	"$(INTDIR)\resolve.obj" \
+	"$(INTDIR)\roken.res" \
+	"$(INTDIR)\snprintf.obj" \
+	"$(INTDIR)\strcasecmp.obj" \
+	"$(INTDIR)\strtok_r.obj"
+
+"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
 
 !ELSEIF  "$(CFG)" == "roken - Win32 Debug"
 
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Target_Dir ""
 OUTDIR=.\Debug
 INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\.\Debug
+# End Custom Macros
+
+!IF "$(RECURSE)" == "0" 
 
-ALL : ".\Debug\roken.dll"
+ALL : "$(OUTDIR)\roken.dll"
+
+!ELSE 
+
+ALL : "$(OUTDIR)\roken.dll"
+
+!ENDIF 
 
 CLEAN : 
-	-@erase ".\Debug\gettimeofday.obj"
-	-@erase ".\Debug\roken.dll"
-	-@erase ".\Debug\roken.exp"
-	-@erase ".\Debug\roken.ilk"
-	-@erase ".\Debug\roken.lib"
-	-@erase ".\Debug\roken.pdb"
-	-@erase ".\Debug\strcasecmp.obj"
-	-@erase ".\Debug\vc40.idb"
-	-@erase ".\Debug\vc40.pdb"
+	-@erase "$(INTDIR)\base64.obj"
+	-@erase "$(INTDIR)\concat.obj"
+	-@erase "$(INTDIR)\gettimeofday.obj"
+	-@erase "$(INTDIR)\getuid.obj"
+	-@erase "$(INTDIR)\resolve.obj"
+	-@erase "$(INTDIR)\roken.res"
+	-@erase "$(INTDIR)\snprintf.obj"
+	-@erase "$(INTDIR)\strcasecmp.obj"
+	-@erase "$(INTDIR)\strtok_r.obj"
+	-@erase "$(INTDIR)\vc50.idb"
+	-@erase "$(INTDIR)\vc50.pdb"
+	-@erase "$(OUTDIR)\roken.dll"
+	-@erase "$(OUTDIR)\roken.exp"
+	-@erase "$(OUTDIR)\roken.ilk"
+	-@erase "$(OUTDIR)\roken.lib"
+	-@erase "$(OUTDIR)\roken.pdb"
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\
+CPP_PROJ=/nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\
  "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\
- "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\
- /Fd"$(INTDIR)/" /c 
+ "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c 
 CPP_OBJS=.\Debug/
-CPP_SBRS=.\.
-# ADD BASE MTL /nologo /D "_DEBUG" /win32
-# ADD MTL /nologo /D "_DEBUG" /win32
-MTL_PROJ=/nologo /D "_DEBUG" /win32 
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
+CPP_SBRS=.
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
+RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "_DEBUG" 
 BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" 
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
 LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
- advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\
- odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\
- /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\
- /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" 
-DEF_FILE= \
-	".\roken.def"
+ advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
+ /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)\roken.pdb" /debug\
+ /machine:I386 /def:".\roken.def" /out:"$(OUTDIR)\roken.dll"\
+ /implib:"$(OUTDIR)\roken.lib" 
 LINK32_OBJS= \
-	".\Debug\gettimeofday.obj" \
-	".\Debug\strcasecmp.obj"
-
-".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+	"$(INTDIR)\base64.obj" \
+	"$(INTDIR)\concat.obj" \
+	"$(INTDIR)\gettimeofday.obj" \
+	"$(INTDIR)\getuid.obj" \
+	"$(INTDIR)\resolve.obj" \
+	"$(INTDIR)\roken.res" \
+	"$(INTDIR)\snprintf.obj" \
+	"$(INTDIR)\strcasecmp.obj" \
+	"$(INTDIR)\strtok_r.obj"
+
+"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
 
 !ENDIF 
 
-.c{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
-
-.cpp{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
+.c{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-.cxx{$(CPP_OBJS)}.obj:
-   $(CPP) $(CPP_PROJ) $<  
+.cpp{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-.c{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
+.cxx{$(CPP_OBJS)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-.cpp{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
+.c{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-.cxx{$(CPP_SBRS)}.sbr:
-   $(CPP) $(CPP_PROJ) $<  
+.cpp{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-################################################################################
-# Begin Target
+.cxx{$(CPP_SBRS)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
 
-# Name "roken - Win32 Release"
-# Name "roken - Win32 Debug"
 
-!IF  "$(CFG)" == "roken - Win32 Release"
+!IF "$(CFG)" == "roken - Win32 Release" || "$(CFG)" == "roken - Win32 Debug"
+SOURCE=.\base64.c
+DEP_CPP_BASE6=\
+	"..\..\include\win32\config.h"\
+	".\base64.h"\
 
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
 
-!ENDIF 
+"$(INTDIR)\base64.obj" : $(SOURCE) $(DEP_CPP_BASE6) "$(INTDIR)"
 
-################################################################################
-# Begin Source File
 
-SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c
-DEP_CPP_GETTI=\
-	"..\..\include\protos.h"\
-	"..\..\include\sys/bitypes.h"\
-	"..\..\include\sys/cdefs.h"\
+SOURCE=.\concat.c
+DEP_CPP_CONCA=\
 	"..\..\include\win32\config.h"\
-	"..\des\des.h"\
-	"..\krb\krb.h"\
-	"..\krb\krb_locl.h"\
-	"..\krb\prot.h"\
-	"..\krb\resolve.h"\
-	".\roken.h"\
-	{$(INCLUDE)}"\sys\stat.h"\
-	{$(INCLUDE)}"\sys\types.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-!IF  "$(CFG)" == "roken - Win32 Release"
+"$(INTDIR)\concat.obj" : $(SOURCE) $(DEP_CPP_CONCA) "$(INTDIR)"
 
 
-".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
-   $(CPP) $(CPP_PROJ) $(SOURCE)
+SOURCE=.\gettimeofday.c
+DEP_CPP_GETTI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
 
+"$(INTDIR)\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
 
+SOURCE=.\getuid.c
+DEP_CPP_GETUI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
 
-".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
-   $(CPP) $(CPP_PROJ) $(SOURCE)
+"$(INTDIR)\getuid.obj" : $(SOURCE) $(DEP_CPP_GETUI) "$(INTDIR)"
 
 
-!ENDIF 
+SOURCE=.\resolve.c
+DEP_CPP_RESOL=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\resolve.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
 
-# End Source File
-################################################################################
-# Begin Source File
+"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
 
-SOURCE=.\roken.def
 
-!IF  "$(CFG)" == "roken - Win32 Release"
+SOURCE=.\snprintf.c
+DEP_CPP_SNPRI=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
 
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
+"$(INTDIR)\snprintf.obj" : $(SOURCE) $(DEP_CPP_SNPRI) "$(INTDIR)"
 
-!ENDIF 
-
-# End Source File
-################################################################################
-# Begin Source File
 
 SOURCE=.\strcasecmp.c
 DEP_CPP_STRCA=\
-	"..\..\include\sys/cdefs.h"\
 	"..\..\include\win32\config.h"\
-	{$(INCLUDE)}"\sys\types.h"\
+	{$(INCLUDE)}"sys\types.h"\
 	
 
-!IF  "$(CFG)" == "roken - Win32 Release"
+"$(INTDIR)\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
 
 
-".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
+SOURCE=.\strtok_r.c
+DEP_CPP_STRTO=\
+	"..\..\include\win32\config.h"\
+	"..\..\include\win32\roken.h"\
+	".\err.h"\
+	".\roken-common.h"\
+	{$(INCLUDE)}"sys\stat.h"\
+	{$(INCLUDE)}"sys\types.h"\
+	
 
+"$(INTDIR)\strtok_r.obj" : $(SOURCE) $(DEP_CPP_STRTO) "$(INTDIR)"
 
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
 
+SOURCE=.\roken.rc
 
-".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
+"$(INTDIR)\roken.res" : $(SOURCE) "$(INTDIR)"
+	$(RSC) $(RSC_PROJ) $(SOURCE)
+	
 
 
 !ENDIF 
 
-# End Source File
-# End Target
-# End Project
-################################################################################
diff --git a/crypto/kerberosIV/lib/roken/roken.rc b/crypto/kerberosIV/lib/roken/roken.rc
new file mode 100644
index 0000000..e7e2f3e
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken.rc
@@ -0,0 +1,105 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Swedish resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
+#ifdef _WIN32
+LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
+#pragma code_page(1252)
+#endif //_WIN32
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+#ifndef _MAC
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 1,0,0,1
+ PRODUCTVERSION 1,0,0,1
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x1L
+#else
+ FILEFLAGS 0x0L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x2L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
+            VALUE "FileDescription", "roken\0"
+            VALUE "FileVersion", "4, 0, 9, 9\0"
+            VALUE "InternalName", "roken\0"
+            VALUE "LegalCopyright", "Copyright © 1996 - 1998  Royal Institute of Technology (KTH)\0"
+            VALUE "OriginalFilename", "roken.dll\0"
+            VALUE "ProductName", "KTH Kerberos\0"
+            VALUE "ProductVersion", "4,0,9,9\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+#endif    // !_MAC
+
+#endif    // Swedish resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/crypto/kerberosIV/lib/roken/roken_gethostby.c b/crypto/kerberosIV/lib/roken/roken_gethostby.c
new file mode 100644
index 0000000..a671099
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/roken_gethostby.c
@@ -0,0 +1,285 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: roken_gethostby.c,v 1.3 1998/07/24 07:25:27 assar Exp $");
+#endif
+
+#include <roken.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#undef roken_gethostbyname
+#undef roken_gethostbyaddr
+
+static struct sockaddr_in dns_addr;
+static char *dns_req;
+
+static int
+make_address(const char *address, struct in_addr *ip)
+{
+    if(inet_aton(address, ip) == 0){
+	/* try to resolve as hostname, it might work if the address we
+           are trying to lookup is local, for instance a web proxy */
+	struct hostent *he = gethostbyname(address);
+	if(he) {
+	    unsigned char *p = (unsigned char*)he->h_addr;
+	    ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	} else {
+	    return -1;
+	}
+    }
+    return 0;
+}
+
+static int
+setup_int(const char *proxy_host, short proxy_port,
+	  const char *dns_host, short dns_port,
+	  const char *dns_path)
+{
+    memset(&dns_addr, 0, sizeof(dns_addr));
+    if(dns_req)
+	free(dns_req);
+    if(proxy_host) {
+	if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
+	    return -1;
+	dns_addr.sin_port = htons(proxy_port);
+	asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
+    } else {
+	if(make_address(dns_host, &dns_addr.sin_addr) != 0)
+	    return -1;
+	dns_addr.sin_port = htons(dns_port);
+	asprintf(&dns_req, "%s", dns_path);
+    }
+    dns_addr.sin_family = AF_INET;
+    return 0;
+}
+
+static void
+split_spec(const char *spec, char **host, int *port, char **path, int def_port)
+{
+    char *p;
+    *host = strdup(spec);
+    p = strchr(*host, ':');
+    if(p) {
+	*p++ = '\0';
+	if(sscanf(p, "%d", port) != 1)
+	    *port = def_port;
+    } else
+	*port = def_port;
+    p = strchr(p ? p : *host, '/');
+    if(p) {
+	if(path) 
+	    *path = strdup(p);
+	*p = '\0';
+    }else
+	if(path) 
+	    *path = NULL;
+}
+
+
+int
+roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
+{
+    char *proxy_host = NULL;
+    int proxy_port;
+    char *dns_host, *dns_path;
+    int dns_port;
+    
+    int ret = -1;
+    
+    split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
+    if(dns_path == NULL)
+	goto out;
+    if(proxy_spec)
+	split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
+    ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
+out:
+    free(proxy_host);
+    free(dns_host);
+    free(dns_path);
+    return ret;
+}
+    
+
+/* Try to lookup a name or an ip-address using http as transport
+   mechanism. See the end of this file for an example program. */
+static struct hostent*
+roken_gethostby(const char *hostname)
+{
+    int s;
+    struct sockaddr_in sin;
+    char *request;
+    char buf[1024];
+    int offset = 0;
+    int n;
+    char *p, *foo;
+    
+    if(dns_addr.sin_family == 0)
+	return NULL; /* no configured host */
+    sin = dns_addr;
+    asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
+    if(request == NULL)
+	return NULL;
+    s  = socket(AF_INET, SOCK_STREAM, 0);
+    if(s < 0) {
+	free(request);
+	return NULL;
+    }
+    if(connect(s, (struct sockaddr*)&sin, sizeof(sin)) < 0) {
+	close(s);
+	free(request);
+	return NULL;
+    }
+    if(write(s, request, strlen(request)) != strlen(request)) {
+	close(s);
+	free(request);
+	return NULL;
+    }
+    free(request);
+    while(1) {
+	n = read(s, buf + offset, sizeof(buf) - offset);
+	if(n <= 0)
+	    break;
+	offset += n;
+    }
+    buf[offset] = '\0';
+    close(s);
+    p = strstr(buf, "\r\n\r\n"); /* find end of header */
+    if(p) p += 4;
+    else return NULL;
+    foo = NULL;
+    p = strtok_r(p, " \t\r\n", &foo);
+    if(p == NULL)
+	return NULL;
+    {
+	/* make a hostent to return */
+#define MAX_ADDRS 16
+	static struct hostent he;
+	static char addrs[4 * MAX_ADDRS];
+	static char *addr_list[MAX_ADDRS];
+	int num_addrs = 0;
+	
+	he.h_name = p;
+	he.h_aliases = NULL;
+	he.h_addrtype = AF_INET;
+	he.h_length = 4;
+	
+	while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
+	    struct in_addr ip;
+	    inet_aton(p, &ip);
+	    ip.s_addr = ntohl(ip.s_addr);
+	    addr_list[num_addrs] = &addrs[num_addrs * 4];
+	    addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
+	    addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
+	    addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
+	    addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
+	    addr_list[++num_addrs] = NULL;
+	}
+	he.h_addr_list = addr_list;
+	return &he;
+    }
+}
+
+struct hostent*
+roken_gethostbyname(const char *hostname)
+{
+    struct hostent *he;
+    he = gethostbyname(hostname);
+    if(he)
+	return he;
+    return roken_gethostby(hostname);
+}
+
+struct hostent*
+roken_gethostbyaddr(const void *addr, size_t len, int type)
+{
+    struct in_addr a;
+    const char *p;
+    struct hostent *he;
+    he = gethostbyaddr(addr, len, type);
+    if(he)
+	return he;
+    if(type != AF_INET || len != 4)
+	return NULL;
+    p = addr;
+    a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+    return roken_gethostby(inet_ntoa(a));
+}
+
+#if 0
+
+/* this program can be used as a cgi `script' to lookup names and
+   ip-addresses */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <netdb.h>
+#include <sys/param.h>
+
+int
+main(int argc, char **argv)
+{
+    char *query = getenv("QUERY_STRING");
+    char host[MAXHOSTNAMELEN];
+    int i;
+    struct hostent *he;
+    
+    printf("Content-type: text/plain\n\n");
+    if(query == NULL)
+	exit(0);
+    he = gethostbyname(query);
+    strncpy(host, he->h_name, sizeof(host));
+    host[sizeof(host) - 1] = '\0';
+    he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
+    printf("%s\n", he->h_name);
+    for(i = 0; he->h_addr_list[i]; i++) {
+	struct in_addr ip;
+	unsigned char *p = (unsigned char*)he->h_addr_list[i];
+	ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+	printf("%s\n", inet_ntoa(ip));
+    }
+    exit(0);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/sendmsg.c b/crypto/kerberosIV/lib/roken/sendmsg.c
new file mode 100644
index 0000000..3f54a3b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/sendmsg.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sendmsg.c,v 1.3 1999/07/03 02:37:15 assar Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+sendmsg(int s, const struct msghdr *msg, int flags)
+{
+    ssize_t ret;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+    struct iovec *iov = msg->msg_iov;
+
+    for(i = 0; i < msg->msg_iovlen; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    p = buf;
+    for (i = 0; i < msg->msg_iovlen; ++i) {
+	memcpy (p, iov[i].iov_base, iov[i].iov_len);
+	p += iov[i].iov_len;
+    }
+    ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
+    free (buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c
index b79bdd5..926261a 100644
--- a/crypto/kerberosIV/lib/roken/setegid.c
+++ b/crypto/kerberosIV/lib/roken/setegid.c
@@ -38,15 +38,17 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $");
+RCSID("$Id: setegid.c,v 1.8 1997/07/11 20:20:32 assar Exp $");
 #endif
 
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 
 #include "roken.h"
 
 int
-setegid(int egid)
+setegid(gid_t egid)
 {
 #ifdef HAVE_SETREGID
     return setregid(-1, egid);
diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c
index b831318..1f57ba9 100644
--- a/crypto/kerberosIV/lib/roken/seteuid.c
+++ b/crypto/kerberosIV/lib/roken/seteuid.c
@@ -38,15 +38,17 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $");
+RCSID("$Id: seteuid.c,v 1.9 1997/07/11 20:33:14 assar Exp $");
 #endif
 
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 
 #include "roken.h"
 
 int
-seteuid(int euid)
+seteuid(uid_t euid)
 {
 #ifdef HAVE_SETREUID
     return setreuid(-1, euid);
diff --git a/crypto/kerberosIV/lib/roken/simple_exec.c b/crypto/kerberosIV/lib/roken/simple_exec.c
new file mode 100644
index 0000000..9e2e699
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/simple_exec.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: simple_exec.c,v 1.4 1999/03/20 02:43:16 assar Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <errno.h>
+
+#include <roken.h>
+
+#define EX_NOEXEC	126
+#define EX_NOTFOUND	127
+
+/* return values:
+   -1   on `unspecified' system errors
+   -2   on fork failures
+   -3   on waitpid errors
+   0-   is return value from subprocess
+   126  if the program couldn't be executed
+   127  if the program couldn't be found
+   128- is 128 + signal that killed subprocess
+   */
+
+int
+simple_execvp(const char *file, char *const args[])
+{
+    pid_t pid = fork();
+    switch(pid){
+    case -1:
+	return -2;
+    case 0:
+	execvp(file, args);
+	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+    default: 
+	while(1) {
+	    int status;
+
+	    while(waitpid(pid, &status, 0) < 0)
+		if (errno != EINTR)
+		    return -3;
+	    if(WIFSTOPPED(status))
+		continue;
+	    if(WIFEXITED(status))
+		return WEXITSTATUS(status);
+	    if(WIFSIGNALED(status))
+		return WTERMSIG(status) + 128;
+	}
+    }
+}
+
+int
+simple_execlp(const char *file, ...)
+{
+    va_list ap;
+    char **argv = NULL;
+    int argc, i;
+
+    argc = i = 0;
+    va_start(ap, file);
+    do {
+	if(i == argc) {
+	    char **tmp = realloc(argv, (argc + 5) * sizeof(*argv));
+	    if(tmp == NULL) {
+		errno = ENOMEM;
+		return -1;
+	    }
+	    argv = tmp;
+	    argc += 5;
+	}
+	argv[i++] = va_arg(ap, char*);
+    } while(argv[i - 1] != NULL);
+    va_end(ap);
+    i = simple_execvp(file, argv);
+    free(argv);
+    return i;
+}
diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c
index b0757e5..62f5b10 100644
--- a/crypto/kerberosIV/lib/roken/snprintf.c
+++ b/crypto/kerberosIV/lib/roken/snprintf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $");
+RCSID("$Id: snprintf.c,v 1.19 1999/03/27 16:32:57 joda Exp $");
 #endif
 #include <stdio.h>
 #include <stdarg.h>
@@ -47,21 +47,30 @@ RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $");
 #include <ctype.h>
 #include <roken.h>
 
+enum format_flags {
+    minus_flag     =  1,
+    plus_flag      =  2,
+    space_flag     =  4,
+    alternate_flag =  8,
+    zero_flag      = 16
+};
+
 /*
  * Common state
  */
 
 struct state {
-  char *str;
-  char *s;
-  char *theend;
+  unsigned char *str;
+  unsigned char *s;
+  unsigned char *theend;
   size_t sz;
   size_t max_sz;
-  int (*append_char)(struct state *, char);
+  int (*append_char)(struct state *, unsigned char);
   int (*reserve)(struct state *, size_t);
   /* XXX - methods */
 };
 
+#ifndef HAVE_VSNPRINTF
 static int
 sn_reserve (struct state *state, size_t n)
 {
@@ -69,31 +78,30 @@ sn_reserve (struct state *state, size_t n)
 }
 
 static int
-sn_append_char (struct state *state, char c)
+sn_append_char (struct state *state, unsigned char c)
 {
   if (sn_reserve (state, 1)) {
-    *state->s++ = '\0';
     return 1;
   } else {
     *state->s++ = c;
     return 0;
   }
 }
+#endif
 
 static int
 as_reserve (struct state *state, size_t n)
 {
-  while (state->s + n > state->theend) {
+  if (state->s + n > state->theend) {
     int off = state->s - state->str;
-    char *tmp;
+    unsigned char *tmp;
 
     if (state->max_sz && state->sz >= state->max_sz)
       return 1;
 
+    state->sz = max(state->sz * 2, state->sz + n);
     if (state->max_sz)
-      state->sz = min(state->max_sz, state->sz*2);
-    else
-      state->sz *= 2;
+      state->sz = min(state->sz, state->max_sz);
     tmp = realloc (state->str, state->sz);
     if (tmp == NULL)
       return 1;
@@ -105,7 +113,7 @@ as_reserve (struct state *state, size_t n)
 }
 
 static int
-as_append_char (struct state *state, char c)
+as_append_char (struct state *state, unsigned char c)
 {
   if(as_reserve (state, 1))
     return 1;
@@ -116,61 +124,110 @@ as_append_char (struct state *state, char c)
 }
 
 static int
-append_number (struct state *state,
-	       unsigned long num, unsigned base, char *rep,
-	       int width, int zerop, int minusp)
+append_number(struct state *state,
+	      unsigned long num, unsigned base, unsigned char *rep,
+	      int width, int prec, int flags, int minusp)
 {
-  int i, len;
+  int len = 0;
+  int i;
 
-  len = 0;
-  if (num == 0) {
-    ++len;
-    if((*state->append_char) (state, '0'))
-      return 1;
-  }
-  while (num > 0) {
-    ++len;
-    if ((*state->append_char) (state, rep[num % base]))
+  /* given precision, ignore zero flag */
+  if(prec != -1)
+    flags &= ~zero_flag;
+  else
+    prec = 1;
+  /* zero value with zero precision -> "" */
+  if(prec == 0 && num == 0)
+    return 0;
+  do{
+    if((*state->append_char)(state, rep[num % base]))
       return 1;
+    len++;
     num /= base;
+  }while(num);
+  prec -= len;
+  /* pad with prec zeros */
+  while(prec-- > 0){
+    if((*state->append_char)(state, '0'))
+      return 1;
+    len++;
   }
-  if (minusp) {
-    ++len;
-    if ((*state->append_char) (state, '-'))
+  /* add length of alternate prefix (added later) to len */
+  if(flags & alternate_flag && (base == 16 || base == 8))
+    len += base / 8;
+  /* pad with zeros */
+  if(flags & zero_flag){
+    width -= len;
+    if(minusp || (flags & space_flag) || (flags & plus_flag))
+      width--;
+    while(width-- > 0){
+      if((*state->append_char)(state, '0'))
+	return 1;
+      len++;
+    }
+  }
+  /* add alternate prefix */
+  if(flags & alternate_flag && (base == 16 || base == 8)){
+    if(base == 16)
+      if((*state->append_char)(state, rep[10] + 23)) /* XXX */
+	return 1;
+    if((*state->append_char)(state, '0'))
       return 1;
   }
-
-  for (i = 0; i < len / 2; ++i) {
-    char c;
-
-    c = state->s[-i-1];
-    state->s[-i-1] = state->s[-len+i];
-    state->s[-len+i] = c;
+  /* add sign */
+  if(minusp){
+    if((*state->append_char)(state, '-'))
+      return 1;
+    len++;
+  } else if(flags & plus_flag) {
+    if((*state->append_char)(state, '+'))
+      return 1;
+    len++;
+  } else if(flags & space_flag) {
+    if((*state->append_char)(state, ' '))
+      return 1;
+    len++;
   }
-
-  if (width > len) {
-    if ((*state->reserve) (state, width - len))
+  if(flags & minus_flag)
+    /* swap before padding with spaces */
+    for(i = 0; i < len / 2; i++){
+      char c = state->s[-i-1];
+      state->s[-i-1] = state->s[-len+i];
+      state->s[-len+i] = c;
+    }
+  width -= len;
+  while(width-- > 0){
+    if((*state->append_char)(state,  ' '))
       return 1;
-
-#ifdef HAVE_MEMMOVE
-    memmove (state->s + width - 2 * len, state->s - len, len);
-#else
-    bcopy (state->s - len, state->s + width - 2 * len, len);
-#endif
-    for (i = 0; i < width - len; ++i)
-      state->s[-len+i] = (zerop ? '0' : ' ');
-    state->s += width - len;
-
+    len++;
   }
+  if(!(flags & minus_flag))
+    /* swap after padding with spaces */
+    for(i = 0; i < len / 2; i++){
+      char c = state->s[-i-1];
+      state->s[-i-1] = state->s[-len+i];
+      state->s[-len+i] = c;
+    }
+    
   return 0;
 }
 
 static int
 append_string (struct state *state,
-	       char *arg,
-	       int prec)
+	       unsigned char *arg,
+	       int width,
+	       int prec,
+	       int flags)
 {
-  if (prec) {
+  if(prec != -1)
+    width -= prec;
+  else
+    width -= strlen(arg);
+  if(!(flags & minus_flag))
+    while(width-- > 0)
+      if((*state->append_char) (state, ' '))
+	return 1;
+  if (prec != -1) {
     while (*arg && prec--)
       if ((*state->append_char) (state, *arg++))
 	return 1;
@@ -179,6 +236,29 @@ append_string (struct state *state,
       if ((*state->append_char) (state, *arg++))
 	return 1;
   }
+  if(flags & minus_flag)
+    while(width-- > 0)
+      if((*state->append_char) (state, ' '))
+	return 1;
+  return 0;
+}
+
+static int
+append_char(struct state *state,
+	    unsigned char arg,
+	    int width,
+	    int flags)
+{
+  while(!(flags & minus_flag) && --width > 0)
+    if((*state->append_char) (state, ' '))
+      return 1;
+    
+  if((*state->append_char) (state, arg))
+    return 1;
+  while((flags & minus_flag) && --width > 0)
+    if((*state->append_char) (state, ' '))
+      return 1;
+    
   return 0;
 }
 
@@ -199,25 +279,40 @@ else \
  */
 
 static int
-xyzprintf (struct state *state, const char *format, va_list ap)
+xyzprintf (struct state *state, const char *char_format, va_list ap)
 {
-  char c;
+  const unsigned char *format = (const unsigned char *)char_format;
+  unsigned char c;
 
   while((c = *format++)) {
     if (c == '%') {
-      int zerop      = 0;
+      int flags      = 0;
       int width      = 0;
-      int prec       = 0;
+      int prec       = -1;
       int long_flag  = 0;
       int short_flag = 0;
 
-      c = *format++;
-
       /* flags */
-      if (c == '0') {
-	zerop = 1;
-	c = *format++;
+      while((c = *format++)){
+	if(c == '-')
+	  flags |= minus_flag;
+	else if(c == '+')
+	  flags |= plus_flag;
+	else if(c == ' ')
+	  flags |= space_flag;
+	else if(c == '#')
+	  flags |= alternate_flag;
+	else if(c == '0')
+	  flags |= zero_flag;
+	else
+	  break;
       }
+      
+      if((flags & space_flag) && (flags & plus_flag))
+	flags ^= space_flag;
+
+      if((flags & minus_flag) && (flags & zero_flag))
+	flags ^= zero_flag;
 
       /* width */
       if (isdigit(c))
@@ -232,6 +327,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 
       /* precision */
       if (c == '.') {
+	prec = 0;
 	c = *format++;
 	if (isdigit(c))
 	  do {
@@ -256,13 +352,15 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 
       switch (c) {
       case 'c' :
-	if ((*state->append_char)(state, (unsigned char)va_arg(ap, int)))
+	if(append_char(state, va_arg(ap, int), width, flags))
 	  return -1;
 	break;
       case 's' :
 	if (append_string(state,
-			  va_arg(ap, char*),
-			  prec))
+			  va_arg(ap, unsigned char*),
+			  width,
+			  prec, 
+			  flags))
 	  return -1;
 	break;
       case 'd' :
@@ -271,7 +369,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	unsigned long num;
 	int minusp = 0;
 
-	PARSE_INT_FORMAT(arg, ap, );
+	PARSE_INT_FORMAT(arg, ap, signed);
 
 	if (arg < 0) {
 	  minusp = 1;
@@ -280,7 +378,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	  num = arg;
 
 	if (append_number (state, num, 10, "0123456789",
-			   width, zerop, minusp))
+			   width, prec, flags, minusp))
 	  return -1;
 	break;
       }
@@ -290,7 +388,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	PARSE_INT_FORMAT(arg, ap, unsigned);
 
 	if (append_number (state, arg, 10, "0123456789",
-			   width, zerop, 0))
+			   width, prec, flags, 0))
 	  return -1;
 	break;
       }
@@ -300,7 +398,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	PARSE_INT_FORMAT(arg, ap, unsigned);
 
 	if (append_number (state, arg, 010, "01234567",
-			   width, zerop, 0))
+			   width, prec, flags, 0))
 	  return -1;
 	break;
       }
@@ -310,7 +408,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	PARSE_INT_FORMAT(arg, ap, unsigned);
 
 	if (append_number (state, arg, 0x10, "0123456789abcdef",
-			   width, zerop, 0))
+			   width, prec, flags, 0))
 	  return -1;
 	break;
       }
@@ -320,7 +418,7 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	PARSE_INT_FORMAT(arg, ap, unsigned);
 
 	if (append_number (state, arg, 0x10, "0123456789ABCDEF",
-			   width, zerop, 0))
+			   width, prec, flags, 0))
 	  return -1;
 	break;
       }
@@ -328,10 +426,15 @@ xyzprintf (struct state *state, const char *format, va_list ap)
 	unsigned long arg = (unsigned long)va_arg(ap, void*);
 
 	if (append_number (state, arg, 0x10, "0123456789ABCDEF",
-			   width, zerop, 0))
+			   width, prec, flags, 0))
 	  return -1;
 	break;
       }
+      case 'n' : {
+	int *arg = va_arg(ap, int*);
+	*arg = state->s - state->str;
+	break;
+      }
       case '%' :
 	if ((*state->append_char)(state, c))
 	  return -1;
@@ -458,10 +561,7 @@ vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
   struct state state;
 
   state.max_sz = max_sz;
-  if (max_sz)
-    state.sz   = min(1, max_sz);
-  else
-    state.sz   = 1;
+  state.sz     = 1;
   state.str    = malloc(state.sz);
   if (state.str == NULL) {
     *ret = NULL;
@@ -483,7 +583,7 @@ vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
     *state.s = '\0';
     len = state.s - state.str;
     tmp = realloc (state.str, len+1);
-    if (state.str == NULL) {
+    if (tmp == NULL) {
       free (state.str);
       *ret = NULL;
       return -1;
diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c
index a268c29..9dee51a 100644
--- a/crypto/kerberosIV/lib/roken/strcasecmp.c
+++ b/crypto/kerberosIV/lib/roken/strcasecmp.c
@@ -1,118 +1,63 @@
 /*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
  *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
  */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $");
+RCSID("$Id: strcasecmp.c,v 1.8 1998/07/24 06:13:03 assar Exp $");
 #endif
 
 #include <string.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <sys/cdefs.h>
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strcasecmp.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
+#include <ctype.h>
+#include <stddef.h>
+#include "roken.h"
 
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison.  The mappings are
- * based upon ascii character sequences.
- */
-static const unsigned char charmap[] = {
-	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
-	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
-	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
-	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
-	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
-	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
-	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
-	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
-	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
-	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
-	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
-	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
-	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
-	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
-	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
-	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
-	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
-	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
-	'\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
-	'\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
-	'\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
-	'\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
-	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
+#ifndef HAVE_STRCASECMP
 
 int
 strcasecmp(const char *s1, const char *s2)
 {
-	const unsigned char *cm = charmap,
-			*us1 = (const unsigned char *)s1,
-			*us2 = (const unsigned char *)s2;
-
-	while (cm[*us1] == cm[*us2++])
-		if (*us1++ == '\0')
-			return (0);
-	return (cm[*us1] - cm[*--us2]);
+    while(toupper(*s1) == toupper(*s2)) {
+	if(*s1 == '\0')
+	    return 0;
+	s1++;
+	s2++;
+    }
+    return toupper(*s1) - toupper(*s2);
 }
 
-int
-strncasecmp(const char *s1, const char *s2, size_t n)
-{
-	if (n != 0) {
-		const unsigned char *cm = charmap,
-				*us1 = (const unsigned char *)s1,
-				*us2 = (const unsigned char *)s2;
-
-		do {
-			if (cm[*us1] != cm[*us2++])
-				return (cm[*us1] - cm[*--us2]);
-			if (*us1++ == '\0')
-				break;
-		} while (--n != 0);
-	}
-	return (0);
-}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strcat_truncate.c b/crypto/kerberosIV/lib/roken/strcat_truncate.c
new file mode 100644
index 0000000..bbd808d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcat_truncate.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strcat_truncate.c,v 1.2 1998/05/29 18:25:06 joda Exp $");
+
+#ifndef HAVE_STRCAT_TRUNCATE
+
+int
+strcat_truncate (char *dst, const char *src, size_t dst_sz)
+{
+    int len = strlen(dst);
+
+    return len + strcpy_truncate (dst + len, src, dst_sz - len);
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strcpy_truncate.c b/crypto/kerberosIV/lib/roken/strcpy_truncate.c
new file mode 100644
index 0000000..ba3668b
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strcpy_truncate.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strcpy_truncate.c,v 1.2 1998/06/09 19:25:38 joda Exp $");
+
+#ifndef HAVE_STRCPY_TRUNCATE
+
+int
+strcpy_truncate (char *dst, const char *src, size_t dst_sz)
+{
+    int n;
+    char *p;
+
+    for (p = dst, n = 0;
+	 n + 1 < dst_sz && *src != '\0';
+	 ++p, ++src, ++n)
+	*p = *src;
+    *p = '\0';
+    if (*src == '\0')
+	return n;
+    else
+	return dst_sz;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c
index 3d7b45c..752ac62 100644
--- a/crypto/kerberosIV/lib/roken/strerror.c
+++ b/crypto/kerberosIV/lib/roken/strerror.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $");
+RCSID("$Id: strerror.c,v 1.9 1998/06/09 19:25:38 joda Exp $");
 #endif
 
 #include <stdio.h>
@@ -56,7 +56,7 @@ strerror(int eno)
     if(eno < 0 || eno >= sys_nerr)
 	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
     else
-	strcpy(emsg, sys_errlist[eno]);
+	snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
 
     return emsg;
 }
diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c
index 3473778..673d448 100644
--- a/crypto/kerberosIV/lib/roken/strftime.c
+++ b/crypto/kerberosIV/lib/roken/strftime.c
@@ -34,7 +34,9 @@
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
+#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
+#endif
 #ifdef TIME_WITH_SYS_TIME
 #include <sys/time.h>
 #include <time.h>
diff --git a/crypto/kerberosIV/lib/roken/strncasecmp.c b/crypto/kerberosIV/lib/roken/strncasecmp.c
new file mode 100644
index 0000000..0d7d59d
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strncasecmp.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strncasecmp.c,v 1.1 1998/05/22 19:16:17 joda Exp $");
+#endif
+
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+
+#ifndef HAVE_STRNCASECMP
+
+int
+strncasecmp(const char *s1, const char *s2, size_t n)
+{
+    while(n > 0 && toupper(*s1) == toupper(*s2)) {
+	if(*s1 == '\0')
+	    return 0;
+	s1++;
+	s2++;
+	n--;
+    }
+    if(n == 0)
+	return 0;
+    return toupper(*s1) - toupper(*s2);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/strndup.c b/crypto/kerberosIV/lib/roken/strndup.c
new file mode 100644
index 0000000..53c2224
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strndup.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strndup.c,v 1.1 1999/05/07 23:54:47 assar Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+
+#ifndef HAVE_STRNDUP
+char *
+strndup(const char *old, size_t sz)
+{
+    size_t len = strnlen (old, sz);
+    char *t    = malloc(len + 1);
+
+    if (t != NULL) {
+	memcpy (t, old, len);
+	t[len] = '\0';
+    }
+    return t;
+}
+#endif /* HAVE_STRNDUP */
diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c
index 51588f6..e29f830 100644
--- a/crypto/kerberosIV/lib/roken/strnlen.c
+++ b/crypto/kerberosIV/lib/roken/strnlen.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,15 +38,16 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $");
+RCSID("$Id: strnlen.c,v 1.6 1999/05/07 23:56:25 assar Exp $");
 #endif
 
 #include "roken.h"
 
-int
-strnlen(char *s, int len)
+size_t
+strnlen(const char *s, size_t len)
 {
-    int i;
+    size_t i;
+
     for(i = 0; i < len && s[i]; i++)
 	;
     return i;
diff --git a/crypto/kerberosIV/lib/roken/strsep.c b/crypto/kerberosIV/lib/roken/strsep.c
new file mode 100644
index 0000000..6db51fc
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/strsep.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strsep.c,v 1.2 1997/07/24 07:08:23 joda Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRSEP
+
+char *
+strsep(char **str, const char *delim)
+{
+    char *save = *str;
+    if(*str == NULL)
+	return NULL;
+    *str = *str + strcspn(*str, delim);
+    if(**str == 0)
+	*str = NULL;
+    else{
+	**str = 0;
+	(*str)++;
+    }
+    return save;
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/swab.c b/crypto/kerberosIV/lib/roken/swab.c
new file mode 100644
index 0000000..8626bfa
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/swab.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_SWAB
+
+RCSID("$Id: swab.c,v 1.6 1997/12/04 22:51:53 joda Exp $");
+
+void
+swab (char *from, char *to, int nbytes)
+{
+     while(nbytes >= 2) {
+	  *(to + 1) = *from;
+	  *to = *(from + 1);
+	  to += 2;
+	  from += 2;
+	  nbytes -= 2;
+     }
+}
+#endif
diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c
index f5d8f25..9ebe199 100644
--- a/crypto/kerberosIV/lib/roken/verr.c
+++ b/crypto/kerberosIV/lib/roken/verr.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $");
+RCSID("$Id: verr.c,v 1.7 1997/11/12 00:10:19 joda Exp $");
 #endif
 
 #include "err.h"
@@ -46,5 +46,6 @@ RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $");
 void
 verr(int eval, const char *fmt, va_list ap)
 {
-    warnerr(1, eval, 1, fmt, ap);
+    warnerr(1, fmt, ap);
+    exit(eval);
 }
diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c
index bc25aa0..e7355ce 100644
--- a/crypto/kerberosIV/lib/roken/verrx.c
+++ b/crypto/kerberosIV/lib/roken/verrx.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
+RCSID("$Id: verrx.c,v 1.7 1997/11/12 00:10:26 joda Exp $");
 #endif
 
 #include "err.h"
@@ -46,5 +46,6 @@ RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
 void
 verrx(int eval, const char *fmt, va_list ap)
 {
-    warnerr(1, eval, 0, fmt, ap);
+    warnerr(0, fmt, ap);
+    exit(eval);
 }
diff --git a/crypto/kerberosIV/lib/roken/vsyslog.c b/crypto/kerberosIV/lib/roken/vsyslog.c
new file mode 100644
index 0000000..2b32e32
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/vsyslog.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vsyslog.c,v 1.2 1999/02/11 21:03:59 joda Exp $");
+#endif
+
+#ifndef HAVE_VSYSLOG
+
+#include <stdio.h>
+#include <syslog.h>
+#include <stdarg.h>
+
+#include "roken.h"
+
+void
+vsyslog(int pri, const char *fmt, va_list ap)
+{
+    char *p;
+
+    vasprintf (&p, fmt, ap);
+    syslog (pri, "%s", p);
+    free (p);
+}
+
+#endif
diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c
index 144dd08..f6698ae 100644
--- a/crypto/kerberosIV/lib/roken/vwarn.c
+++ b/crypto/kerberosIV/lib/roken/vwarn.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
+RCSID("$Id: vwarn.c,v 1.7 1997/11/12 00:10:32 joda Exp $");
 #endif
 
 #include "err.h"
@@ -46,5 +46,5 @@ RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $");
 void
 vwarn(const char *fmt, va_list ap)
 {
-    warnerr(0, 0, 1, fmt, ap);
+    warnerr(1, fmt, ap);
 }
diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c
index 540c2a6..50d0432 100644
--- a/crypto/kerberosIV/lib/roken/vwarnx.c
+++ b/crypto/kerberosIV/lib/roken/vwarnx.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $");
+RCSID("$Id: vwarnx.c,v 1.7 1997/11/12 00:09:45 joda Exp $");
 #endif
 
 #include "err.h"
@@ -46,6 +46,6 @@ RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $");
 void
 vwarnx(const char *fmt, va_list ap)
 {
-    warnerr(0, 0, 0, fmt, ap);
+    warnerr(0, fmt, ap);
 }
 
diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c
index 61fa26a..a92d7b1 100644
--- a/crypto/kerberosIV/lib/roken/warnerr.c
+++ b/crypto/kerberosIV/lib/roken/warnerr.c
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $");
+RCSID("$Id: warnerr.c,v 1.7 1997/11/12 00:09:08 joda Exp $");
 #endif
 
 #include "roken.h"
@@ -65,7 +65,7 @@ set_progname(char *argv0)
 }
 
 void
-warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap)
+warnerr(int doerrno, const char *fmt, va_list ap)
 {
     int sverrno = errno;
     if(__progname != NULL){
@@ -81,6 +81,4 @@ warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap)
     if(doerrno)
 	fprintf(stderr, "%s", strerror(sverrno));
     fprintf(stderr, "\n");
-    if(doexit)
-	exit(eval);
 }
diff --git a/crypto/kerberosIV/lib/roken/writev.c b/crypto/kerberosIV/lib/roken/writev.c
new file mode 100644
index 0000000..c541b83
--- /dev/null
+++ b/crypto/kerberosIV/lib/roken/writev.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the Kungliga Tekniska
+ *      Högskolan and its contributors.
+ * 
+ * 4. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: writev.c,v 1.2 1999/07/03 02:37:57 assar Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t
+writev(int d, const struct iovec *iov, int iovcnt)
+{
+    ssize_t ret;
+    size_t tot = 0;
+    int i;
+    char *buf, *p;
+
+    for(i = 0; i < iovcnt; ++i)
+	tot += iov[i].iov_len;
+    buf = malloc(tot);
+    if (tot != 0 && buf == NULL) {
+	errno = ENOMEM;
+	return -1;
+    }
+    p = buf;
+    for (i = 0; i < iovcnt; ++i) {
+	memcpy (p, iov[i].iov_base, iov[i].iov_len);
+	p += iov[i].iov_len;
+    }
+    ret = write (d, buf, tot);
+    free (buf);
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h
index c3e4781..26e8dcc 100644
--- a/crypto/kerberosIV/lib/roken/xdbm.h
+++ b/crypto/kerberosIV/lib/roken/xdbm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */
+/* $Id: xdbm.h,v 1.3 1999/05/08 02:25:22 assar Exp $ */
 
 /* Generic *dbm include file */
 
@@ -49,6 +49,9 @@
 #include <dbm.h>
 #elif defined(HAVE_RPCSVC_DBM_H)
 #include <rpcsvc/dbm.h>
+#elif defined(HAVE_DB_H)
+#define DB_DBM_HSEARCH 1
+#include <db.h>
 #endif
 
 /* Macros to convert ndbm names to dbm names.
diff --git a/crypto/kerberosIV/lib/sl/ChangeLog b/crypto/kerberosIV/lib/sl/ChangeLog
new file mode 100644
index 0000000..a8647de
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ChangeLog
@@ -0,0 +1,112 @@
+Thu Apr  1 17:03:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* make_cmds.c: use getarg
+
+Tue Mar 23 14:36:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: don't rename
+
+Sun Mar 21 14:13:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: don't roken-rename
+
+Sat Mar 20 03:43:30 1999  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: replace return with YYACCEPT
+
+Fri Mar 19 14:53:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: add libss; add version-info
+
+Thu Mar 18 15:07:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.am: clean lex.c parse.c parse.h
+
+	* Makefile.am: install ss.h
+
+	* Makefile.am: include Makefile.am.common
+
+Thu Mar 11 15:01:01 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* parse.y: prototype for error_message
+
+Tue Feb  9 23:45:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* Makefile.in: add snprintf.o to make_cmds
+
+Sun Nov 22 10:46:23 1998  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_command_loop): remove unused variable
+
+	* ss.c (ss_error): remove unused variable
+
+	* make_cmds.c: include err.h
+	(main): remove unused variable
+
+	* Makefile.in (WFLAGS): set
+
+Sun Sep 27 01:28:21 1998  Assar Westerlund  <assar@sics.se>
+
+	* make_cmds.c: clean-up and simplification
+
+Mon May 25 02:54:13 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in (clean): try to remove shared library debris
+
+	* Makefile.in: make symlink magic work
+
+Sun Apr 19 10:00:26 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.in: add symlink magic for linux
+
+Sun Apr  5 09:21:43 1998  Assar Westerlund  <assar@sics.se>
+
+	* parse.y: define alloca to malloc in case we're using bison but
+ 	don't have alloca
+
+Sat Mar 28 11:39:00 1998  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_loop): s/2/1
+
+Sat Mar 21 00:46:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c (sl_loop): check that there is at least one argument before
+ 	calling sl_command
+
+Sun Mar  1 05:14:37 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c (sl_loop): Fix general broken-ness.
+
+	* sl.c: Cleanup printing of help strings.
+
+Thu Feb 26 02:22:02 1998  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: @LEXLIB@
+
+Sat Feb 21 15:18:21 1998  assar westerlund  <assar@sics.se>
+
+	* Makefile.in: set YACC and LEX
+
+Mon Feb 16 16:08:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.am: Some fixes for ss/mk_cmds.
+
+Sun Feb 15 05:12:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* Makefile.in: Install libsl under the `libss' name too. Install
+ 	mk_cmds, and ss.h.
+
+	* make_cmds.c: A mk_cmds clone that creates SL structures.
+
+	* ss.c: SS compatibility functions.
+
+	* sl.c: Move command line split to function `sl_make_argv'.
+
+Tue Feb  3 16:45:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* sl.c: Add sl_command_loop, that is the loop body of sl_loop.
+
+Mon Oct 20 01:13:21 1997  Assar Westerlund  <assar@sics.se>
+
+	* sl.c (sl_help): actually use the `help' field of `SL_cmd'
+
diff --git a/crypto/kerberosIV/lib/sl/Makefile.am b/crypto/kerberosIV/lib/sl/Makefile.am
new file mode 100644
index 0000000..54bc75b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/Makefile.am
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.14 1999/04/09 18:28:29 assar Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+YFLAGS = -d
+
+include_HEADERS = sl.h
+
+lib_LTLIBRARIES = libsl.la libss.la
+libsl_la_LDFLAGS = -version-info 0:0:0
+libss_la_LDFLAGS = -version-info 0:0:0
+
+RENAME_SRC = roken_rename.h strtok_r.c snprintf.c
+
+libsl_la_SOURCES = sl_locl.h sl.c
+libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
+
+EXTRA_libsl_la_SOURCES = strtok_r.c snprintf.c roken_rename.h
+
+# install these?
+
+noinst_PROGRAMS = mk_cmds
+
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
+
+RENAME_mk_cmds_SRC = roken_rename.h snprintf.c
+
+EXTRA_mk_cmds_SOURCES = snprintf.c roken_rename.h
+
+ssincludedir = $(includedir)/ss
+ssinclude_HEADERS = ss.h
+
+CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c
+
+$(mk_cmds_OBJECTS): parse.h
+
+LDADD = \
+	$(LIB_roken) \
+	$(LEXLIB)
+
+strtok_r.c:
+	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in
index b89799b..6cdb8a6 100644
--- a/crypto/kerberosIV/lib/sl/Makefile.in
+++ b/crypto/kerberosIV/lib/sl/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $
+# $Id: Makefile.in,v 1.31 1999/03/10 19:01:17 joda Exp $
 #
 
 SHELL = /bin/sh
@@ -7,11 +7,19 @@ SHELL = /bin/sh
 srcdir = @srcdir@
 VPATH = @srcdir@
 
+top_builddir=../..
+
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
-DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+LN_S = @LN_S@
+DEFS = @DEFS@ -DROKEN_RENAME
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
+LD_FLAGS = @LD_FLAGS@
+YACC = @YACC@
+LEX = @LEX@
 
 INSTALL = @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
@@ -20,39 +28,65 @@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 libdir = @libdir@
+bindir = @bindir@
+includedir = @includedir@
+
+LIB_DEPS = @lib_deps_yes@ @LIB_readline@ -lc
+build_symlink_command   = @build_symlink_command@
+install_symlink_command = @install_symlink_command@
+install_symlink_command2 = @install_symlink_command2@
 
 PICFLAGS = @PICFLAGS@
+EXECSUFFIX = @EXECSUFFIX@
  
-LIBNAME = $(LIBPREFIX)sl
 LIBEXT = @LIBEXT@
 SHLIBEXT = @SHLIBEXT@
 LIBPREFIX = @LIBPREFIX@
+LIBNAME = $(LIBPREFIX)sl
+sl_LIB = $(LIBNAME).$(LIBEXT)
+LIB = $(sl_LIB)
+LIBNAME2 = $(LIBPREFIX)ss
+ss_LIB = $(LIBNAME2).$(LIBEXT)
+LIB2 = $(ss_LIB)
 LDSHARED = @LDSHARED@
-LIB = $(LIBNAME).$(LIBEXT)
-PROGS =
+PROGS = mk_cmds$(EXECSUFFIX)
+
+LIB_SOURCES = sl.c ss.c
+EXTRA_SOURCES = strtok_r.c snprintf.c
+
+SOURCES = $(LIB_SOURCES) make_cmds.c $(EXTRA_SOURCES)
 
-LIB_SOURCES = sl.c
+LIBADD = strtok_r.o snprintf.o
 
-SOURCES = $(LIB_SOURCES)
+LIB_OBJECTS = sl.o ss.o $(LIBADD)
 
-LIB_OBJECTS = sl.o
+mk_cmds_OBJECTS = make_cmds.o parse.o lex.o snprintf.o
 
-OBJECTS = $(LIB_OBJECTS)
+OBJECTS = $(LIB_OBJECTS) $(mk_cmds_OBJECTS)
 
-all: $(LIB) $(PROGS)
+all: $(sl_LIB) $(PROGS)
 
 Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $<
+	$(CC) -c $(DEFS) -I../../include -I. -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libdir)
-	$(INSTALL_DATA) -m 0555 $(LIB) $(libdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(includedir)/ss
+	$(INSTALL_DATA) $(srcdir)/ss.h $(DESTDIR)$(includedir)/ss/ss.h
+	$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
+	$(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(sl_LIB)
+	$(INSTALL) -m 555 $(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB)
+	@install_symlink_command@
+	@install_symlink_command2@
+	$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+	$(INSTALL) -m 0555 $(PROGS) $(DESTDIR)$(bindir)/$(PROGS)
 
 uninstall:
-	rm -f $(libdir)/$(LIB)
+	rm -f $(DESTDIR)$(includedir)/ss/ss.h
+	rm -f $(DESTDIR)$(libdir)/$(sl_LIB) $(DESTDIR)$(libdir)/$(ss_LIB)
+	rm -f $(DESTDIR)$(bindir)/$(PROGS)
 
 TAGS: $(SOURCES)
 	etags $(SOURCES)
@@ -60,7 +94,7 @@ TAGS: $(SOURCES)
 check:
 
 clean:
-	rm -f $(LIB) $(PROGS) *.o *.a
+	rm -f $(sl_LIB) $(PROGS) lex.c parse.c parse.h *.o *.a *.so *.so.* so_locations
 
 mostlyclean: clean
 
@@ -77,8 +111,29 @@ $(LIBNAME).a: $(LIB_OBJECTS)
 
 $(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS)
 	rm -f $@
-	$(LDSHARED) -o $@ $(LIB_OBJECTS)
+	$(LDSHARED) -o $@ $(LIB_OBJECTS) $(LIB_DEPS)
+	@build_symlink_command@
 
 $(OBJECTS): ../../include/config.h
 
-.PHONY: all install uninstall check clean mostlyclean distclean realclean
+$(mk_cmds_OBJECTS): parse.h
+
+mk_cmds$(EXECSUFFIX): $(mk_cmds_OBJECTS)
+	$(LINK) $(CFLAGS) -o $@ $(mk_cmds_OBJECTS) -L../roken -lroken
+
+parse.c: parse.h
+parse.h: $(srcdir)/parse.y
+	$(YACC) -d $(srcdir)/parse.y
+	mv -f y.tab.h parse.h
+	mv -f y.tab.c parse.c
+
+lex.c: $(srcdir)/lex.l
+	$(LEX) $(srcdir)/lex.l
+	mv -f lex.yy.c lex.c
+
+strtok_r.c:
+	$(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+	$(LN_S) $(srcdir)/../roken/snprintf.c .
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/lib/sl/lex.l b/crypto/kerberosIV/lib/sl/lex.l
new file mode 100644
index 0000000..10bff59
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/lex.l
@@ -0,0 +1,119 @@
+%{
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+#include "parse.h"
+
+RCSID("$Id: lex.l,v 1.2 1998/09/26 21:01:29 joda Exp $");
+
+static unsigned lineno = 1;
+void error_message(char *, ...);
+int getstring(void);
+
+%}
+
+
+%%
+command_table		{ return TABLE; }
+request			{ return REQUEST; }
+unknown			{ return UNKNOWN; }
+unimplemented		{ return UNIMPLEMENTED; }
+end			{ return END; }
+#[^\n]*			;
+[ \t]			;
+\n			{ lineno++; }
+\"			{ return getstring(); }
+[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
+.			{ return *yytext; }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap () 
+{
+     return 1;
+}
+#endif
+
+int
+getstring(void)
+{
+    char x[128];
+    int i = 0;
+    int c;
+    int backslash = 0;
+    while((c = input()) != EOF){
+	if(backslash) {
+	    if(c == 'n')
+		c = '\n';
+	    else if(c == 't')
+		c = '\t';
+	    x[i++] = c;
+	    backslash = 0;
+	    continue;
+	}
+	if(c == '\n'){
+	    error_message("unterminated string");
+	    lineno++;
+	    break;
+	}
+	if(c == '\\'){
+	    backslash++;
+	    continue;
+	}
+	if(c == '\"')
+	    break;
+	x[i++] = c;
+    }
+    x[i] = '\0';
+    yylval.string = strdup(x);
+    return STRING;
+}
+
+void
+error_message (char *format, ...)
+{
+     va_list args;
+
+     va_start (args, format);
+     fprintf (stderr, "%s:%d: ", filename, lineno);
+     vfprintf (stderr, format, args);
+     va_end (args);
+     numerror++;
+}
diff --git a/crypto/kerberosIV/lib/sl/make_cmds.c b/crypto/kerberosIV/lib/sl/make_cmds.c
new file mode 100644
index 0000000..b2e733f
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/make_cmds.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright (c) 1998-1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+#include <getarg.h>
+
+RCSID("$Id: make_cmds.c,v 1.5 1999/04/01 15:03:57 joda Exp $");
+
+#include <roken.h>
+#include <err.h>
+#include "parse.h"
+
+int numerror;
+extern FILE *yyin;
+FILE *c_file;
+
+extern void yyparse(void);
+
+#ifdef YYDEBUG
+extern int yydebug = 1;
+#endif
+
+char *filename;
+char *table_name;
+
+static struct command_list *commands;
+
+void
+add_command(char *function, 
+	    char *help, 
+	    struct string_list *aliases, 
+	    unsigned flags)
+{
+    struct command_list *cl = malloc(sizeof(*cl));
+
+    if (cl == NULL)
+	err (1, "malloc");
+    cl->function = function;
+    cl->help = help;
+    cl->aliases = aliases;
+    cl->flags = flags;
+    cl->next = NULL;
+    if(commands) {
+	*commands->tail = cl;
+	commands->tail = &cl->next;
+	return;
+    }
+    cl->tail = &cl->next;
+    commands = cl;
+}
+
+static char *
+quote(const char *str)
+{
+    char buf[1024]; /* XXX */
+    const char *p;
+    char *q;
+    q = buf;
+    
+    *q++ = '\"';
+    for(p = str; *p != '\0'; p++) {
+	if(*p == '\n') {
+	    *q++ = '\\';
+	    *q++ = 'n';
+	    continue;
+	}
+	if(*p == '\t') {
+	    *q++ = '\\';
+	    *q++ = 't';
+	    continue;
+	}
+	if(*p == '\"' || *p == '\\')
+	    *q++ = '\\';
+	*q++ = *p;
+    }
+    *q++ = '\"';
+    *q++ = '\0';
+    return strdup(buf);
+}
+
+static void
+generate_commands(void)
+{
+    char *base;
+    char *cfn;
+    char *p;
+
+    p = strrchr(table_name, '/');
+    if(p == NULL)
+	p = table_name;
+    else
+	p++;
+
+    base = strdup (p);
+    if (base == NULL)
+	err (1, "strdup");
+
+    p = strrchr(base, '.');
+    if(p)
+	*p = '\0';
+    
+    asprintf(&cfn, "%s.c", base);
+    if (cfn == NULL)
+	err (1, "asprintf");
+
+    c_file = fopen(cfn, "w");
+    if (c_file == NULL)
+	err (1, "cannot fopen %s", cfn);
+    
+    fprintf(c_file, "/* Generated from %s */\n", filename);
+    fprintf(c_file, "\n");
+    fprintf(c_file, "#include <stddef.h>\n");
+    fprintf(c_file, "#include <sl.h>\n");
+    fprintf(c_file, "\n");
+
+    {
+	struct command_list *cl, *xl;
+	char *p, *q;
+
+	for(cl = commands; cl; cl = cl->next) {
+	    for(xl = commands; xl != cl; xl = xl->next)
+		if(strcmp(cl->function, xl->function) == 0)
+		    break;
+	    if(xl != cl)
+		continue;
+	    /* XXX hack for ss_quit */
+	    if(strcmp(cl->function, "ss_quit") == 0) {
+		fprintf(c_file, "int %s (int, char**);\n", cl->function);
+		fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); 
+		continue;
+	    }
+	    fprintf(c_file, "void %s (int, char**);\n", cl->function);
+	    fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", 
+		    cl->function);
+	    fprintf(c_file, "{\n");
+	    fprintf(c_file, "  %s (argc, argv);\n", cl->function);
+	    fprintf(c_file, "  return 0;\n");
+	    fprintf(c_file, "}\n\n");
+	}
+
+	fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
+	for(cl = commands; cl; cl = cl->next) {
+	    struct string_list *sl;
+	    sl = cl->aliases;
+	    p = quote(sl->string);
+	    q = quote(cl->help);
+	    fprintf(c_file, "  { %s, _%s_wrap, %s },\n", p, cl->function, q);
+	    free(p);
+	    free(q);
+    
+	    for(sl = sl->next; sl; sl = sl->next) {
+		p = quote(sl->string);
+		fprintf(c_file, "  { %s },\n", p);
+		free(p);
+	    }
+	}
+	fprintf(c_file, "  { NULL },\n");
+	fprintf(c_file, "};\n");
+	fprintf(c_file, "\n");
+    }
+    fclose(c_file);
+    free(base);
+    free(cfn);
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+    { "version", 0, arg_flag, &version_flag },
+    { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+    arg_printusage(args, num_args, NULL, "command-table");
+    exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+    int optind = 0;
+
+    set_progname(argv[0]);
+    if(getarg(args, num_args, argc, argv, &optind))
+	usage(1);
+    if(help_flag)
+	usage(0);
+    if(version_flag) {
+	print_version(NULL);
+	exit(0);
+    }
+    
+    if(argc == optind)
+	usage(1);
+    filename = argv[optind];
+    yyin = fopen(filename, "r");
+    if(yyin == NULL)
+	err(1, "%s", filename);
+    
+    yyparse();
+    
+    generate_commands();
+
+    if(numerror)
+	return 1;
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/sl/make_cmds.h b/crypto/kerberosIV/lib/sl/make_cmds.h
new file mode 100644
index 0000000..5278a46
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/make_cmds.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: make_cmds.h,v 1.1 1998/02/15 04:15:40 joda Exp $ */
+
+#ifndef __MAKE_CMDS_H__
+#define __MAKE_CMDS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+extern char *filename;
+extern char *table_name;
+extern int numerror;
+
+struct command_list {
+    char *function;
+    char *help;
+    struct string_list *aliases;
+    unsigned flags;
+    struct command_list *next;
+    struct command_list **tail;
+};
+
+struct string_list {
+    char *string;
+    struct string_list *next;
+    struct string_list **tail;
+};
+
+void add_command(char*, char*, struct string_list*, unsigned);
+
+#endif /* __MAKE_CMDS_H__ */
diff --git a/crypto/kerberosIV/lib/sl/parse.y b/crypto/kerberosIV/lib/sl/parse.y
new file mode 100644
index 0000000..dbb952b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/parse.y
@@ -0,0 +1,199 @@
+%{
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "make_cmds.h"
+RCSID("$Id: parse.y,v 1.4 1999/03/20 02:43:45 assar Exp $");
+
+void yyerror (char *s);
+long name2number(const char *str);
+void error_message(char *, ...);
+
+struct string_list* append_string(struct string_list*, char*);
+void free_string_list(struct string_list *list);
+unsigned string_to_flag(const char *);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+  char *string;
+  unsigned number;
+  struct string_list *list;
+}
+
+%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
+%token <string> STRING
+%type <number> flag flags
+%type <list> aliases
+
+%%
+
+file		: /* */ 
+		| statements
+		;
+
+statements	: statement
+		| statements statement
+		;
+
+statement	: TABLE STRING ';'
+		{
+		    table_name = $2;
+		}
+		| REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
+		{
+		    add_command($2, $4, $6, $9);
+		}
+		| REQUEST STRING ',' STRING ',' aliases ';'
+		{
+		    add_command($2, $4, $6, 0);
+		}
+		| UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
+		{
+		    free($2);
+		    free($4);
+		    free_string_list($6);
+		}
+		| UNKNOWN aliases ';'
+		{
+		    free_string_list($2);
+		}
+		| END ';'
+		{
+		    YYACCEPT;
+		}
+		;
+
+aliases		: STRING
+		{
+		    $$ = append_string(NULL, $1);
+		}
+		| aliases ',' STRING
+		{
+		    $$ = append_string($1, $3);
+		}
+		;
+
+flags		: flag
+		{
+		    $$ = $1;
+		}
+		| flags ',' flag
+		{
+		    $$ = $1 | $3;
+		}
+		;
+flag		: STRING
+		{
+		    $$ = string_to_flag($1);
+		    free($1);
+		}
+		;
+
+
+
+%%
+
+long
+name2number(const char *str)
+{
+    const char *p;
+    long base = 0;
+    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	"abcdefghijklmnopqrstuvwxyz0123456789_";
+    if(strlen(str) > 4) {
+	yyerror("table name too long");
+	return 0;
+    }
+    for(p = str; *p; p++){
+	char *q = strchr(x, *p);
+	if(q == NULL) {
+	    yyerror("invalid character in table name");
+	    return 0;
+	}
+	base = (base << 6) + (q - x) + 1;
+    }
+    base <<= 8;
+    if(base > 0x7fffffff)
+	base = -(0xffffffff - base + 1);
+    return base;
+}
+
+void
+yyerror (char *s)
+{
+    error_message ("%s\n", s);
+}
+
+struct string_list*
+append_string(struct string_list *list, char *str)
+{
+    struct string_list *sl = malloc(sizeof(*sl));
+    sl->string = str;
+    sl->next = NULL;
+    if(list) {
+	*list->tail = sl;
+	list->tail = &sl->next;
+	return list;
+    }
+    sl->tail = &sl->next;
+    return sl;
+}
+
+void
+free_string_list(struct string_list *list)
+{
+    while(list) {
+	struct string_list *sl = list->next;
+	free(list->string);
+	free(list);
+	list = sl;
+    }
+}
+
+unsigned
+string_to_flag(const char *string)
+{
+    return 0;
+}
diff --git a/crypto/kerberosIV/lib/sl/roken_rename.h b/crypto/kerberosIV/lib/sl/roken_rename.h
new file mode 100644
index 0000000..f3e947c
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/roken_rename.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id: roken_rename.h,v 1.2 1999/01/25 10:01:46 joda Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_STRTOK_R
+#define strtok_r _sl_strtok_r
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _sl_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _sl_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _sl_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _sl_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _sl_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _sl_vsnprintf
+#endif
+
+#endif /* __roken_rename_h__ */
diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c
index adf71f5..2de8868 100644
--- a/crypto/kerberosIV/lib/sl/sl.c
+++ b/crypto/kerberosIV/lib/sl/sl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -38,7 +38,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $");
+RCSID("$Id: sl.c,v 1.24 1998/11/22 09:47:49 assar Exp $");
 #endif
 
 #include "sl_locl.h"
@@ -89,16 +89,19 @@ sl_help (SL_cmd *cmds, int argc, char **argv)
     } else { 
 	c = sl_match (cmds, argv[1], 0);
 	if (c == NULL)
-	    printf ("No such command: %s. Try \"help\" for a list of all commands\n",
+	    printf ("No such command: %s. "
+		    "Try \"help\" for a list of all commands\n",
 		    argv[1]);
 	else {
-	    printf ("%s\t%s", c->name, c->usage);
+	    printf ("%s\t%s\n", c->name, c->usage);
+	    if(c->help && *c->help)
+		printf ("%s\n", c->help);
 	    if((++c)->name && c->func == NULL) {
-		printf ("\nSynonyms:");
+		printf ("Synonyms:");
 		while (c->name && c->func == NULL)
 		    printf ("\t%s", (c++)->name);
+		printf ("\n");
 	    }
-	    printf ("\n");
 	}
     }
 }
@@ -131,60 +134,95 @@ add_history(char *p)
 #endif
 
 int
-sl_loop (SL_cmd *cmds, char *prompt)
+sl_command(SL_cmd *cmds, int argc, char **argv)
 {
-    unsigned max_count;
-    char **ptr;
-
-    max_count = 17;
-    ptr = malloc(max_count * sizeof(*ptr));
-    if (ptr == NULL) {
-	printf ("sl_loop: failed to allocate %u bytes of memory\n",
-		(int) max_count * sizeof(*ptr));
+    SL_cmd *c;
+    c = sl_match (cmds, argv[0], 0);
+    if (c == NULL)
 	return -1;
-    }
+    return (*c->func)(argc, argv);
+}
+
+struct sl_data {
+    int max_count;
+    char **ptr;
+};
 
-    for (;;) {
-	char *buf;
-	unsigned count;
-	SL_cmd *c;
-
-	buf = readline(prompt);
-	if(buf == NULL)
-	    break;
-
-	if(*buf)
-	    add_history(buf);
-	count = 0;
-	{
-	    char *foo = NULL;
-	    char *p;
-
-	    for(p = strtok_r (buf, " \t", &foo);
-		p;
-		p = strtok_r (NULL, " \t", &foo)) {
-		if(count == max_count) {
-		    max_count *= 2;
-		    ptr = realloc (ptr, max_count * sizeof(*ptr));
-		    if (ptr == NULL) {
-			printf ("sl_loop: failed to allocate %u "
-				"bytes of memory\n",
-				(unsigned) max_count * sizeof(*ptr));
-			return -1;
-		    }
-		}
-		ptr[count++] = p;
+int
+sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
+{
+    char *foo = NULL;
+    char *p;
+    int argc, nargv;
+    char **argv;
+    
+    nargv = 10;
+    argv = malloc(nargv * sizeof(*argv));
+    if(argv == NULL)
+	return ENOMEM;
+    argc = 0;
+
+    for(p = strtok_r (line, " \t", &foo);
+	p;
+	p = strtok_r (NULL, " \t", &foo)) {
+	if(argc == nargv - 1) {
+	    char **tmp;
+	    nargv *= 2;
+	    tmp = realloc (argv, nargv * sizeof(*argv));
+	    if (tmp == NULL) {
+		free(argv);
+		return ENOMEM;
 	    }
+	    argv = tmp;
 	}
-	if (count > 0) {
-	    c = sl_match (cmds, ptr[0], 0);
-	    if (c)
-		(*c->func)(count, ptr);
-	    else
-		printf ("Unrecognized command: %s\n", ptr[0]);
-	}
-	free(buf);
+	argv[argc++] = p;
     }
-    free (ptr);
+    argv[argc] = NULL;
+    *ret_argc = argc;
+    *ret_argv = argv;
     return 0;
 }
+
+/* return values: 0 on success, -1 on fatal error, or return value of command */
+int
+sl_command_loop(SL_cmd *cmds, char *prompt, void **data)
+{
+    int ret = 0;
+    char *buf;
+    int argc;
+    char **argv;
+	
+    ret = 0;
+    buf = readline(prompt);
+    if(buf == NULL)
+	return 1;
+
+    if(*buf)
+	add_history(buf);
+    ret = sl_make_argv(buf, &argc, &argv);
+    if(ret) {
+	fprintf(stderr, "sl_loop: out of memory\n");
+	free(buf);
+	return -1;
+    }
+    if (argc >= 1) {
+	ret = sl_command(cmds, argc, argv);
+	if(ret == -1) {
+	    printf ("Unrecognized command: %s\n", argv[0]);
+	    ret = 0;
+	}
+    }
+    free(buf);
+    free(argv);
+    return ret;
+}
+
+int 
+sl_loop(SL_cmd *cmds, char *prompt)
+{
+    void *data = NULL;
+    int ret;
+    while((ret = sl_command_loop(cmds, prompt, &data)) == 0)
+	;
+    return ret;
+}
diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h
index 158e590..2606e0f 100644
--- a/crypto/kerberosIV/lib/sl/sl.h
+++ b/crypto/kerberosIV/lib/sl/sl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,12 +36,12 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */
+/* $Id: sl.h,v 1.6 1998/06/09 19:25:40 joda Exp $ */
 
 #ifndef _SL_H
 #define _SL_H
 
-typedef void (*cmd_func)(int, char **);
+typedef int (*cmd_func)(int, char **);
 
 struct sl_cmd {
   char *name;
@@ -54,5 +54,9 @@ typedef struct sl_cmd SL_cmd;
 
 void sl_help (SL_cmd *, int argc, char **argv);
 int  sl_loop (SL_cmd *, char *prompt);
+int  sl_command_loop (SL_cmd *cmds, char *prompt, void **data);
+int  sl_command (SL_cmd *cmds, int argc, char **argv);
+int sl_make_argv(char*, int*, char***);
+
 
 #endif /* _SL_H */
diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h
index ddf25bb..cf5805f 100644
--- a/crypto/kerberosIV/lib/sl/sl_locl.h
+++ b/crypto/kerberosIV/lib/sl/sl_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -36,13 +36,16 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */
+/* $Id: sl_locl.h,v 1.5 1998/02/15 04:14:08 joda Exp $ */
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdarg.h>
 
 #include <roken.h>
-#include <protos.h>
 
 #include <sl.h>
diff --git a/crypto/kerberosIV/lib/sl/ss.c b/crypto/kerberosIV/lib/sl/ss.c
new file mode 100644
index 0000000..748613b
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ss.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "sl_locl.h"
+#include <com_err.h>
+#include "ss.h"
+
+RCSID("$Id: ss.c,v 1.3 1998/11/22 09:47:24 assar Exp $");
+
+struct ss_subst {
+    char *name;
+    char *version;
+    char *info;
+    ss_request_table *table;
+};
+
+static struct ss_subst subsystems[2];
+static int num_subsystems;
+
+int
+ss_create_invocation(const char *subsystem, 
+		     const char *version, 
+		     const char *info, 
+		     ss_request_table *table, 
+		     int *code)
+{
+    struct ss_subst *ss;
+    if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
+	*code = 17;
+	return 0;
+    }
+    ss = &subsystems[num_subsystems];
+    ss->name = subsystem ? strdup(subsystem) : NULL;
+    ss->version = version ? strdup(version) : NULL;
+    ss->info = info ? strdup(info) : NULL;
+    ss->table = table;
+    *code = 0;
+    return num_subsystems++;
+}
+
+void
+ss_error (int index, long code, const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    com_err_va (subsystems[index].name, code, fmt, ap);
+    va_end(ap);
+}
+
+void
+ss_perror (int index, long code, const char *msg)
+{
+    ss_error(index, code, "%s", msg);
+}
+
+int
+ss_execute_command(int index, char **argv)
+{
+    int argc = 0;
+    while(argv[argc++]);
+    sl_command(subsystems[index].table, argc, argv);
+    return 0;
+}
+
+int
+ss_execute_line (int index, const char *line)
+{
+    char *buf = strdup(line);
+    int argc;
+    char **argv;
+    
+    sl_make_argv(buf, &argc, &argv);
+    sl_command(subsystems[index].table, argc, argv);
+    free(buf);
+    return 0;
+}
+
+int
+ss_listen (int index)
+{
+    char *prompt = malloc(strlen(subsystems[index].name) + 3);
+    if(prompt == NULL) {
+	abort();
+    }
+    strcpy(prompt, subsystems[index].name);
+    strcat(prompt, ": ");
+    sl_loop(subsystems[index].table, prompt);
+    free(prompt);
+    return 0;
+}
+
+int
+ss_list_requests(int argc, char **argv /* , int index, void *info */)
+{
+    sl_help(subsystems[0 /* index */].table, argc, argv);
+    return 0;
+}
+
+int
+ss_quit(int argc, char **argv)
+{
+    return 1;
+}
diff --git a/crypto/kerberosIV/lib/sl/ss.h b/crypto/kerberosIV/lib/sl/ss.h
new file mode 100644
index 0000000..c7f0098
--- /dev/null
+++ b/crypto/kerberosIV/lib/sl/ss.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. All advertising materials mentioning features or use of this software 
+ *    must display the following acknowledgement: 
+ *      This product includes software developed by Kungliga Tekniska 
+ *      Högskolan and its contributors. 
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+/* $Id: ss.h,v 1.1 1998/02/15 04:13:34 joda Exp $ */
+
+/* SS compatibility for SL */
+
+#ifndef __ss_h__
+#define __ss_h__
+
+#include <sl.h>
+
+typedef SL_cmd ss_request_table;
+
+int ss_create_invocation (const char *, const char *, const char*, 
+			  ss_request_table*, int*);
+
+void ss_error (int, long, const char*, ...);
+int ss_execute_command (int, char**);
+int ss_execute_line (int, const char*);
+int ss_list_requests (int argc, char**);
+int ss_listen (int);
+void ss_perror (int, long, const char*);
+int ss_quit (int argc, char**);
+
+#endif /* __ss_h__ */
diff --git a/crypto/kerberosIV/man/Makefile b/crypto/kerberosIV/man/Makefile
new file mode 100644
index 0000000..6e6442a
--- /dev/null
+++ b/crypto/kerberosIV/man/Makefile
@@ -0,0 +1,11 @@
+#
+# *** THIS FILE IS NORMALLY OVERWRITTEN BY CONFIGURE ***
+#
+#
+# $Id: Makefile,v 1.3 1997/09/09 15:06:35 bg Exp $
+
+all:
+	$(MAKE) -f Makefile.in cat
+
+clean:
+	rm -f *.cat[1358] *~
diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in
index a1b6e74..c4941b1 100644
--- a/crypto/kerberosIV/man/Makefile.in
+++ b/crypto/kerberosIV/man/Makefile.in
@@ -7,82 +7,139 @@ SHELL		= /bin/sh
 
 INSTALL		= @INSTALL@
 INSTALL_DATA	= @INSTALL_DATA@
-MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
+MKINSTALLDIRS	= @top_srcdir@/mkinstalldirs
 
 prefix		= @prefix@
 mandir		= @mandir@
-transform=@program_transform_name@
-EXECSUFFIX=@EXECSUFFIX@
+transform	= @program_transform_name@
 
-MANRX = .*\.\([0-9]\)
+disable_cat_manpages = @disable_cat_manpages@
+
+# You need a BSD44 system or groff to create the manpages
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.SUFFIXES: .1 .cat1 .3 .cat3 .5 .cat5 .8 .cat8
+.1.cat1: ; $(NROFF_MAN) $< > $@
+.3.cat3: ; $(NROFF_MAN) $< > $@
+.5.cat5: ; $(NROFF_MAN) $< > $@
+.8.cat8: ; $(NROFF_MAN) $< > $@
+
+
+MANRX = \(.*\)\.\([0-9]\)
 CATRX = \(.*\)\.cat\([0-9]\)
 CATSUFFIX=@CATSUFFIX@
 
-MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \
-	login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \
-	rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \
-	des.1 movemail.1 \
-	otp.1 otpprint.1
+MAN1 = afslog.1 des.1 ftp.1 kauth.1 kdestroy.1 \
+       kerberos.1 kinit.1 klist.1 kpasswd.1 ksrvtgt.1 \
+       kx.1 login.1 movemail.1 otp.1 otpprint.1 pagsh.1 \
+       rcp.1 rlogin.1 rsh.1 rxtelnet.1 rxterm.1 su.1 \
+       telnet.1 tenletxr.1
 
-CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \
-	pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \
-	rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \
-	otp.cat1 otpprint.cat1
+CAT1 = afslog.cat1 des.cat1 ftp.cat1 kauth.cat1 kdestroy.cat1 \
+       kerberos.cat1 kinit.cat1 klist.cat1 kpasswd.cat1 ksrvtgt.cat1 \
+       kx.cat1 login.cat1 movemail.cat1 otp.cat1 otpprint.cat1 pagsh.cat1 \
+       rcp.cat1 rlogin.cat1 rsh.cat1 rxtelnet.cat1 rxterm.cat1 su.cat1 \
+       telnet.cat1 tenletxr.cat1
 
-MAN3 =	acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \
-	krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \
-	tf_util.3
+MAN3 = acl_check.3 des_crypt.3 kafs.3 \
+       kerberos.3 krb_realmofhost.3 krb_sendauth.3 \
+       krb_set_tkt_string.3 kuserok.3 tf_util.3 \
+       ../lib/editline/editline.3
 
-CAT3 =	getusershell.cat3 kafs.cat3
+# getusershell.3 
 
-MAN5 =	krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5
+CAT3 = acl_check.cat3 des_crypt.cat3 kafs.cat3 \
+       kerberos.cat3 krb_realmofhost.cat3 krb_sendauth.cat3 \
+       krb_set_tkt_string.cat3 kuserok.cat3 tf_util.cat3 \
+       ../lib/editline/editline.cat3
 
-CAT5 =	login.access.cat5 krb.equiv.cat5 ftpusers.cat5
+# getusershell.cat3 
 
-MAN8 =	ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \
-	kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \
-	popper.8 kxd.8 kerberos.8
+MAN5 = ftpusers.5 krb.conf.5 krb.equiv.5 krb.extra.5 \
+       krb.realms.5 login.access.5
 
-CAT8 =	ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \
-	kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8
+CAT5 = ftpusers.cat5 krb.conf.cat5 krb.equiv.cat5 \
+       krb.realms.cat5 login.access.cat5
 
-all: 
+MAN8 = ext_srvtab.8 ftpd.8 kadmin.8 kadmind.8 kauthd.8 \
+       kdb_destroy.8 kdb_edit.8 kdb_init.8 kdb_util.8 \
+       kerberos.8 kprop.8 kpropd.8 ksrvutil.8 kstash.8 \
+       kxd.8 popper.8 rlogind.8 rshd.8 telnetd.8 \
+       ../appl/push/push.8
 
-cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8)
+CAT8 = ext_srvtab.cat8 ftpd.cat8 kadmin.cat8 kadmind.cat8 kauthd.cat8 \
+       kdb_destroy.cat8 kdb_edit.cat8 kdb_init.cat8 kdb_util.cat8 \
+       kerberos.cat8 kprop.cat8 kpropd.cat8 ksrvutil.cat8 kstash.cat8 \
+       kxd.cat8 popper.cat8 rlogind.cat8 rshd.cat8 telnetd.cat8 \
+       ../appl/push/push.cat8
 
-%.cat1: %.1
-	`grog -Tascii $<` > $@
-%.cat3: %.3
-	`grog -Tascii $<` > $@
-%.cat5: %.5
-	`grog -Tascii $<` > $@
-%.cat8: %.8
-	`grog -Tascii $<` > $@
+all: 
 
+cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8)
 
 Wall:
 
 install: all
-		for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \
-			$(MKINSTALLDIRS) $(mandir)/$$x; done
-		(cd $(srcdir); \
-			for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \
-				s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \
-				$(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\
-			for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \
+		for x in man1 man3 man5 man8; do \
+			$(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done
+		if test "$(disable_cat_manpages)" != "yes"; then \
+		for x in cat1 cat3 cat5 cat8; do \
+			$(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done \
+		fi
+		@(cd $(srcdir); \
+			for x in $(MAN1) $(MAN8); do \
+				f=`basename $$x`; \
+				b=`echo $$f | sed 's!$(MANRX)!\1!'`; \
+				s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \
+				m=`echo $$b | sed '$(transform)'`.$$s; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m";\
+				$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m; done ;\
+			for x in $(MAN3) $(MAN5); do \
+				f=`basename $$x`; \
+				s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f";\
+				$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f; done ;\
+			if test "$(disable_cat_manpages)" != "yes"; then \
+			for x in $(CAT1) $(CAT8); do \
+				if test -f $$x; then \
+				f=`basename $$x`; \
+				b=`echo $$f | sed 's!$(CATRX)!\1!'`; \
 				s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
-				b=`echo $$x | sed 's!$(CATRX)!\1!'`; \
-			$(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\
-			 done )
+				m=`echo $$b | sed '$(transform)'`; \
+				echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX)";\
+			$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX);\
+			 fi; done ;\
+			for x in $(CAT3) $(CAT5); do \
+				if test -f $$x; then \
+				f=`basename $$x`; \
+				s=`echo $$f |  sed 's!$(CATRX)!\2!'`; \
+				b=`echo $$f |  sed 's!$(CATRX)!\1!'`; \
+			echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX)";\
+			$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX);\
+			 fi; done; fi )
 
 uninstall:
-		for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \
-			s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \
-			rm -f $(mandir)/man$$s/$$x; done
-		for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \
+		for x in $(MAN1) $(MAN8); do \
+			f=`basename $$x`; \
+			b=`echo $$f | sed 's!$(MANRX)!\1!'`; \
+			s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \
+			m=`echo $$b | sed '$(transform)'`.$$s; \
+			rm -f $(DESTDIR)$(mandir)/man$$s/$$m; done
+		for x in $(MAN3) $(MAN5); do \
+			f=`basename $$x`; \
+			s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \
+			rm -f $(DESTDIR)$(mandir)/man$$s/$$f; done
+		for x in $(CAT1) $(CAT8); do \
+			f=`basename $$x`; \
+			b=`echo $$f | sed 's!$(CATRX)!\1!'`; \
 			s=`echo $$x | sed 's!$(CATRX)!\2!'`; \
+			m=`echo $$b | sed '$(transform)'`; \
+			rm -f $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX); done
+		for x in $(CAT3) $(CAT5); do \
+			f=`basename $$x`; \
+			s=`echo $$f | sed 's!$(CATRX)!\2!'`; \
 			b=`echo $$x | sed 's!$(CATRX)!\1!'`; \
-			rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done
+			rm -f $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX); done
 
 clean:
 
@@ -91,5 +148,6 @@ mostlyclean:	clean
 distclean:
 	rm -f Makefile *~
 
-realclean:
+realclean:	distclean
 
+.PHONY: all cat Wall install uninstall clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/man/afslog.1 b/crypto/kerberosIV/man/afslog.1
new file mode 100644
index 0000000..625f831
--- /dev/null
+++ b/crypto/kerberosIV/man/afslog.1
@@ -0,0 +1,72 @@
+.\" $Id: afslog.1,v 1.3 1998/06/30 15:28:48 assar Exp $
+.\"
+.Dd April 27, 1996
+.Dt AFSLOG 1
+.Os KTH-KRB
+.Sh NAME
+.Nm afslog
+.Nd
+obtains AFS tokens for specified cells
+.Sh SYNOPSIS
+.Nm
+.Op Fl d
+.Op Fl c Ar cell
+.Op Fl k Ar realm
+.Op Fl p Pa path
+.Op Fl unlog
+.Op Fl createuser
+.Op Ar args
+.Sh DESCRIPTION
+The
+.Nm
+command obtains AFS tokens, 
+.Ar args
+are either a name of a cell or a pathnames of a file in the cell to
+get tokens for. If an argument is 
+.Li .
+or 
+.Li ..
+or contains a slash it is assumed to be a pathname. Otherwise it is
+assumed to be a name of a cell or a prefix thereof.
+.Pp
+The
+.Fl c
+and
+.Fl p
+flags can be used to resolve ambiguities.
+.Pp
+.Nm
+might fail to guess the Kerberos realm to get tickets for (for
+instance if the volume location servers of the cell does not reside in
+the kerberos realm that holds the AFS service key, and the correct
+realm isn't the same as the cell name or the local realm (I didn't say
+this was a common problem)). Anyway, the
+.Fl k
+can be used to give a hint. It should not be used unless there is a
+problem, since all tickets will be taken from the specified realm and
+this is not (usually) what you want.
+.Pp
+.Fl createuser
+means that
+.Nm
+should try to run
+.Nm pts
+to create a remote user principal in another cell.
+.Fl d
+can be used for debugging.
+.Pp
+If the
+.Fl unlog
+flag is given any tokens are removed and all other arguments are ignored.
+.Sh SEE ALSO
+.Xr kauth 1 ,
+.Xr kafs 3
+.Sh BUGS
+It should be able to handle the MIT Athena
+.Nm aklog
+flags
+.Fl hosts , 
+.Fl zsubs , 
+and
+.Fl noprdb ,
+but does not.
diff --git a/crypto/kerberosIV/man/ftp.1 b/crypto/kerberosIV/man/ftp.1
new file mode 100644
index 0000000..e5c21f0
--- /dev/null
+++ b/crypto/kerberosIV/man/ftp.1
@@ -0,0 +1,1193 @@
+.\" 	$NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
+.\"
+.\" Copyright (c) 1985, 1989, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
+.\"
+.Dd April 27, 1996
+.Dt FTP 1
+.Os BSD 4.2
+.Sh NAME
+.Nm ftp
+.Nd
+.Tn ARPANET
+file transfer program
+.Sh SYNOPSIS
+.Nm ftp
+.Op Fl t
+.Op Fl v
+.Op Fl d
+.Op Fl i
+.Op Fl n
+.Op Fl g
+.Op Fl p
+.Op Ar host
+.Sh DESCRIPTION
+.Nm Ftp
+is the user interface to the
+.Tn ARPANET
+standard File Transfer Protocol.
+The program allows a user to transfer files to and from a
+remote network site.
+.Pp
+Modifications has been made so that it almost follows the ftpsec
+Internet draft.
+.Pp
+Options may be specified at the command line, or to the
+command interpreter.
+.Bl -tag -width flag
+.It Fl t
+Enables packet tracing.
+.It Fl v
+Verbose option forces
+.Nm ftp
+to show all responses from the remote server, as well
+as report on data transfer statistics.
+.It Fl n
+Restrains
+.Nm ftp
+from attempting \*(Lqauto-login\*(Rq upon initial connection.
+If auto-login is enabled,
+.Nm ftp
+will check the
+.Pa .netrc
+(see below) file in the user's home directory for an entry describing
+an account on the remote machine.
+If no entry exists,
+.Nm ftp
+will prompt for the remote machine login name (default is the user
+identity on the local machine), and, if necessary, prompt for a password
+and an account with which to login.
+.It Fl i
+Turns off interactive prompting during
+multiple file transfers.
+.It Fl p
+Turn on passive mode.
+.It Fl d
+Enables debugging.
+.It Fl g
+Disables file name globbing.
+.El
+.Pp
+The client host with which
+.Nm ftp
+is to communicate may be specified on the command line.
+If this is done,
+.Nm ftp
+will immediately attempt to establish a connection to an
+.Tn FTP
+server on that host; otherwise,
+.Nm ftp
+will enter its command interpreter and await instructions
+from the user.
+When
+.Nm ftp
+is awaiting commands from the user the prompt
+.Ql ftp>
+is provided to the user.
+The following commands are recognized
+by
+.Nm ftp  :
+.Bl -tag -width Fl
+.It Ic \&! Op Ar command Op Ar args
+Invoke an interactive shell on the local machine.
+If there are arguments, the first is taken to be a command to execute
+directly, with the rest of the arguments as its arguments.
+.It Ic \&$ Ar macro-name Op Ar args
+Execute the macro
+.Ar macro-name
+that was defined with the
+.Ic macdef
+command.
+Arguments are passed to the macro unglobbed.
+.It Ic account Op Ar passwd
+Supply a supplemental password required by a remote system for access
+to resources once a login has been successfully completed.
+If no argument is included, the user will be prompted for an account
+password in a non-echoing input mode.
+.It Ic append Ar local-file Op Ar remote-file
+Append a local file to a file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used in naming the
+remote file after being altered by any
+.Ic ntrans
+or
+.Ic nmap
+setting.
+File transfer uses the current settings for
+.Ic type  ,
+.Ic format ,
+.Ic mode  ,
+and
+.Ic structure .
+.It Ic ascii
+Set the file transfer
+.Ic type
+to network
+.Tn ASCII .
+This is the default type.
+.It Ic bell
+Arrange that a bell be sounded after each file transfer
+command is completed.
+.It Ic binary
+Set the file transfer
+.Ic type
+to support binary image transfer.
+.It Ic bye
+Terminate the
+.Tn FTP
+session with the remote server
+and exit
+.Nm ftp  .
+An end of file will also terminate the session and exit.
+.It Ic case
+Toggle remote computer file name case mapping during
+.Ic mget
+commands.
+When
+.Ic case
+is on (default is off), remote computer file names with all letters in
+upper case are written in the local directory with the letters mapped
+to lower case.
+.It Ic \&cd Ar remote-directory
+Change the working directory on the remote machine
+to
+.Ar remote-directory  .
+.It Ic cdup
+Change the remote machine working directory to the parent of the
+current remote machine working directory.
+.It Ic chmod Ar mode file-name
+Change the permission modes of the file
+.Ar file-name
+on the remote
+sytem to
+.Ar mode  .
+.It Ic close
+Terminate the
+.Tn FTP
+session with the remote server, and
+return to the command interpreter.
+Any defined macros are erased.
+.It Ic \&cr
+Toggle carriage return stripping during
+ascii type file retrieval.
+Records are denoted by a carriage return/linefeed sequence
+during ascii type file transfer.
+When
+.Ic \&cr
+is on (the default), carriage returns are stripped from this
+sequence to conform with the
+.Ux
+single linefeed record
+delimiter.
+Records on
+.Pf non\- Ns Ux
+remote systems may contain single linefeeds;
+when an ascii type transfer is made, these linefeeds may be
+distinguished from a record delimiter only when
+.Ic \&cr
+is off.
+.It Ic delete Ar remote-file
+Delete the file
+.Ar remote-file
+on the remote machine.
+.It Ic debug Op Ar debug-value
+Toggle debugging mode.
+If an optional
+.Ar debug-value
+is specified it is used to set the debugging level.
+When debugging is on,
+.Nm ftp
+prints each command sent to the remote machine, preceded
+by the string
+.Ql \-\->
+.It Xo
+.Ic dir
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the directory contents in the
+directory,
+.Ar remote-directory  ,
+and, optionally, placing the output in
+.Ar local-file  .
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic dir
+output.
+If no directory is specified, the current working
+directory on the remote machine is used.
+If no local
+file is specified, or
+.Ar local-file
+is
+.Fl  ,
+output comes to the terminal.
+.It Ic disconnect
+A synonym for
+.Ar close  .
+.It Ic form Ar format
+Set the file transfer
+.Ic form
+to
+.Ar format  .
+The default format is \*(Lqfile\*(Rq.
+.It Ic get Ar remote-file Op Ar local-file
+Retrieve the
+.Ar remote-file
+and store it on the local machine.
+If the local
+file name is not specified, it is given the same
+name it has on the remote machine, subject to
+alteration by the current
+.Ic case  ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+The current settings for
+.Ic type  ,
+.Ic form ,
+.Ic mode  ,
+and
+.Ic structure
+are used while transferring the file.
+.It Ic glob
+Toggle filename expansion for
+.Ic mdelete  ,
+.Ic mget
+and
+.Ic mput  .
+If globbing is turned off with
+.Ic glob  ,
+the file name arguments
+are taken literally and not expanded.
+Globbing for
+.Ic mput
+is done as in
+.Xr csh 1 .
+For
+.Ic mdelete
+and
+.Ic mget  ,
+each remote file name is expanded
+separately on the remote machine and the lists are not merged.
+Expansion of a directory name is likely to be
+different from expansion of the name of an ordinary file:
+the exact result depends on the foreign operating system and ftp server,
+and can be previewed by doing
+.Ql mls remote-files \- .
+As a security measure, remotely globbed files that starts with
+.Sq /
+or contains
+.Sq ../ ,
+will not be automatically received. If you have interactive prompting
+turned off, these filenames will be ignored.  Note:
+.Ic mget
+and
+.Ic mput
+are not meant to transfer
+entire directory subtrees of files.
+That can be done by
+transferring a
+.Xr tar 1
+archive of the subtree (in binary mode).
+.It Ic hash
+Toggle hash-sign (``#'') printing for each data block
+transferred.
+The size of a data block is 1024 bytes.
+.It Ic help Op Ar command
+Print an informative message about the meaning of
+.Ar command  .
+If no argument is given,
+.Nm ftp
+prints a list of the known commands.
+.It Ic idle Op Ar seconds
+Set the inactivity timer on the remote server to
+.Ar seconds
+seconds.
+If
+.Ar seconds
+is omitted, the current inactivity timer is printed.
+.It Ic lcd Op Ar directory
+Change the working directory on the local machine.
+If
+no
+.Ar directory
+is specified, the user's home directory is used.
+.It Xo
+.Ic \&ls
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the contents of a
+directory on the remote machine.
+The listing includes any system-dependent information that the server
+chooses to include; for example, most
+.Ux
+systems will produce
+output from the command
+.Ql ls \-l .
+(See also
+.Ic nlist . )
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic \&ls
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Sq Fl ,
+the output is sent to the terminal.
+.It Ic macdef Ar macro-name
+Define a macro.
+Subsequent lines are stored as the macro
+.Ar macro-name  ;
+a null line (consecutive newline characters
+in a file or
+carriage returns from the terminal) terminates macro input mode.
+There is a limit of 16 macros and 4096 total characters in all
+defined macros.
+Macros remain defined until a
+.Ic close
+command is executed.
+The macro processor interprets `$' and `\e' as special characters.
+A `$' followed by a number (or numbers) is replaced by the
+corresponding argument on the macro invocation command line.
+A `$' followed by an `i' signals that macro processor that the
+executing macro is to be looped.
+On the first pass `$i' is
+replaced by the first argument on the macro invocation command line,
+on the second pass it is replaced by the second argument, and so on.
+A `\e' followed by any character is replaced by that character.
+Use the `\e' to prevent special treatment of the `$'.
+.It Ic mdelete Op Ar remote-files
+Delete the
+.Ar remote-files
+on the remote machine.
+.It Ic mdir Ar remote-files local-file
+Like
+.Ic dir  ,
+except multiple remote files may be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mdir
+output.
+.It Ic mget Ar remote-files
+Expand the
+.Ar remote-files
+on the remote machine
+and do a
+.Ic get
+for each file name thus produced.
+See
+.Ic glob
+for details on the filename expansion.
+Resulting file names will then be processed according to
+.Ic case  ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+Files are transferred into the local working directory,
+which can be changed with
+.Ql lcd directory ;
+new local directories can be created with
+.Ql "\&! mkdir directory" .
+.It Ic mkdir Ar directory-name
+Make a directory on the remote machine.
+.It Ic mls Ar remote-files local-file
+Like
+.Ic nlist  ,
+except multiple remote files may be specified,
+and the
+.Ar local-file
+must be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mls
+output.
+.It Ic mode Op Ar mode-name
+Set the file transfer
+.Ic mode
+to
+.Ar mode-name  .
+The default mode is \*(Lqstream\*(Rq mode.
+.It Ic modtime Ar file-name
+Show the last modification time of the file on the remote machine.
+.It Ic mput Ar local-files
+Expand wild cards in the list of local files given as arguments
+and do a
+.Ic put
+for each file in the resulting list.
+See
+.Ic glob
+for details of filename expansion.
+Resulting file names will then be processed according to
+.Ic ntrans
+and
+.Ic nmap
+settings.
+.It Ic newer Ar file-name
+Get the file only if the modification time of the remote file is more
+recent that the file on the current system.
+If the file does not
+exist on the current system, the remote file is considered
+.Ic newer  .
+Otherwise, this command is identical to
+.Ar get  .
+.It Xo
+.Ic nlist
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a  list of the files in a
+directory on the remote machine.
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic nlist
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Fl  ,
+the output is sent to the terminal.
+.It Ic nmap Op Ar inpattern outpattern
+Set or unset the filename mapping mechanism.
+If no arguments are specified, the filename mapping mechanism is unset.
+If arguments are specified, remote filenames are mapped during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, local filenames are mapped during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+The mapping follows the pattern set by
+.Ar inpattern
+and
+.Ar outpattern  .
+.Op Ar Inpattern
+is a template for incoming filenames (which may have already been
+processed according to the
+.Ic ntrans
+and
+.Ic case
+settings).
+Variable templating is accomplished by including the
+sequences `$1', `$2', ..., `$9' in
+.Ar inpattern  .
+Use `\\' to prevent this special treatment of the `$' character.
+All other characters are treated literally, and are used to determine the
+.Ic nmap
+.Op Ar inpattern
+variable values.
+For example, given
+.Ar inpattern
+$1.$2 and the remote file name "mydata.data", $1 would have the value
+"mydata", and $2 would have the value "data".
+The
+.Ar outpattern
+determines the resulting mapped filename.
+The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
+from the
+.Ar inpattern
+template.
+The sequence `$0' is replace by the original filename.
+Additionally, the sequence
+.Ql Op Ar seq1 , Ar seq2
+is replaced by
+.Op Ar seq1
+if
+.Ar seq1
+is not a null string; otherwise it is replaced by
+.Ar seq2 .
+For example, the command
+.Pp
+.Bd -literal -offset indent -compact
+nmap $1.$2.$3 [$1,$2].[$2,file]
+.Ed
+.Pp
+would yield
+the output filename "myfile.data" for input filenames "myfile.data" and
+"myfile.data.old", "myfile.file" for the input filename "myfile", and
+"myfile.myfile" for the input filename ".myfile".
+Spaces may be included in
+.Ar outpattern  ,
+as in the example: `nmap $1 sed "s/  *$//" > $1' .
+Use the `\e' character to prevent special treatment
+of the `$','[','[', and `,' characters.
+.It Ic ntrans Op Ar inchars Op Ar outchars
+Set or unset the filename character translation mechanism.
+If no arguments are specified, the filename character
+translation mechanism is unset.
+If arguments are specified, characters in
+remote filenames are translated during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, characters in
+local filenames are translated during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+Characters in a filename matching a character in
+.Ar inchars
+are replaced with the corresponding character in
+.Ar outchars  .
+If the character's position in
+.Ar inchars
+is longer than the length of
+.Ar outchars  ,
+the character is deleted from the file name.
+.It Ic open Ar host Op Ar port
+Establish a connection to the specified
+.Ar host
+.Tn FTP
+server.
+An optional port number may be supplied,
+in which case,
+.Nm ftp
+will attempt to contact an
+.Tn FTP
+server at that port.
+If the
+.Ic auto-login
+option is on (default),
+.Nm ftp
+will also attempt to automatically log the user in to
+the
+.Tn FTP
+server (see below).
+.It Ic passive
+Toggle passive mode.  If passive mode is turned on
+(default is off), the ftp client will
+send a
+.Dv PASV
+command for all data connections instead of the usual
+.Dv PORT
+command.  The
+.Dv PASV
+command requests that the remote server open a port for the data connection
+and return the address of that port.  The remote server listens on that
+port and the client connects to it.  When using the more traditional
+.Dv PORT
+command, the client listens on a port and sends that address to the remote
+server, who connects back to it.  Passive mode is useful when using
+.Nm ftp
+through a gateway router or host that controls the directionality of
+traffic.
+(Note that though ftp servers are required to support the
+.Dv PASV
+command by RFC 1123, some do not.)
+.It Ic prompt
+Toggle interactive prompting.
+Interactive prompting
+occurs during multiple file transfers to allow the
+user to selectively retrieve or store files.
+If prompting is turned off (default is on), any
+.Ic mget
+or
+.Ic mput
+will transfer all files, and any
+.Ic mdelete
+will delete all files.
+.It Ic proxy Ar ftp-command
+Execute an ftp command on a secondary control connection.
+This command allows simultaneous connection to two remote ftp
+servers for transferring files between the two servers.
+The first
+.Ic proxy
+command should be an
+.Ic open  ,
+to establish the secondary control connection.
+Enter the command "proxy ?" to see other ftp commands executable on the
+secondary connection.
+The following commands behave differently when prefaced by
+.Ic proxy  :
+.Ic open
+will not define new macros during the auto-login process,
+.Ic close
+will not erase existing macro definitions,
+.Ic get
+and
+.Ic mget
+transfer files from the host on the primary control connection
+to the host on the secondary control connection, and
+.Ic put  ,
+.Ic mput ,
+and
+.Ic append
+transfer files from the host on the secondary control connection
+to the host on the primary control connection.
+Third party file transfers depend upon support of the ftp protocol
+.Dv PASV
+command by the server on the secondary control connection.
+.It Ic put Ar local-file Op Ar remote-file
+Store a local file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used
+after processing according to any
+.Ic ntrans
+or
+.Ic nmap
+settings
+in naming the remote file.
+File transfer uses the
+current settings for
+.Ic type  ,
+.Ic format ,
+.Ic mode  ,
+and
+.Ic structure  .
+.It Ic pwd
+Print the name of the current working directory on the remote
+machine.
+.It Ic quit
+A synonym for
+.Ic bye  .
+.It Ic quote Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server.
+.It Ic recv Ar remote-file Op Ar local-file
+A synonym for get.
+.It Ic reget Ar remote-file Op Ar local-file
+Reget acts like get, except that if
+.Ar local-file
+exists and is
+smaller than
+.Ar remote-file  ,
+.Ar local-file
+is presumed to be
+a partially transferred copy of
+.Ar remote-file
+and the transfer
+is continued from the apparent point of failure.
+This command
+is useful when transferring very large files over networks that
+are prone to dropping connections.
+.It Ic remotehelp Op Ar command-name
+Request help from the remote
+.Tn FTP
+server.
+If a
+.Ar command-name
+is specified it is supplied to the server as well.
+.It Ic remotestatus Op Ar file-name
+With no arguments, show status of remote machine.
+If
+.Ar file-name
+is specified, show status of
+.Ar file-name
+on remote machine.
+.It Xo
+.Ic rename
+.Op Ar from
+.Op Ar to
+.Xc
+Rename the file
+.Ar from
+on the remote machine, to the file
+.Ar to  .
+.It Ic reset
+Clear reply queue.
+This command re-synchronizes command/reply sequencing with the remote
+ftp server.
+Resynchronization may be necessary following a violation of the ftp protocol
+by the remote server.
+.It Ic restart Ar marker
+Restart the immediately following
+.Ic get
+or
+.Ic put
+at the
+indicated
+.Ar marker  .
+On
+.Ux
+systems, marker is usually a byte
+offset into the file.
+.It Ic rmdir Ar directory-name
+Delete a directory on the remote machine.
+.It Ic runique
+Toggle storing of files on the local system with unique filenames.
+If a file already exists with a name equal to the target
+local filename for a
+.Ic get
+or
+.Ic mget
+command, a ".1" is appended to the name.
+If the resulting name matches another existing file,
+a ".2" is appended to the original name.
+If this process continues up to ".99", an error
+message is printed, and the transfer does not take place.
+The generated unique filename will be reported.
+Note that
+.Ic runique
+will not affect local files generated from a shell command
+(see below).
+The default value is off.
+.It Ic send Ar local-file Op Ar remote-file
+A synonym for put.
+.It Ic sendport
+Toggle the use of
+.Dv PORT
+commands.
+By default,
+.Nm ftp
+will attempt to use a
+.Dv PORT
+command when establishing
+a connection for each data transfer.
+The use of
+.Dv PORT
+commands can prevent delays
+when performing multiple file transfers.
+If the
+.Dv PORT
+command fails,
+.Nm ftp
+will use the default data port.
+When the use of
+.Dv PORT
+commands is disabled, no attempt will be made to use
+.Dv PORT
+commands for each data transfer.
+This is useful
+for certain
+.Tn FTP
+implementations which do ignore
+.Dv PORT
+commands but, incorrectly, indicate they've been accepted.
+.It Ic site Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server as a
+.Dv SITE
+command.
+.It Ic size Ar file-name
+Return size of
+.Ar file-name
+on remote machine.
+.It Ic status
+Show the current status of
+.Nm ftp  .
+.It Ic struct Op Ar struct-name
+Set the file transfer
+.Ar structure
+to
+.Ar struct-name .
+By default \*(Lqstream\*(Rq structure is used.
+.It Ic sunique
+Toggle storing of files on remote machine under unique file names.
+Remote ftp server must support ftp protocol
+.Dv STOU
+command for
+successful completion.
+The remote server will report unique name.
+Default value is off.
+.It Ic system
+Show the type of operating system running on the remote machine.
+.It Ic tenex
+Set the file transfer type to that needed to
+talk to
+.Tn TENEX
+machines.
+.It Ic trace
+Toggle packet tracing.
+.It Ic type Op Ar type-name
+Set the file transfer
+.Ic type
+to
+.Ar type-name  .
+If no type is specified, the current type
+is printed.
+The default type is network
+.Tn ASCII .
+.It Ic umask Op Ar newmask
+Set the default umask on the remote server to
+.Ar newmask  .
+If
+.Ar newmask
+is omitted, the current umask is printed.
+.It Xo
+.Ic user Ar user-name
+.Op Ar password
+.Op Ar account
+.Xc
+Identify yourself to the remote
+.Tn FTP
+server.
+If the
+.Ar password
+is not specified and the server requires it,
+.Nm ftp
+will prompt the user for it (after disabling local echo).
+If an
+.Ar account
+field is not specified, and the
+.Tn FTP
+server
+requires it, the user will be prompted for it.
+If an
+.Ar account
+field is specified, an account command will
+be relayed to the remote server after the login sequence
+is completed if the remote server did not require it
+for logging in.
+Unless
+.Nm ftp
+is invoked with \*(Lqauto-login\*(Rq disabled, this
+process is done automatically on initial connection to
+the
+.Tn FTP
+server.
+.It Ic verbose
+Toggle verbose mode.
+In verbose mode, all responses from
+the
+.Tn FTP
+server are displayed to the user.
+In addition,
+if verbose is on, when a file transfer completes, statistics
+regarding the efficiency of the transfer are reported.
+By default,
+verbose is on.
+.It Ic ? Op Ar command
+A synonym for help.
+.El
+.Pp
+The following command can be used with ftpsec-aware servers.
+.Bl -tag -width Fl
+.It Xo
+.Ic prot 
+.Ar clear | 
+.Ar safe | 
+.Ar confidential | 
+.Ar private
+.Xc
+Set the data protection level to the requested level.
+.El
+.Pp
+The following command can be used with ftp servers that has
+implemented the KAUTH site command.
+.Bl -tag -width Fl
+.It Ic kauth Op Ar principal
+Obtain remote tickets.
+.El
+.Pp
+Command arguments which have embedded spaces may be quoted with
+quote `"' marks.
+.Sh ABORTING A FILE TRANSFER
+To abort a file transfer, use the terminal interrupt key
+(usually Ctrl-C).
+Sending transfers will be immediately halted.
+Receiving transfers will be halted by sending a ftp protocol
+.Dv ABOR
+command to the remote server, and discarding any further data received.
+The speed at which this is accomplished depends upon the remote
+server's support for
+.Dv ABOR
+processing.
+If the remote server does not support the
+.Dv ABOR
+command, an
+.Ql ftp>
+prompt will not appear until the remote server has completed
+sending the requested file.
+.Pp
+The terminal interrupt key sequence will be ignored when
+.Nm ftp
+has completed any local processing and is awaiting a reply
+from the remote server.
+A long delay in this mode may result from the ABOR processing described
+above, or from unexpected behavior by the remote server, including
+violations of the ftp protocol.
+If the delay results from unexpected remote server behavior, the local
+.Nm ftp
+program must be killed by hand.
+.Sh FILE NAMING CONVENTIONS
+Files specified as arguments to
+.Nm ftp
+commands are processed according to the following rules.
+.Bl -enum
+.It
+If the file name
+.Sq Fl
+is specified, the
+.Ar stdin
+(for reading) or
+.Ar stdout
+(for writing) is used.
+.It
+If the first character of the file name is
+.Sq \&| ,
+the
+remainder of the argument is interpreted as a shell command.
+.Nm Ftp
+then forks a shell, using
+.Xr popen 3
+with the argument supplied, and reads (writes) from the stdout
+(stdin).
+If the shell command includes spaces, the argument
+must be quoted; e.g.
+\*(Lq" ls -lt"\*(Rq.
+A particularly
+useful example of this mechanism is: \*(Lqdir more\*(Rq.
+.It
+Failing the above checks, if ``globbing'' is enabled,
+local file names are expanded
+according to the rules used in the
+.Xr csh  1  ;
+c.f. the
+.Ic glob
+command.
+If the
+.Nm ftp
+command expects a single local file (.e.g.
+.Ic put  ) ,
+only the first filename generated by the "globbing" operation is used.
+.It
+For
+.Ic mget
+commands and
+.Ic get
+commands with unspecified local file names, the local filename is
+the remote filename, which may be altered by a
+.Ic case  ,
+.Ic ntrans ,
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered if
+.Ic runique
+is on.
+.It
+For
+.Ic mput
+commands and
+.Ic put
+commands with unspecified remote file names, the remote filename is
+the local filename, which may be altered by a
+.Ic ntrans
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered by the remote server if
+.Ic sunique
+is on.
+.El
+.Sh FILE TRANSFER PARAMETERS
+The FTP specification specifies many parameters which may
+affect a file transfer.
+The
+.Ic type
+may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
+\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
+.Tn PDP Ns -10's
+and
+.Tn PDP Ns -20's
+mostly).
+.Nm Ftp
+supports the ascii and image types of file transfer,
+plus local byte size 8 for
+.Ic tenex
+mode transfers.
+.Pp
+.Nm Ftp
+supports only the default values for the remaining
+file transfer parameters:
+.Ic mode  ,
+.Ic form ,
+and
+.Ic struct  .
+.Sh THE .netrc FILE
+The
+.Pa .netrc
+file contains login and initialization information
+used by the auto-login process.
+It resides in the user's home directory.
+The following tokens are recognized; they may be separated by spaces,
+tabs, or new-lines:
+.Bl -tag -width password
+.It Ic machine Ar name
+Identify a remote machine
+.Ar name .
+The auto-login process searches the
+.Pa .netrc
+file for a
+.Ic machine
+token that matches the remote machine specified on the
+.Nm ftp
+command line or as an
+.Ic open
+command argument.
+Once a match is made, the subsequent
+.Pa .netrc
+tokens are processed,
+stopping when the end of file is reached or another
+.Ic machine
+or a
+.Ic default
+token is encountered.
+.It Ic default
+This is the same as
+.Ic machine
+.Ar name
+except that
+.Ic default
+matches any name.
+There can be only one
+.Ic default
+token, and it must be after all
+.Ic machine
+tokens.
+This is normally used as:
+.Pp
+.Dl default login anonymous password user@site
+.Pp
+thereby giving the user
+.Ar automatic
+anonymous ftp login to
+machines not specified in
+.Pa .netrc .
+This can be overridden
+by using the
+.Fl n
+flag to disable auto-login.
+.It Ic login Ar name
+Identify a user on the remote machine.
+If this token is present, the auto-login process will initiate
+a login using the specified
+.Ar name .
+.It Ic password Ar string
+Supply a password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires a password as part
+of the login process.
+Note that if this token is present in the
+.Pa .netrc
+file for any user other
+than
+.Ar anonymous  ,
+.Nm ftp
+will abort the auto-login process if the
+.Pa .netrc
+is readable by
+anyone besides the user.
+.It Ic account Ar string
+Supply an additional account password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires an additional
+account password, or the auto-login process will initiate an
+.Dv ACCT
+command if it does not.
+.It Ic macdef Ar name
+Define a macro.
+This token functions like the
+.Nm ftp
+.Ic macdef
+command functions.
+A macro is defined with the specified name; its contents begin with the
+next
+.Pa .netrc
+line and continue until a null line (consecutive new-line
+characters) is encountered.
+If a macro named
+.Ic init
+is defined, it is automatically executed as the last step in the
+auto-login process.
+.El
+.Sh ENVIRONMENT
+.Nm Ftp
+utilizes the following environment variables.
+.Bl -tag -width Fl
+.It Ev HOME
+For default location of a
+.Pa .netrc
+file, if one exists.
+.It Ev SHELL
+For default shell.
+.El
+.Sh SEE ALSO
+.Xr ftpd 8 ,
+.%T RFC2228
+.Sh HISTORY
+The
+.Nm ftp
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+Correct execution of many commands depends upon proper behavior
+by the remote server.
+.Pp
+An error in the treatment of carriage returns
+in the
+.Bx 4.2
+ascii-mode transfer code
+has been corrected.
+This correction may result in incorrect transfers of binary files
+to and from
+.Bx 4.2
+servers using the ascii type.
+Avoid this problem by using the binary image type.
diff --git a/crypto/kerberosIV/man/ftpd.8 b/crypto/kerberosIV/man/ftpd.8
new file mode 100644
index 0000000..c51de1c
--- /dev/null
+++ b/crypto/kerberosIV/man/ftpd.8
@@ -0,0 +1,473 @@
+.\"	$NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
+.\"
+.\" Copyright (c) 1985, 1988, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
+.\"
+.Dd April 19, 1997
+.Dt FTPD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm ftpd
+.Nd
+Internet File Transfer Protocol server
+.Sh SYNOPSIS
+.Nm ftpd
+.Op Fl a Ar authmode
+.Op Fl dilv
+.Op Fl g Ar umask
+.Op Fl p Ar port 
+.Op Fl T Ar maxtimeout
+.Op Fl t Ar timeout
+.Op Fl u Ar default umask
+.Sh DESCRIPTION
+.Nm Ftpd
+is the
+Internet File Transfer Protocol
+server process.  The server uses the
+.Tn TCP
+protocol
+and listens at the port specified in the
+.Dq ftp
+service specification; see
+.Xr services 5 .
+.Pp
+Available options:
+.Bl -tag -width Ds
+.It Fl a
+Select the level of authentication required.  Kerberised login can not
+be turned off. The default is to only allow kerberised login.  Other
+possibilities can be turned on by giving a string of comma separated
+flags as argument to
+.Fl a .
+Recognised flags are:
+.Bl -tag -width plain
+.It Ar plain
+Allow logging in with plaintext password. The password can be a(n) OTP
+or an ordinary password.
+.It Ar otp
+Same as
+.Ar plain ,
+but only OTP is allowed.
+.It Ar ftp
+Allow anonymous login.
+.El
+
+The following combination modes exists for backwards compatibility:
+.Bl -tag -width plain
+.It Ar none
+Same as
+.Ar plain,ftp .
+.It Ar safe
+Same as 
+.Ar ftp .
+.It Ar user
+Ignored.
+.El
+.It Fl d
+Debugging information is written to the syslog using LOG_FTP.
+.It Fl g
+Anonymous users will get a umask of
+.Ar umask .
+.It Fl i
+Open a socket and wait for a connection. This is mainly used for
+debugging when ftpd isn't started by inetd.
+.It Fl l
+Each successful and failed 
+.Xr ftp 1
+session is logged using syslog with a facility of LOG_FTP.
+If this option is specified twice, the retrieve (get), store (put), append,
+delete, make directory, remove directory and rename operations and
+their filename arguments are also logged.
+.It Fl p
+Use
+.Ar port
+(a service name or number) instead of the default 
+.Ar ftp/tcp .
+.It Fl T
+A client may also request a different timeout period;
+the maximum period allowed may be set to
+.Ar timeout
+seconds with the
+.Fl T
+option.
+The default limit is 2 hours.
+.It Fl t
+The inactivity timeout period is set to
+.Ar timeout
+seconds (the default is 15 minutes).
+.It Fl u
+Set the initial umask to something else than the default 027.
+.It Fl v
+Verbose mode.
+.El
+.Pp
+The file
+.Pa /etc/nologin
+can be used to disable ftp access.
+If the file exists,
+.Nm
+displays it and exits.
+If the file
+.Pa /etc/ftpwelcome
+exists,
+.Nm
+prints it before issuing the 
+.Dq ready
+message.
+If the file
+.Pa /etc/motd
+exists,
+.Nm
+prints it after a successful login.
+.Pp
+The ftp server currently supports the following ftp requests.
+The case of the requests is ignored.
+.Bl -column "Request" -offset indent
+.It Request Ta "Description"
+.It ABOR Ta "abort previous command"
+.It ACCT Ta "specify account (ignored)"
+.It ALLO Ta "allocate storage (vacuously)"
+.It APPE Ta "append to a file"
+.It CDUP Ta "change to parent of current working directory"
+.It CWD Ta "change working directory"
+.It DELE Ta "delete a file"
+.It HELP Ta "give help information"
+.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
+.It MKD Ta "make a directory"
+.It MDTM Ta "show last modification time of file"
+.It MODE Ta "specify data transfer" Em mode
+.It NLST Ta "give name list of files in directory"
+.It NOOP Ta "do nothing"
+.It PASS Ta "specify password"
+.It PASV Ta "prepare for server-to-server transfer"
+.It PORT Ta "specify data connection port"
+.It PWD Ta "print the current working directory"
+.It QUIT Ta "terminate session"
+.It REST Ta "restart incomplete transfer"
+.It RETR Ta "retrieve a file"
+.It RMD Ta "remove a directory"
+.It RNFR Ta "specify rename-from file name"
+.It RNTO Ta "specify rename-to file name"
+.It SITE Ta "non-standard commands (see next section)"
+.It SIZE Ta "return size of file"
+.It STAT Ta "return status of server"
+.It STOR Ta "store a file"
+.It STOU Ta "store a file with a unique name"
+.It STRU Ta "specify data transfer" Em structure
+.It SYST Ta "show operating system type of server system"
+.It TYPE Ta "specify data transfer" Em type
+.It USER Ta "specify user name"
+.It XCUP Ta "change to parent of current working directory (deprecated)"
+.It XCWD Ta "change working directory (deprecated)"
+.It XMKD Ta "make a directory (deprecated)"
+.It XPWD Ta "print the current working directory (deprecated)"
+.It XRMD Ta "remove a directory (deprecated)"
+.El
+.Pp
+The following commands are specified by RFC2228.
+.Bl -column Request -offset indent
+.It AUTH Ta "authentication/security mechanism"
+.It ADAT Ta "authentication/security data"
+.It PROT Ta "data channel protection level"
+.It PBSZ Ta "protection buffer size"
+.It MIC Ta "integrity protected command"
+.It CONF Ta "confidentiality protected command"
+.It ENC Ta "privacy protected command"
+.It CCC Ta "clear command channel"
+.El
+.Pp
+The following non-standard or
+.Tn UNIX
+specific commands are supported
+by the
+SITE request.
+.Pp
+.Bl -column Request -offset indent
+.It UMASK Ta change umask, (e.g. 
+.Ic "SITE UMASK 002" )
+.It IDLE Ta set idle-timer, (e.g. 
+.Ic "SITE IDLE 60" )
+.It CHMOD Ta change mode of a file (e.g. 
+.Ic "SITE CHMOD 755 filename" )
+.It FIND Ta quickly find a specific file with GNU 
+.Xr locate 1 .
+.It HELP Ta give help information.
+.El
+.Pp
+The following Kerberos related site commands are understood.
+.Bl -column Request -offset indent
+.It KAUTH Ta obtain remote tickets.
+.It KLIST Ta show remote tickets
+.El
+.Pp
+The remaining ftp requests specified in Internet RFC 959
+are
+recognized, but not implemented.
+MDTM and SIZE are not specified in RFC 959, but will appear in the
+next updated FTP RFC.
+.Pp
+The ftp server will abort an active file transfer only when the
+ABOR
+command is preceded by a Telnet "Interrupt Process" (IP)
+signal and a Telnet "Synch" signal in the command Telnet stream,
+as described in Internet RFC 959.
+If a
+STAT
+command is received during a data transfer, preceded by a Telnet IP
+and Synch, transfer status will be returned.
+.Pp
+.Nm Ftpd
+interprets file names according to the
+.Dq globbing
+conventions used by
+.Xr csh 1 .
+This allows users to utilize the metacharacters
+.Dq Li \&*?[]{}~ .
+.Pp
+.Nm Ftpd
+authenticates users according to these rules. 
+.Pp
+.Bl -enum -offset indent
+.It
+If Kerberos authentication is used, the user must pass valid tickets
+and the principal must be allowed to login as the remote user.
+.It
+The login name must be in the password data base, and not have a null
+password (if kerberos is used the password field is not checked).  In
+this case a password must be provided by the client before any file
+operations may be performed.  If the user has an OTP key, the response
+from a successful USER command will include an OTP challenge. The
+client may choose to respond with a PASS command giving either a
+standard password or an OTP one-time password. The server will
+automatically determine which type of password it has been given and
+attempt to authenticate accordingly. See
+.Xr otp 1
+for more information on OTP authentication.
+.It
+The login name must not appear in the file
+.Pa /etc/ftpusers .
+.It
+The user must have a standard shell returned by 
+.Xr getusershell 3 .
+.It
+If the user name appears in the file
+.Pa /etc/ftpchroot
+the session's root will be changed to the user's login directory by
+.Xr chroot 2
+as for an
+.Dq anonymous
+or
+.Dq ftp
+account (see next item).  However, the user must still supply a password.
+This feature is intended as a compromise between a fully anonymous account 
+and a fully privileged account.  The account should also be set up as for an
+anonymous account.
+.It
+If the user name is
+.Dq anonymous
+or
+.Dq ftp ,
+an
+anonymous ftp account must be present in the password
+file (user
+.Dq ftp ) .
+In this case the user is allowed
+to log in by specifying any password (by convention an email address for
+the user should be used as the password).
+.El
+.Pp
+In the last case, 
+.Nm ftpd
+takes special measures to restrict the client's access privileges.
+The server performs a 
+.Xr chroot 2
+to the home directory of the
+.Dq ftp
+user.
+In order that system security is not breached, it is recommended
+that the
+.Dq ftp
+subtree be constructed with care, consider following these guidelines
+for anonymous ftp.
+
+In general all files should be owned by
+.Dq root ,
+and have non-write permissions (644 or 755 depending on the kind of
+file). No files should be owned or writable by
+.Dq ftp
+(possibly with exception for the
+.Pa ~ftp/incoming ,
+as specified below).
+.Bl -tag -width "~ftp/pub" -offset indent
+.It Pa ~ftp
+The 
+.Dq ftp
+homedirectory should be owned by root.
+.It Pa ~ftp/bin
+The directory for external programs (such as 
+.Xr ls 1 ) .
+These programs must either be statically linked, or you must setup an
+environment for dynamic linking when running chrooted.  
+These programs will be used if present:
+.Bl -tag -width "locate" -offset indent
+.It ls
+Used when listing files.
+.It compress
+When retrieving a filename that ends in
+.Pa .Z ,
+and that file isn't present,
+.Nm
+will try to find the filename without
+.Pa .Z
+and compress it on the fly.
+.It gzip
+Same as compress, just with files ending in
+.Pa .gz .
+.It gtar
+Enables retrieval of whole directories as files ending in
+.Pa .tar .
+Can also be combined with compression. You must use GNU Tar (or some
+other that supports the
+.Fl z 
+and
+.Fl Z
+flags).
+.It locate
+Will enable ``fast find'' with the 
+.Ic SITE FIND
+command. You must also create a 
+.Pa locatedb
+file in 
+.Pa ~ftp/etc .
+.El
+.It Pa ~ftp/etc
+If you put copies of the
+.Xr passwd 5
+and 
+.Xr group 5
+files here, ls will be able to produce owner names rather than
+numbers. Remember to remove any passwords from these files.  
+
+The file
+.Pa motd ,
+if present, will be printed after a successful login.
+.It Pa ~ftp/dev 
+Put a copy of
+.Xr /dev/null 7
+here.
+.It Pa ~ftp/pub
+Traditional place to put whatever you want to make public.
+.El
+
+If you want guests to be able to upload files, create a
+.Pa ~ftp/incoming
+directory owned by 
+.Dq root ,
+and group
+.Dq ftp
+with mode 730 (make sure 
+.Dq ftp 
+is member of group
+.Dq ftp ) .
+The following restrictions apply to anonymous users:
+.Bl -bullet
+.It
+Directories created will have mode 700.
+.It
+Uploaded files will be created with an umask of 777, if not changed
+with the
+.Fl g
+option.
+.It
+These command are not accessible: 
+.Ic DELE , RMD , RNTO , RNFR , 
+.Ic SITE UMASK ,
+and
+.Ic SITE CHMOD .
+.It
+Filenames must start with an alpha-numeric character, and consist of
+alpha-numeric characters or any of the following: 
+.Li \&+  
+(plus),
+.Li \&-  
+(minus),
+.Li \&=  
+(equal),
+.Li \&_  
+(underscore),
+.Li \&.  
+(period), and
+.Li \&,  
+(comma).
+.El
+.Sh FILES
+.Bl -tag -width /etc/ftpwelcome -compact
+.It Pa /etc/ftpusers
+Access list for users.
+.It Pa /etc/ftpchroot
+List of normal users who should be chroot'd.
+.It Pa /etc/ftpwelcome
+Welcome notice.
+.It Pa /etc/motd
+Welcome notice after login.
+.It Pa /etc/nologin
+Displayed and access refused.
+.It Pa ~/.klogin
+Login access for Kerberos.
+.El
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr otp 1 ,
+.Xr getusershell 3 ,
+.Xr ftpusers 5 ,
+.Xr syslogd 8 ,
+.Sh STANDARDS
+.Bl -tag -compact -width "RFC 1938"
+.It Cm RFC 959
+FTP PROTOCOL SPECIFICATION
+.It Cm RFC 1938
+OTP Specification
+.It Cm RFC 2228
+FTP Security Extensions.
+.Sh BUGS
+The server must run as the super-user
+to create sockets with privileged port numbers.  It maintains
+an effective user id of the logged in user, reverting to
+the super-user only when binding addresses to sockets.  The
+possible security holes have been extensively
+scrutinized, but are possibly incomplete.
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
diff --git a/crypto/kerberosIV/man/ftpusers.5 b/crypto/kerberosIV/man/ftpusers.5
new file mode 100644
index 0000000..dfd66f9
--- /dev/null
+++ b/crypto/kerberosIV/man/ftpusers.5
@@ -0,0 +1,38 @@
+.\"	$Id: ftpusers.5,v 1.2 1997/05/07 20:11:11 joda Exp $
+.\"
+.Dd May 7, 1997
+.Dt FTPUSERS 5
+.Os KTH-KRB
+.Sh NAME
+.Pa /etc/ftpusers
+.Nd
+FTP access list file.
+.Sh DESCRIPTION
+.Pa /etc/ftpusers
+contains a list of users that should be allowed or denied FTP
+access. Each line contains a user, optionally followed by
+.Dq allow 
+(anything but
+.Dq allow
+is ignored).  The semi-user
+.Dq *
+matches any user.  Users that has an explicit
+.Dq allow ,
+or that does not match any line, are allowed access. Anyone else is
+denied access.
+
+Note that this is compatible with the old format, where this file
+contained a list of users that should be denied access.
+.Sh EXAMPLES
+This will deny anyone but
+.Dq foo
+and
+.Dq bar
+to use FTP:
+.Bd -literal
+foo allow
+bar allow
+*
+.Ed
+.Sh SEE ALSO
+.Xr ftpd 8
diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8
index 3139b25..afd9126 100644
--- a/crypto/kerberosIV/man/kadmin.8
+++ b/crypto/kerberosIV/man/kadmin.8
@@ -1,176 +1,140 @@
-.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $
+.\" $Id: kadmin.8,v 1.6 1998/12/18 16:56:29 assar Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
 .\" please see the file <mit-copyright.h>.
 .\"
-.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kadmin \- network utility for Kerberos database administration
-.SH SYNOPSIS
-.B kadmin [-u user] [-r default_realm] [-m] [-t]
-.SH DESCRIPTION
-This utility provides a unified administration interface to
-the
-Kerberos
-master database.
-Kerberos
-administrators
-use
-.I kadmin
-to register new users and services to the master database,
-and to change information about existing database entries.
-For instance, an administrator can use
-.I kadmin
-to change a user's
-Kerberos
-password.
-A Kerberos administrator is a user with an ``admin'' instance
-whose name appears on one of the Kerberos administration access control
-lists.  If the \-u option is used, 
-.I user 
-will be used as the administrator instead of the local user.
-If the \-r option is used, 
-.I default_realm
-will be used as the default realm for transactions.  Otherwise,
-the local realm will be used by default.
-If the \-m option is used, multiple requests will be permitted 
-on only one entry of the admin password.  Some sites won't
-support this option.  The \-t option is used to tell kadmin to use the
-existing ticket file instead of creating a new one.
 
+.Dd February  3, 1998
+.Dt KADMIN 8
+.Os "KTH-KRB"
+.Sh NAME
+.Nm kadmin
+.Nd
+network utility for Kerberos database administration
+.Sh SYNOPSIS
+.Nm
+.Op Fl p Ar principal
+.Op Fl u Ar username
+.Op Fl r Ar realm
+.Op Fl m
+.Op Fl T Ar timeout
+.Op Fl t
+.Op Fl -version
+.Op Fl h
+.Op Fl -help
+.Ar [command]
+.Sh DESCRIPTION
+This utility provides a unified administration interface to the
+Kerberos master database.  Kerberos administrators use
+.Nm
+to register new users and services to the master database, and to
+change information about existing database entries, such as changing a
+user's Kerberos password. A Kerberos administrator is a user with an
+.Dq admin
+instance whose name appears on one of the Kerberos administration
+access control lists.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Fl p Ar principal
+This is the adminstrator principal to use when talking to the Kadmin
+server. The default is taken from the users environment.
+.It Fl r Ar realm
+This is the default realm to use for transactions. Default is the
+local realm.
+.It Fl u Ar username
+This is similar to 
+.Fl p ,
+but specifies a name, that gets appended with a
+.Dq admin
+instance.
+.It Fl T Ar timeout
+To prevent someone from walking up to an unguarded terminal and doing
+malicious things, administrator tickets are destroyed after a period
+of inactivity. This flag changes the timeout from the default of one
+minute. A timeout of zero seconds disables this functionality.
+.It Fl m
+Historically
+.Nm
+destroyed tickets after every command; this flag used to stop this
+behaviour (only destroying tickets upon exit). Now it's just a synonym
+for
+.Fl T Ar 0 .
+.It Fl t
+Use existing tickets (if any are available), this also disbles
+timeout, and doesn't destroy any tickets upon exit.
+
+These tickets have to be for the changepw.kerberos service.  Use
+.Nm kinit -p
+to acquire them.
+.El
+.Pp
 The
-.I kadmin
+.Nm
 program communicates over the network with the
-.I kadmind
+.Nm kadmind
 program, which runs on the machine housing the Kerberos master
-database.
-The
-.I kadmind
-creates new entries and makes modifications to the database.
-
+database, and does the actual modifications to the database.
+.Pp
 When you enter the
-.I kadmin
-command,
-the program displays a message that welcomes you and explains
-how to ask for help.
-Then
-.I kadmin
-waits for you to enter commands (which are described below).
-It then asks you for your
-.I admin
-password before accessing the database.
-
+.Nm
+command, the program displays a message that welcomes you and explains
+how to ask for help.  Then
+.Nm
+waits for you to enter commands (which are described below).  It then
+asks you for your administrator's password before accessing the
+database.
+.Pp
 All commands can be abbreviated as long as they are unique.  Some
 short versions of the commands are also recognized for backwards
 compatibility.
-
-Use the
-.I add_new_key
-(or
-.I ank
-for short)
-command to register a new principal
-with the master database.
-The command requires one argument,
-the principal's name.  The name
-given can be fully qualified using 
-the standard 
-.I name.instance@realm
-convention.
-You are asked to enter your
-.I admin
-password,
-then prompted twice to enter the principal's
-new password.  If no realm is specified, 
-the local realm is used unless another was
-given on the commandline with the \-r flag.  
-If no instance is
-specified, a null instance is used.  If
-a realm other than the default realm is specified,
-you will need to supply your admin password for
-the other realm.
-
-Use the
-.I change_password (cpw)
-to change a principal's
-Kerberos
+.Pp
+Recognised commands:
+.Bl -tag -width Ds
+.It add_new_key Ar principal
+Creates a new principal in the Kerberos database. You give the name of
+the new principal as an argument. You will then be asked for a maximum
+ticket lifetime, attributes, the expiration date of the principal, and
+finally the password of the principal.
+.It change_password Ar principal
+Changes a principal's password. You will be prompted for the new
 password.
-The command requires one argument,
-the principal's
-name.
-You are asked to enter your
-.I admin
-password,
-then prompted twice to enter the principal's new password.
-The name
-given can be fully qualified using 
-the standard 
-.I name.instance@realm
-convention.
-
-Use the
-.I change_key (ckey)
-if you have a need to change the raw key of a particular principal.
-In other words, if you do not want to input a DES key instead of a
-password that will get converted into a DES key.
-
-Use the
-.I change_admin_password (cap)
-to change your
-.I admin
-instance password.
-This command requires no arguments.
-It prompts you for your old
-.I admin
-password, then prompts you twice to enter the new
-.I admin
-password.  If this is your first command, 
-the default realm is used.  Otherwise, the realm
-used in the last command is used.
-
-Use the
-.I del_entry (del)
-to remove an entry from the kerberos database.
-
-Use the
-.I mod_entry (mod)
-to modify a particular entry, for example to change the expire date.
-
-Use the
-.I destroy_tickets (dest)
-command to destroy your admin tickets explicitly.
-
-Use the
-.I list_requests (lr)
-command to get a list of possible commands.
-
-Use the
-.I help
-command to display
-.IR kadmin's
-various help messages.
-If entered without an argument,
-.I help
-displays a general help message.
-You can get detailed information on specific
-.I kadmin
-commands
-by entering 
-.I help
-.IR command_name .
-
-To quit the program, type
-.IR quit .
-
-.SH BUGS
-The user interface is primitive, and the command names could be better.
-
-.SH "SEE ALSO"
-kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
-.br
-``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
-.SH AUTHORS
+.It change_key Ar principal
+This is the same as change_password, but the password is given as a
+raw DES key (for the few occations when you need this).
+.It change_admin_password
+Changes your own admin password. It will prompt you for you old and
+new passwords.
+.It del_entry Ar principal
+Removes principal from the database.
+.It get_entry Ar principal
+Show various information for the given principal. Note that the key is
+shown as zeros.
+.It mod_entry Ar principal
+Modifies a particular entry, for instance to change the expiration
+date.  
+.It destroy_tickets
+Destroys your admin tickets explicitly.
+.It quit
+Obvious.
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kerberos 1 ,
+.Xr kadmind 8 ,
+.Xr kpasswd 1 ,
+.Xr kinit 1 ,
+.Xr ksrvutil 8
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.Sh AUTHORS
 Jeffrey I. Schiller, MIT Project Athena
-.br
+.Pp
 Emanuel Jay Berkenbilt, MIT Project Athena
+.Sh BUGS
+The user interface is primitive, and the command names could be
+better.
diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8
index 477511b..9924d48 100644
--- a/crypto/kerberosIV/man/kadmind.8
+++ b/crypto/kerberosIV/man/kadmind.8
@@ -1,4 +1,4 @@
-.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $
+.\" $Id: kadmind.8,v 1.5 1998/06/13 00:30:08 assar Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
@@ -23,6 +23,8 @@ kadmind \- network daemon for Kerberos database administration
 .B \-d dbname
 ] [
 .B \-a acldir
+] [
+.B \-i address
 ]
 .SH DESCRIPTION
 .I kadmind
@@ -77,6 +79,13 @@ option is specified,
 prints out a short summary of the permissible control arguments, and
 then exits.
 .PP
+If the
+.B \-i
+option is specified,
+.I kadmind
+will only listen on that particular address and not on all configured
+addresses of the host, which is the default.
+.PP
 When performing requests on behalf of clients,
 .I kadmind
 checks access control lists (ACLs) to determine the authorization of the client
diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3
index 041fd23..4a7b5ef 100644
--- a/crypto/kerberosIV/man/kafs.3
+++ b/crypto/kerberosIV/man/kafs.3
@@ -1,24 +1,22 @@
-.\"	$Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $
+.\"	$Id: kafs.3,v 1.3 1998/06/30 15:41:52 assar Exp $
 .\"
 .Dd May 7, 1997
 .Os KTH-KRB
 .Dt KAFS 3
 .Sh NAME
 .Nm k_hasafs ,
-.Nm k_afsklog ,
-.Nm k_afsklog_uid ,
 .Nm k_pioctl ,
 .Nm k_unlog ,
 .Nm k_setpag ,
-.Nm k_afs_cell_of_file
+.Nm k_afs_cell_of_file ,
+.Nm krb_afslog ,
+.Nm krb_afslog_uid
+\" .Nm krb5_afslog ,
+\" .Nm krb5_afslog_uid
 .Nd AFS library
 .Sh SYNOPSIS
 .Fd #include <kafs.h>
 .Ft int
-.Fn k_afsklog "char *cell" "char *realm"
-.Ft int
-.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid"
-.Ft int
 .Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
 .Ft int
 .Fn k_hasafs
@@ -28,6 +26,14 @@
 .Fn k_setpag
 .Ft int
 .Fn k_unlog
+.Ft int
+.Fn krb_afslog "char *cell" "char *realm"
+.Ft int
+.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
+\" .Ft krb5_error_code
+\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
+\" .Ft krb5_error_code
+\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
 .Sh DESCRIPTION
 .Fn k_hasafs
 initializes some library internal structures, and tests for the
@@ -36,9 +42,9 @@ called before
 .Fn k_hasafs
 is called, or if it fails.
 
-.Fn k_afsklog ,
+.Fn krb_afslog ,
 and
-.Fn k_afsklog_uid
+.Fn krb_afslog_uid
 obtains new tokens (and possibly tickets) for the specified
 .Fa cell
 and
@@ -53,14 +59,29 @@ is
 .Dv NULL ,
 the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
 .Dv NULL . 
-.Fn k_afsklog 
+.Fn krb_afslog 
 will use the real user-id for the
 .Dv ViceId
 field in the token, 
-.Fn k_afsklog_uid
+.Fn krb_afslog_uid
 will use
 .Fa uid .
 
+\" .Fn krb5_afslog ,
+\" and 
+\" .Fn krb5_afslog_uid
+\" are the Kerberos 5 equivalents of
+\" .Fn krb_afslog ,
+\" and
+\" .Fn krb_afslog_uid .
+\" The extra arguments are the ubiquitous context, and the cache id where
+\" to store any obtained tickets. Since AFS servers normally can't handle
+\" Kerberos 5 tickets directly, these functions will first obtain version
+\" 5 tickets for the requested cells, and then convert them to version 4
+\" tickets, that can be stashed in the kernel. To convert tickets the
+\" .Fn krb524_convert_creds_kdc
+\" function will be used.
+
 .Fn k_afs_cell_of_file
 will in 
 .Fa cell
@@ -81,12 +102,24 @@ initializes a new PAG.
 .Fn k_unlog
 removes destroys all tokens in the current PAG.
 
+.Sh ENVIRONMENT
+The following environment variable affect the mode of operation of
+.Nm kafs :
+.Bl -tag
+.It Ev AFS_SYSCALL
+Normally,
+.Nm kafs
+will try to figure out the correct system call(s) that are used by AFS
+by itself.  If it does not manage to do that, or does it incorrectly,
+you can set this variable to the system call number or list of system
+call numbers that should be used.
+.El
 .Sh RETURN VALUES
 .Fn k_hasafs
 returns 1 if AFS is present in the kernel, 0 otherwise.
-.Fn k_afsklog
+.Fn krb_afslog
 and
-.Fn k_afsklog_uid
+.Fn krb_afslog_uid
 returns 0 on success, or a kerberos error number on failure.
 .Fn k_afs_cell_of_file ,
 .Fn k_pioctl , 
@@ -104,8 +137,8 @@ if (k_hasafs()) {
 	char cell[64];
 	k_setpag();
 	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-		k_afsklog(cell, 0);
-	k_afsklog(0, 0);
+		krb_afslog(cell, NULL);
+	krb_afslog(NULL, NULL);
 }
 .Ed
 .Sh ERRORS
@@ -119,4 +152,7 @@ usually (depending on the operating system) receive a SIGSYS signal.
 .%J AFS-3 Programmer's Reference
 .%T File Server/Cache Manager Interface
 .%D 1991
-.Re
\ No newline at end of file
+.Re
+.Sh BUGS
+.Ev AFS_SYSCALL
+has no effect under AIX.
diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1
index cc71b29..2efb709 100644
--- a/crypto/kerberosIV/man/kauth.1
+++ b/crypto/kerberosIV/man/kauth.1
@@ -1,4 +1,4 @@
-.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $
+.\" $Id: kauth.1,v 1.3 1998/06/30 15:29:17 assar Exp $
 .\"
 .Dd May 4, 1996
 .Dt KAUTH 1
@@ -47,7 +47,8 @@ User on the remote host that should own the ticket file.
 .It Fl t 
 Ticket file on remote host.
 .It Fl l
-Lifetime of tickets i minutes
+Lifetime of tickets in minutes. A value of -1 is used for maximum
+ticket lifetime.
 .It Fl f
 Srvtab to get service keys from. Default is 
 .Pa /etc/srvtab .
@@ -60,6 +61,7 @@ AFS cell to get tokens for, default is your local cell.
 .El
 .Sh SEE ALSO
 .Xr kinit 1 ,
-.Xr kauthd 8
+.Xr kauthd 8 ,
+.Xr kafs 3
 .Sh BUGS
 There is no help-switch.
diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1
index 66ffd39..c7797c0 100644
--- a/crypto/kerberosIV/man/kdestroy.1
+++ b/crypto/kerberosIV/man/kdestroy.1
@@ -1,4 +1,4 @@
-.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $
+.\" $Id: kdestroy.1,v 1.4 1999/06/15 13:29:32 bg Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
@@ -65,9 +65,17 @@ runs without displaying the status message.
 will not make your terminal beep if it fails to destroy the tickets.
 .TP
 .B \-t
-.I kdestroy
-will not remove any afs-tokens. Without this flag the tokens
-associated with the current PAG is destroyed.
+destroy tickets only and keep all AFS tokens.
+.TP
+.B \-u
+unlog, i.e remove any AFS tokens associated with the current PAG
+but leave the ticket file alone.
+.PP
+If neither
+.B \-t
+nor 
+.B \-u
+is given, both tickets and AFS tokens are destroyed.
 .SH FILES
 KRBTKFILE environment variable if set, otherwise
 .br
diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1
index aced5a5..4968822 100644
--- a/crypto/kerberosIV/man/kerberos.1
+++ b/crypto/kerberosIV/man/kerberos.1
@@ -1,4 +1,4 @@
-.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $
+.\" $Id: kerberos.1,v 1.3 1997/11/07 12:37:34 bg Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
@@ -171,13 +171,13 @@ Kerberos
 supports the following network services:
 .IR rlogin ,
 .IR rsh ,
+.IR rcp ,
+.IR pop ,
+.IR ftp ,
+.IR telnet ,
+.IR AFS
 and
-.IR rcp .
-Other services are being worked on,
-such as the
-.IR pop
-mail system and NFS (network file system),
-but are not yet available.
+.IR NFS.
 
 .SH "SEE ALSO"
 kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3),
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8
index 6a64c57..5d89635 100644
--- a/crypto/kerberosIV/man/kerberos.8
+++ b/crypto/kerberosIV/man/kerberos.8
@@ -1,6 +1,6 @@
-.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $
+.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $
 .\"
-.Dd November 14, 1996
+.Dd September 26, 1997
 .Dt KERBEROS 8
 .Os KTH-KRB
 .Sh NAME
@@ -8,12 +8,14 @@
 .Nd The kerberos daemon
 .Sh SYNPOSIS
 .Nm
-.Op Fl snm
-.Op Fl p Ar pause
+.Op Fl mns
 .Op Fl a Ar max age
+.Op Fl i Ar address
 .Op Fl l Ar log
+.Op Fl p Ar pause
+.Op Fl P Ar portspec
 .Op Fl r Ar realm
-.Ar database
+.Op Ar database
 .Sh DESCRIPTION
 This is the
 .Nm
@@ -21,24 +23,170 @@ daemon.
 .Pp
 Options:
 .Bl -tag -width -ident
-.It Fl s
-Set slave parameters.  This will enable check to see if data is
-getting too stale relative to the master.
-.It Fl n
-Do not check max age. 
-.It Fl m
-Run manually and prompt for master key.
-.It Fl p
-Pause for
-.Ar pause
-before dying.
 .It Fl a
 Set the
 .Ar max age
 before the database is considered stale.
+.It Fl i
+Only listen on 
+.Ar address .
+Normally, the kerberos server listens on all addresses of all
+interfaces.
 .It Fl l
 Write the log to
 .Ar log
+.It Fl m
+Run manually and prompt for master key.
+.It Fl n
+Do not check max age. 
+.It Fl p
+Pause for
+.Ar pause
+before dying.
+.It Fl P
+Listen to the ports specified by
+.Ar portspec .
+This should be a white-space separated list of port specificatios. A
+port specification follows the format:
+.Ar port Ns Op / Ns Ar protocol .
+The
+.Ar port
+can be either a symbolic port name (from
+.Pa /etc/services), or a number;
+.Ar protocol can be either 
+.Li udp ,
+or
+.Li tcp . 
+If left out, the KDC will listen to both UDP and TCP sockets on the
+specified port.
+.br
+The special string
+.Li +
+mean that the default set of ports (TCP and UDP on ports 88 and 750)
+should be included.
 .It Fl r
 Run as a server for realm
 .Ar realm
+.It Fl s
+Set slave parameters.  This will enable check to see if data is
+getting too stale relative to the master.
+.El
+
+If no 
+.Ar database
+is given a default datbase will be used, normally
+.Pa /var/kerberos/principal .
+.Sh DIAGNOSTICS
+
+The server logs several messages in a log file
+.Pf ( Pa /var/run/kerberos.log
+by default).  The logging mechanism opens and closes the log file for
+each message, so you can safely rename the log file when the server is
+running.
+.Ss Operational messages
+These are normal messages that you will see in the log. They might be
+followed by some error message.
+.Bl -tag -width xxxxx
+.It Li Getting key for Ar REALM
+The server fetched the key for 
+.Sq krbtgt.REALM
+for the specific
+realm. You will see this at startup, and for every attempt to use
+cross realm authentication.
+.It Xo Li Starting Kerberos for
+.Ar REALM 
+.Li (kvno Ar kvno )
+.Xc
+You will see this also if you start with
+.Fl m .
+.It Xo Li AS REQ 
+.Ar name.instance@REALM 
+.Li for 
+.Ar sname.sinstance 
+.Li from 
+.Ar ip-number
+.Xc
+An initial (password authenticated) request was received.
+.It Xo Li APPL REQ 
+.Ar name.instance@REALM
+.Li for 
+.Ar sname.sinstance
+.Li from Ar ip-number
+.Xc
+A tgt-based request for a ticket was made.
+.El
+
+.Ss Error messages
+These messages reflects misconfigured clients, invalid requests, or
+possibly attepted attacks.
+.Bl -tag -width xxxxx
+.It Li UNKNOWN Ar name.instance
+The server received a request with an unknown principal. This is most
+likely because someone typed the wrong name at a login prompt. It
+could also be someone trying to get a list of possible users.
+.It Xo Li Unknown realm Ar REALM 
+.Li from Ar ip-number
+.Xc
+There isn't a principal for 
+.Sq krbtgt.REALM
+in the database.
+.It Xo Li Can't hop realms: Ar REALM1 
+.Li -> Ar REALM2
+.Xc 
+There was a request for a ticket for another realm.  This might be
+because of a misconfigured client.
+.It Li Principal not unique Ar name.instance
+There is more than one entry for this principal in the database. This
+is not very good.
+.It Li Null key Ar name.instance
+Someone tried to use a principal that for some reason doesn't have a
+key.
+.It Xo Li Incorrect master key version for 
+.Ar name.instance
+.Li : Ar number 
+.Li (should be Ar number )
+.Xc
+The principal has it's key encrypted with the wrong master key.
+.It Xo Li Principal Ar name.instance 
+.Li expired at Ar date
+.Xc
+The principal's key has expired.
+.It Li krb_rd_req from Ar ip-number : error-message
+The message couldn't be decoded properly. The error message will give
+you further hints. You will see this if someone is trying to use
+expired tickets.
+.It Xo Li Unknown message type: Ar number 
+.Li from Ar ip-number
+.Xc
+The message received was not one that is understood by this server.
+.It Li Can't authorize password changed based on TGT
+Someone tried to get a 
+.Sq changepw.kerberos
+via a tgt exchange. This is
+because of a broken client, or possibly an attack.
+.It Li KRB protocol version mismatch ( Ar number )
+The server received a request with an unknown version number.
+.El
+
+.Ss Fatal error messages
+The following messages indicate problems when starting the server.
+.Bl -tag -width xxxxx
+.It Li Database unavailable!
+There was some problem reading the database.
+.It Li Database currently being updated!
+Someone is currently updating the database (possibly via krop).
+.It Li Database out of date!
+The database is older than the maximum age specified.
+.It Li Couldn't get master key.
+The master key file wasn't found or the file is damaged.
+.It Li Can't verify master key.
+The key in the keyfile doesn't match the current databse.
+.It Li Ticket granting ticket service unknown
+The database doesn't contain a 
+.Sq krbtgt.REALM
+for the local realm.
+.El
+
+.Sh SEE ALSO
+.Xr kprop 8 ,
+.Xr kpropd 8
diff --git a/crypto/kerberosIV/man/kpasswd.1 b/crypto/kerberosIV/man/kpasswd.1
new file mode 100644
index 0000000..ad0c858
--- /dev/null
+++ b/crypto/kerberosIV/man/kpasswd.1
@@ -0,0 +1,85 @@
+.\" $Id: kpasswd.1,v 1.2 1996/06/12 21:29:21 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.TH KPASSWD 1 "Kerberos Version 4.0" "MIT Project Athena"
+.FM mit
+.SH NAME
+kpasswd \- change a user's Kerberos password
+.SH SYNOPSIS
+.B kpasswd
+[
+.B \-h
+] [
+.B \-n
+.I name
+] [
+.B \-i
+.I instance
+] [
+.B \-r
+.I realm
+] [
+\-u
+.IR username[.instance][@realm] ]
+.SH DESCRIPTION
+The
+.I kpasswd
+command is used to change a Kerberos principal's password.
+.PP
+If the
+.I \-h
+option is specified, a brief summary of the options is printed, and 
+.I kpasswd
+then exits.
+.PP
+If the
+.I \-n
+option is specified, 
+.I name
+is used as the principal name rather than the username of the user
+running
+.IR kpasswd .
+(This is determined from the ticket file if it exists;
+otherwise, it is determined from the unix user id.)
+.PP
+If the
+.I \-i
+option is specified,
+.I instance
+is used as the instance rather than a null instance.
+.PP
+If the
+.I \-r
+option is specified,
+.I realm
+is used as the realm rather than the local realm.
+.PP
+If the 
+.I \-u 
+option is specified, a fully qualified kerberos
+principal can be given.
+.PP
+
+The utility prompts for the current Kerberos password (printing
+the name of the principal for which it intends to change the password),
+which is verified by the Kerberos server.  If the old password is
+correct, the user is prompted twice for the new password.  A message is
+printed indicating the success or failure of the password changing
+operation.
+
+.SH BUGS
+
+.I kpasswd
+does not handle names, instances, or realms with special
+characters in them when the -n, -i, or -r options are used.  Any
+valid fullname is accepted, however, if the -u option is used.
+
+If the principal whose password you are trying to change does
+not exist, you will not be told until after you have entered the
+old password.
+
+.SH SEE ALSO
+kerberos(1), kinit(1), passwd(1), kadmin(8)
diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5
index b122b9c..5c15468 100644
--- a/crypto/kerberosIV/man/krb.conf.5
+++ b/crypto/kerberosIV/man/krb.conf.5
@@ -1,4 +1,4 @@
-.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $
+.\" $Id: krb.conf.5,v 1.3 1999/06/15 15:36:46 bg Exp $
 .\" Copyright 1989 by the Massachusetts Institute of Technology.
 .\"
 .\" For copying and distribution information,
@@ -9,23 +9,34 @@
 /etc/krb.conf \- Kerberos configuration file
 .SH DESCRIPTION
 .I krb.conf
-contains configuration information describing the Kerberos realm and the
+contains configuration information describing the Kerberos realm(s) and the
 Kerberos key distribution center (KDC) servers for known realms.
 .PP
 .I krb.conf
-contains the name of the local realm in the first
-line, followed by lines indicating realm/host
-entries.  The first token is a realm name, and the second is the hostname
-of a host running a KDC for that realm.
-The words "admin server" following the hostname indicate that 
-the host also provides an administrative database server.
+starts with a definition of the local realm on the first line, this is
+followed by any number lines defining supplementary local realms.  The
+rest of the file consists of lines indicating realm/host entries. The
+first token is a realm name, and the second is a server specification
+of a host running a KDC for that realm. The words "admin server"
+following the hostname indicate that the host also provides an
+administrative database server.
+
+To be able to communicate with the KDC through a firewall it is
+sometimes necessary to tunnel requests over HTTP or TCP. Tunnel
+protocols and port numbers are specified in the server specification
+using the syntax [(udp|tcp|http)/]hostname[:port].
+
 For example:
 .nf
 .in +1i
-ATHENA.MIT.EDU
-ATHENA.MIT.EDU kerberos-1.mit.edu admin server
-ATHENA.MIT.EDU kerberos-2.mit.edu
-LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+SICS.SE
+NADA.KTH.SE
+SICS.SE     tcp/kerberos.sics.se:88 admin server
+NADA.KTH.SE kerberos.nada.kth.se    admin server
+NADA.KTH.SE kerberos-1.nada.kth.se
+NADA.KTH.SE kerberos-2.nada.kth.se
+NADA.KTH.SE http/kerberos-3.nada.kth.se
+KTH.SE      kerberos.kth.se         admin server
 .in -1i
 .SH SEE ALSO
 krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3)
diff --git a/crypto/kerberosIV/man/krb.extra.5 b/crypto/kerberosIV/man/krb.extra.5
new file mode 100644
index 0000000..7c3140a
--- /dev/null
+++ b/crypto/kerberosIV/man/krb.extra.5
@@ -0,0 +1,42 @@
+.\" $Id: krb.extra.5,v 1.1.2.1 1999/07/22 03:16:36 assar Exp $
+.\"
+.Dd June 24, 1999
+.Dt KRB.EXTRA 5
+.Os KTH-KRB
+.Sh NAME
+.Nm krb.extra
+.Nd
+Kerberos misc configuration file
+.Sh DESCRIPTION
+.Nm
+contains a number of settings that are used by the kerberos library,
+or directly by applications. Each line in the file consists of a
+variable, an equal sign, and a value. Lines beginning with hash are
+ignored.
+.Pp
+Currently defined variables are:
+.Bl -tag -width foo
+.It kdc_timeout
+time in seconds to wait for an answer from the KDC (default is 4
+seconds)
+.It kdc_timesync
+if this is enabled, the time differential between the client and the
+KDC will be stored, and used later on when computing the correct time;
+this is useful if the client's clock is drifting
+.It firewall_address
+the outside address of the firewall; this is used in some places to
+compute a direction bit, and this might break if the server has a
+different idea about which address to use then the client
+.It krb4_proxy
+address of a web-proxy to use when connecting to the KDC via HTTP
+.El
+.Sh EXAMPLES
+.Bd -literal
+# this is a comment
+kdc_timesync = yes
+firewall_address = 10.0.0.1
+.Ed
+.Sh SEE ALSO
+.Xr krb.equiv 5 ,
+.Xr krb.conf 5 ,
+.Xr krb.realms 5
diff --git a/crypto/kerberosIV/man/login.1 b/crypto/kerberosIV/man/login.1
new file mode 100644
index 0000000..b05a6a4
--- /dev/null
+++ b/crypto/kerberosIV/man/login.1
@@ -0,0 +1,160 @@
+.\" Copyright (c) 1980, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)login.1	8.1 (Berkeley) 6/9/93
+.\"
+.Dd June 9, 1993
+.Dt LOGIN 1
+.Os BSD 4
+.Sh NAME
+.Nm login
+.Nd log into the computer
+.Sh SYNOPSIS
+.Nm login
+.Op Fl fp
+.Op Fl h Ar hostname
+.Op Ar user
+.Sh DESCRIPTION
+.Sy Note:
+this manual page describes the original login program for
+NetBSD. Everything in here might not be true.
+.Pp
+The
+.Nm login
+utility logs users (and pseudo-users) into the computer system.
+.Pp
+If no user is specified, or if a user is specified and authentication
+of the user fails,
+.Nm login
+prompts for a user name.
+Authentication of users is done via passwords.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl f
+The
+.Fl f
+option is used when a user name is specified to indicate that proper
+authentication has already been done and that no password need be
+requested.
+This option may only be used by the super-user or when an already
+logged in user is logging in as themselves.
+.It Fl h
+The
+.Fl h
+option specifies the host from which the connection was received.
+It is used by various daemons such as
+.Xr telnetd  8 .
+This option may only be used by the super-user.
+.It Fl p
+By default,
+.Nm login
+discards any previous environment.
+The
+.Fl p
+option disables this behavior.
+.El
+.Pp
+If the file
+.Pa /etc/nologin
+exists,
+.Nm login
+dislays its contents to the user and exits.
+This is used by
+.Xr shutdown  8
+to prevent users from logging in when the system is about to go down.
+.Pp
+If the file
+.Pa /etc/fbtab
+exists,
+.Nm login
+changes the protection and ownership of certain devices specified in this
+file.
+.Pp
+Immediately after logging a user in,
+.Nm login
+displays the system copyright notice, the date and time the user last
+logged in, the message of the day as well as other information.
+If the file
+.Dq Pa .hushlogin
+exists in the user's home directory, all of these messages are suppressed.
+This is to simplify logins for non-human users, such as
+.Xr uucp 1 .
+.Nm Login
+then records an entry in the
+.Xr wtmp 5
+and
+.Xr utmp 5
+files and executes the user's command interpretor.
+.Pp
+Login enters information into the environment (see
+.Xr environ 7 )
+specifying the user's home directory (HOME), command interpreter (SHELL),
+search path (PATH), terminal type (TERM) and user name (both LOGNAME and
+USER).
+.Pp
+The standard shells,
+.Xr csh 1
+and
+.Xr sh 1 ,
+do not fork before executing the
+.Nm login
+utility.
+.Sh FILES
+.Bl -tag -width /var/mail/userXXX -compact
+.It Pa /etc/fbtab
+changes device protections
+.It Pa /etc/motd
+message-of-the-day
+.It Pa /etc/nologin
+disallows logins
+.It Pa /var/run/utmp
+current logins
+.It Pa /var/log/wtmp
+login account records
+.It Pa /var/mail/user
+system mailboxes
+.It Pa \&.hushlogin
+makes login quieter
+.El
+.Sh SEE ALSO
+.Xr chpass 1 ,
+.Xr passwd 1 ,
+.Xr rlogin 1 ,
+.Xr getpass 3 ,
+.Xr fbtab 5 ,
+.Xr utmp 5 ,
+.Xr environ 7
+.Sh HISTORY
+A
+.Nm login
+appeared in
+.At v6 .
diff --git a/crypto/kerberosIV/man/login.access.5 b/crypto/kerberosIV/man/login.access.5
new file mode 100644
index 0000000..28d423c
--- /dev/null
+++ b/crypto/kerberosIV/man/login.access.5
@@ -0,0 +1,50 @@
+.\" this is comment
+.Dd April 30, 1994
+.Dt SKEY.ACCESS 5
+.Os FreeBSD 1.2
+.Sh NAME
+.Nm login.access
+.Nd Login access control table
+.Sh DESCRIPTION
+The
+.Nm login.access
+file specifies (user, host) combinations and/or (user, tty) 
+combinations for which a login will be either accepted or refused.
+.Pp
+When someone logs in, the 
+.Nm login.access
+is scanned for the first entry that
+matches the (user, host) combination, or, in case of non-networked
+logins, the first entry that matches the (user, tty) combination.  The
+permissions field of that table entry determines whether the login will 
+be accepted or refused.
+.Pp
+Each line of the login access control table has three fields separated by a
+":" character:	  permission : users : origins
+
+The first field should be a "+" (access granted) or "-" (access denied)
+character. The second field should be a list of one or more login names,
+group names, or ALL (always matches).  The third field should be a list
+of one or more tty names (for non-networked logins), host names, domain
+names (begin with "."), host addresses, internet network numbers (end
+with "."), ALL (always matches) or LOCAL (matches any string that does
+not contain a "." character). If you run NIS you can use @netgroupname
+in host or user patterns.
+
+The EXCEPT operator makes it possible to write very compact rules.
+
+The group file is searched only when a name does not match that of the
+logged-in user. Only groups are matched in which users are explicitly
+listed: the program does not look at a user's primary group id value.
+.Sh FILES
+.Bl -tag -width /etc/login.access -compact
+.It Pa /etc/login.access
+The
+.Nm login.access
+file resides in
+.Pa /etc .
+.El
+.Sh SEE ALSO
+.Xr login 1
+.Sh AUTHOR
+Guido van Rooij
diff --git a/crypto/kerberosIV/man/pagsh.1 b/crypto/kerberosIV/man/pagsh.1
new file mode 100644
index 0000000..cd95f8b
--- /dev/null
+++ b/crypto/kerberosIV/man/pagsh.1
@@ -0,0 +1,22 @@
+.\" $Id: pagsh.1,v 1.1 1996/04/27 23:03:35 d91-jda Exp $
+.\"
+.Dd April 27, 1996
+.Dt PAGSH 1
+.Os KTH-KRB
+.Sh NAME
+.Nm pagsh
+.Nd
+execute a command without authentication
+.Sh SYNOPSIS
+.Nm pagsh
+.Op Oo Fl c Oc Nm command Ar args
+.Sh DESCRIPTION
+Starts a new subprocess that is detached from any Kerberos ticket
+cache and AFS tokens. Without
+.Nm command
+a new shell is started.
+.Sh ENVIRONMENT
+.Bl -tag -width Fl
+.It Ev $SHELL
+Default shell.
+.El
diff --git a/crypto/kerberosIV/man/rcp.1 b/crypto/kerberosIV/man/rcp.1
new file mode 100644
index 0000000..cc5efd0
--- /dev/null
+++ b/crypto/kerberosIV/man/rcp.1
@@ -0,0 +1,161 @@
+.\"	$NetBSD: rcp.1,v 1.5 1995/03/21 08:19:04 cgd Exp $
+.\"
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)rcp.1	8.1 (Berkeley) 5/31/93
+.\"
+.Dd May 31, 1993
+.Dt RCP 1
+.Os BSD 4.3r
+.Sh NAME
+.Nm rcp
+.Nd remote file copy
+.Sh SYNOPSIS
+.Nm rcp
+.Op Fl Kpx
+.Op Fl k Ar realm
+.Ar file1 file2
+.Nm rcp
+.Op Fl Kprx
+.Op Fl k Ar realm
+.Ar file ...
+.Ar directory
+.Sh DESCRIPTION
+.Nm Rcp
+copies files between machines.  Each
+.Ar file
+or
+.Ar directory
+argument is either a remote file name of the
+form ``rname@rhost:path'', or a local file name (containing no `:' characters,
+or a `/' before any `:'s).
+.Pp
+.Bl -tag -width flag
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl k
+The
+.Fl k
+option requests
+.Nm rcp
+to obtain tickets
+for the remote host in realm
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl p
+The
+.Fl p
+option causes
+.Nm rcp
+to attempt to preserve (duplicate) in its copies the modification
+times and modes of the source files, ignoring the
+.Ar umask  .
+By default, the mode and owner of
+.Ar file2
+are preserved if it already existed; otherwise the mode of the source file
+modified by the
+.Xr umask  2
+on the destination host is used.
+.It Fl r
+If any of the source files are directories,
+.Nm rcp
+copies each subtree rooted at that name; in this case
+the destination must be a directory.
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data passed by
+.Nm rcp .
+This may impact response time and
+.Tn CPU
+utilization, but provides
+increased security.
+.El
+.Pp
+If
+.Ar path
+is not a full path name, it is interpreted relative to
+the login directory of the specified user
+.Ar ruser
+on
+.Ar rhost  ,
+or your current user name if no other remote user name is specified.
+A
+.Ar path
+on a remote host may be quoted (using \e, ", or \(aa)
+so that the metacharacters are interpreted remotely.
+.Pp
+.Nm Rcp
+does not prompt for passwords; it performs remote execution
+via
+.Xr rsh  1  ,
+and requires the same authorization.
+.Pp
+.Nm Rcp
+handles third party copies, where neither source nor target files
+are on the current machine.
+.Sh SEE ALSO
+.Xr cp 1 ,
+.Xr ftp 1 ,
+.Xr rsh 1 ,
+.Xr rlogin 1
+.Sh HISTORY
+The
+.Nm rcp
+command appeared in
+.Bx 4.2 .
+The version of
+.Nm rcp
+described here
+has been reimplemented with Kerberos in
+.Bx 4.3 Reno .
+.Sh BUGS
+Doesn't detect all cases where the target of a copy might
+be a file in cases where only a directory should be legal.
+.Pp
+Is confused by any output generated by commands in a
+.Pa \&.login ,
+.Pa \&.profile ,
+or
+.Pa \&.cshrc
+file on the remote host.
+.Pp
+The destination user and hostname may have to be specified as
+``rhost.rname'' when the destination machine is running the
+.Bx 4.2
+version of
+.Nm rcp  .
diff --git a/crypto/kerberosIV/man/rlogin.1 b/crypto/kerberosIV/man/rlogin.1
new file mode 100644
index 0000000..3e1fd8d
--- /dev/null
+++ b/crypto/kerberosIV/man/rlogin.1
@@ -0,0 +1,190 @@
+.\"	$NetBSD: rlogin.1,v 1.3 1995/03/21 07:58:37 cgd Exp $
+.\"
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)rlogin.1	8.1 (Berkeley) 6/6/93
+.\"
+.Dd June 6, 1993
+.Dt RLOGIN 1
+.Os BSD 4.2
+.Sh NAME
+.Nm rlogin
+.Nd remote login
+.Sh SYNOPSIS
+.Ar rlogin
+.Op Fl 8EKLdx
+.Op Fl e Ar char
+.Op Fl k Ar realm
+.Op Fl l Ar username
+.Op Fl p Ar portnumber
+.Ar host
+.Sh DESCRIPTION
+.Nm Rlogin
+starts a terminal session on a remote host
+.Ar host  .
+.Pp
+.Nm Rlogin
+first attempts to use the Kerberos authorization mechanism, described below.
+If the remote host does not supporting Kerberos the standard Berkeley
+.Pa rhosts
+authorization mechanism is used.
+The options are as follows:
+.Bl -tag -width flag
+.It Fl 8
+The
+.Fl 8
+option allows an eight-bit input data path at all times; otherwise
+parity bits are stripped except when the remote side's stop and start
+characters are other than
+^S/^Q .
+.It Fl E
+The
+.Fl E
+option stops any character from being recognized as an escape character.
+When used with the
+.Fl 8
+option, this provides a completely transparent connection.
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl L
+The
+.Fl L
+option allows the rlogin session to be run in ``litout'' (see
+.Xr tty 4 )
+mode.
+.It Fl d
+The
+.Fl d
+option turns on socket debugging (see
+.Xr setsockopt 2 )
+on the TCP sockets used for communication with the remote host.
+.It Fl e
+The
+.Fl e
+option allows user specification of the escape character, which is
+``~'' by default.
+This specification may be as a literal character, or as an octal
+value in the form \ennn.
+.It Fl k
+The
+.FL k
+option requests rlogin to obtain tickets for the remote host
+in realm
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data passed via the
+rlogin session.
+This may impact response time and
+.Tn CPU
+utilization, but provides
+increased security.
+.It Fl D
+Use the TCP nodelay option (see setsockopt(2)).
+.It Fl p portnumber
+Specifies the port number to connect to on the remote host.
+.El
+.Pp
+A line of the form ``<escape char>.'' disconnects from the remote host.
+Similarly, the line ``<escape char>^Z'' will suspend the
+.Nm rlogin
+session, and ``<escape char><delayed-suspend char>'' suspends the
+send portion of the rlogin, but allows output from the remote system.
+By default, the tilde (``~'') character is the escape character, and
+normally control-Y (``^Y'') is the delayed-suspend character.
+.Pp
+All echoing takes place at the remote site, so that (except for delays)
+the
+.Nm rlogin
+is transparent.
+Flow control via ^S/^Q and flushing of input and output on interrupts
+are handled properly.
+.Sh KERBEROS AUTHENTICATION
+Each user may have a private authorization list in the file
+.Pa .klogin
+in their home directory.
+Each line in this file should contain a Kerberos principal name of the
+form
+.Ar principal.instance@realm  .
+If the originating user is authenticated to one of the principals named
+in
+.Pa .klogin ,
+access is granted to the account.
+The principal
+.Ar accountname.@localrealm
+is granted access if
+there is no
+.Pa .klogin
+file.
+Otherwise a login and password will be prompted for on the remote machine
+as in
+.Xr login  1  .
+To avoid certain security problems, the
+.Pa .klogin
+file must be owned by
+the remote user.
+.Pp
+If Kerberos authentication fails, a warning message is printed and the
+standard Berkeley
+.Nm rlogin
+is used instead.
+.Sh ENVIRONMENT
+The following environment variable is utilized by
+.Nm rlogin :
+.Bl -tag -width TERM
+.It Ev TERM
+Determines the user's terminal type.
+.El
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr kerberos 3 ,
+.Xr krb_sendauth 3 ,
+.Xr krb_realmofhost 3
+.Sh HISTORY
+The
+.Nm rlogin
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+.Nm Rlogin
+will be replaced by
+.Xr telnet  1
+in the near future.
+.Pp
+More of the environment should be propagated.
diff --git a/crypto/kerberosIV/man/rlogind.8 b/crypto/kerberosIV/man/rlogind.8
new file mode 100644
index 0000000..bc99529
--- /dev/null
+++ b/crypto/kerberosIV/man/rlogind.8
@@ -0,0 +1,178 @@
+.\" Copyright (c) 1983, 1989, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)rlogind.8	8.1 (Berkeley) 6/4/93
+.\"
+.Dd August 25, 1996
+.Dt RLOGIND 8
+.Os BSD 4.2
+.Sh NAME
+.Nm rlogind
+.Nd remote login server
+.Sh SYNOPSIS
+.Nm rlogind
+.Op Fl ailnkvxD
+.Op Fl p Ar portnumber
+.Op Fl L Ar /bin/login
+.Sh DESCRIPTION
+.Nm Rlogind
+is the server for the 
+.Xr rlogin 1
+program.  The server provides a remote login facility with
+kerberos-based authentication or traditional pseudo-authentication with
+privileged port numbers from trusted hosts.
+.Pp
+Options supported by
+.Nm rlogind :
+.Bl -tag -width Ds
+.It Fl a
+No-op.  For backwards compatibility.  Hostnames are always verified.
+.It Fl l
+Prevent any authentication based on the user's
+.Dq Pa .rhosts
+file, unless the user is logging in as the superuser.
+.It Fl n
+Disable keep-alive messages.
+.It Fl k
+Enable kerberos authentication.
+.It Fl i
+Do not expect to be spawned by inetd and create a socket and listen on
+it yourself.
+.It Fl p portnumber
+Specifies the port number it should listen on in case the
+.It Fl i
+flag has been given.
+.It Fl v
+Vacuous, echo "Remote host requires Kerberos authentication" and exit.
+.It Fl x
+Provides an encrypted communications channel.  This options requires the
+.Fl k
+flag.
+.It Fl L pathname
+Specify pathname to an alternative login program.
+.It Fl D
+Use the TCP nodelay option (see setsockopt(2)).
+.El
+.Pp
+When a service request is received,
+.Nm rlogind
+verifies the kerberos ticket supplied by the user.
+.Pp
+For non-kerberised connections, the following protocol is initiated:
+.Bl -enum
+.It
+The server checks the client's source port.
+If the port is not in the range 512-1023, the server
+aborts the connection.
+.It
+The server checks the client's source address
+and requests the corresponding host name (see
+.Xr gethostbyaddr 3 ,
+.Xr hosts 5
+and
+.Xr named 8 ) .
+If the hostname cannot be determined,
+the dot-notation representation of the host address is used.
+The addresses for the hostname are requested,
+verifying that the name and address correspond.
+Normal authentication is bypassed if the address verification fails.
+.El
+.Pp
+Once the source port and address have been checked, 
+.Nm rlogind
+proceeds with the authentication process described in
+.Xr rshd 8 .
+.Pp
+It then allocates a pseudo terminal (see 
+.Xr pty 4 ) ,
+and manipulates file descriptors so that the slave
+half of the pseudo terminal becomes the 
+.Em stdin ,
+.Em stdout ,
+and
+.Em stderr
+for a login process.
+The login process is an instance of the
+.Xr login 1
+program, invoked with the
+.Fl f
+option if authentication has succeeded.
+If automatic authentication fails, the user is
+prompted to log in as if on a standard terminal line.
+.Pp
+The parent of the login process manipulates the master side of
+the pseudo terminal, operating as an intermediary
+between the login process and the client instance of the
+.Xr rlogin
+program.  In normal operation, the packet protocol described
+in
+.Xr pty 4
+is invoked to provide
+.Ql ^S/^Q
+type facilities and propagate
+interrupt signals to the remote programs.  The login process
+propagates the client terminal's baud rate and terminal type,
+as found in the environment variable,
+.Ql Ev TERM ;
+see
+.Xr environ 7 .
+The screen or window size of the terminal is requested from the client,
+and window size changes from the client are propagated to the pseudo terminal.
+.Pp
+Transport-level keepalive messages are enabled unless the
+.Fl n
+option is present.
+The use of keepalive messages allows sessions to be timed out
+if the client crashes or becomes unreachable.
+.Sh DIAGNOSTICS
+All initial diagnostic messages are indicated
+by a leading byte with a value of 1,
+after which any network connections are closed.
+If there are no errors before
+.Xr login
+is invoked, a null byte is returned as in indication of success.
+.Bl -tag -width Ds
+.It Sy Try again.
+A
+.Xr fork
+by the server failed.
+.El
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr ruserok 3 ,
+.Xr rshd 8
+.Sh BUGS
+A more extensible protocol should be used.
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
diff --git a/crypto/kerberosIV/man/rsh.1 b/crypto/kerberosIV/man/rsh.1
new file mode 100644
index 0000000..5d79faf
--- /dev/null
+++ b/crypto/kerberosIV/man/rsh.1
@@ -0,0 +1,182 @@
+.\" Copyright (c) 1983, 1990 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	from: @(#)rsh.1	6.10 (Berkeley) 7/24/91
+.\"	$Id: rsh.1,v 1.1.1.1 1995/10/23 11:20:27 d91-jda Exp $
+.\"
+.Dd July 24, 1991
+.Dt RSH 1
+.Os BSD 4.2
+.Sh NAME
+.Nm rsh
+.Nd remote shell
+.Sh SYNOPSIS
+.Nm rsh
+.Op Fl Kdnx
+.Op Fl k Ar realm
+.Op Fl l Ar username
+.Ar host
+.Op command
+.Sh DESCRIPTION
+.Nm Rsh
+executes
+.Ar command
+on
+.Ar host  .
+.Pp
+.Nm Rsh
+copies its standard input to the remote command, the standard
+output of the remote command to its standard output, and the
+standard error of the remote command to its standard error.
+Interrupt, quit and terminate signals are propagated to the remote
+command;
+.Nm rsh
+normally terminates when the remote command does.
+The options are as follows:
+.Bl -tag -width flag
+.It Fl K
+The
+.Fl K
+option turns off all Kerberos authentication.
+.It Fl d
+The
+.Fl d
+option turns on socket debugging (using
+.Xr setsockopt  2  )
+on the
+.Tn TCP
+sockets used for communication with the remote host.
+.It Fl k
+The
+.Fl k
+option causes
+.Nm rsh
+to obtain tickets for the remote host in
+.Ar realm
+instead of the remote host's realm as determined by
+.Xr krb_realmofhost  3  .
+.It Fl l
+By default, the remote username is the same as the local username.
+The
+.Fl l
+option allows the remote name to be specified.
+Kerberos authentication is used, and authorization is determined
+as in
+.Xr rlogin  1  .
+.It Fl n
+The
+.Fl n
+option redirects input from the special device
+.Pa /dev/null
+(see the
+.Sx BUGS
+section of this manual page).
+.It Fl x
+The
+.Fl x
+option turns on
+.Tn DES
+encryption for all data exchange.
+This may introduce a significant delay in response time.
+.El
+.Pp
+If no
+.Ar command
+is specified, you will be logged in on the remote host using
+.Xr rlogin  1  .
+.Pp
+Shell metacharacters which are not quoted are interpreted on local machine,
+while quoted metacharacters are interpreted on the remote machine.
+For example, the command
+.Pp
+.Dl rsh otherhost cat remotefile >> localfile
+.Pp
+appends the remote file
+.Ar remotefile
+to the local file
+.Ar localfile ,
+while
+.Pp
+.Dl rsh otherhost cat remotefile \&">>\&" other_remotefile
+.Pp
+appends
+.Ar remotefile
+to
+.Ar other_remotefile .
+.\" .Pp
+.\" Many sites specify a large number of host names as commands in the
+.\" directory /usr/hosts.
+.\" If this directory is included in your search path, you can use the
+.\" shorthand ``host command'' for the longer form ``rsh host command''.
+.Sh FILES
+.Bl -tag -width /etc/hosts -compact
+.It Pa /etc/hosts
+.El
+.Sh SEE ALSO
+.Xr rlogin 1 ,
+.Xr kerberos 3 ,
+.Xr krb_sendauth 3 ,
+.Xr krb_realmofhost 3
+.Sh HISTORY
+The
+.Nm rsh
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+If you are using
+.Xr csh  1
+and put a
+.Nm rsh
+in the background without redirecting its input away from the terminal,
+it will block even if no reads are posted by the remote command.
+If no input is desired you should redirect the input of
+.Nm rsh
+to
+.Pa /dev/null
+using the
+.Fl n
+option.
+.Pp
+You cannot run an interactive command
+(like
+.Xr rogue  6
+or
+.Xr vi  1  )
+using
+.Nm rsh  ;
+use
+.Xr rlogin  1
+instead.
+.Pp
+Stop signals stop the local
+.Nm rsh
+process only; this is arguably wrong, but currently hard to fix for reasons
+too complicated to explain here.
diff --git a/crypto/kerberosIV/man/rshd.8 b/crypto/kerberosIV/man/rshd.8
new file mode 100644
index 0000000..8bd661f
--- /dev/null
+++ b/crypto/kerberosIV/man/rshd.8
@@ -0,0 +1,221 @@
+.\" Copyright (c) 1983, 1989, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)rshd.8	8.1 (Berkeley) 6/4/93
+.\"
+.Dd August 25, 1996
+.Dt RSHD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm rshd
+.Nd remote shell server
+.Sh SYNOPSIS
+.Nm rshd
+.Op Fl ailnkvxLP
+.Op Fl p Ar portnumber
+.Sh DESCRIPTION
+The
+.Nm rshd
+server
+is the server for the 
+.Xr rcmd 3
+routine and, consequently, for the
+.Xr rsh 1
+program.  The server provides remote execution facilities with
+kerberos-based authentication or traditional pseudo-authentication
+with privileged port numbers from trusted hosts.
+.Pp
+The
+.Nm rshd
+server
+listens for service requests at the port indicated in
+the ``cmd'' service specification; see
+.Xr services 5 .
+When a service request is received
+.Nm rshd
+verifies the kerberos ticket supplied by the user.
+.Pp
+For non-kerberised connections, the following protocol is initiated:
+.Bl -enum
+.It
+The server checks the client's source port.
+If the port is not in the range 512-1023, the server
+aborts the connection.
+.It
+The server reads characters from the socket up
+to a null (`\e0') byte.  The resultant string is
+interpreted as an
+.Tn ASCII
+number, base 10.
+.It
+If the number received in step 2 is non-zero,
+it is interpreted as the port number of a secondary
+stream to be used for the 
+.Em stderr .
+A second connection is then created to the specified
+port on the client's machine.  The source port of this
+second connection is also in the range 512-1023.
+.It
+The server checks the client's source address
+and requests the corresponding host name (see
+.Xr gethostbyaddr 3 ,
+.Xr hosts 5
+and
+.Xr named 8 ) .
+If the hostname cannot be determined,
+the dot-notation representation of the host address is used.
+The addresses for the hostname are requested,
+verifying that the name and address correspond.
+If address verification fails, the connection is aborted
+with the message, ``Host address mismatch.''
+.It
+A null terminated user name of at most 16 characters
+is retrieved on the initial socket.  This user name
+is interpreted as the user identity on the
+.Em client Ns 's
+machine.
+.It
+A null terminated user name of at most 16 characters
+is retrieved on the initial socket.  This user name
+is interpreted as a user identity to use on the
+.Sy server Ns 's
+machine.
+.It
+A null terminated command to be passed to a
+shell is retrieved on the initial socket.  The length of
+the command is limited by the upper bound on the size of
+the system's argument list.  
+.It
+.Nm Rshd
+then validates the user using
+.Xr ruserok 3 ,
+which uses the file
+.Pa /etc/hosts.equiv
+and the
+.Pa .rhosts
+file found in the user's home directory.  The
+.Fl l
+option prevents
+.Xr ruserok 3
+from doing any validation based on the user's ``.rhosts'' file,
+unless the user is the superuser.
+.It
+If the file 
+.Pa /etc/nologin
+exists and the user is not the superuser,
+the connection is closed.
+.It
+A null byte is returned on the initial socket
+and the command line is passed to the normal login
+shell of the user.  The
+shell inherits the network connections established
+by
+.Nm rshd .
+.El
+.Pp
+Transport-level keepalive messages are enabled unless the
+.Fl n
+option is present.
+The use of keepalive messages allows sessions to be timed out
+if the client crashes or becomes unreachable.
+.Pp
+The
+.Fl L
+option causes all successful accesses to be logged to
+.Xr syslogd 8
+as
+.Li auth.info
+messages.
+.Bl -tag -width Ds
+.It Fl k
+Enable kerberos authentication.
+.It Fl i
+Do not expect to be spawned by inetd and create a socket and listen on
+it yourself.
+.It Fl p portnumber
+Specifies the port number it should listen on in case the
+.It Fl i
+flag has been given.
+.It Fl v
+Vacuous, echo "Remote host requires Kerberos authentication" and exit.
+.It Fl x
+Provides an encrypted communications channel. This option requires the
+.Fl k
+flag.
+.It Fl P
+AFS only! Doesn't put the remote proccess in a new PAG.
+.El
+.Sh DIAGNOSTICS
+Except for the last one listed below,
+all diagnostic messages
+are returned on the initial socket,
+after which any network connections are closed.
+An error is indicated by a leading byte with a value of
+1 (0 is returned in step 10 above upon successful completion
+of all the steps prior to the execution of the login shell).
+.Bl -tag -width indent
+.It Sy Locuser too long.
+The name of the user on the client's machine is
+longer than 16 characters.
+.It Sy Ruser too long.
+The name of the user on the remote machine is
+longer than 16 characters.
+.It Sy Command too long  .
+The command line passed exceeds the size of the argument
+list (as configured into the system).
+.It Sy Login incorrect.
+No password file entry for the user name existed.
+.It Sy Remote directory.
+The 
+.Xr chdir
+command to the home directory failed.
+.It Sy Permission denied.
+The authentication procedure described above failed.
+.It Sy Can't make pipe.
+The pipe needed for the 
+.Em stderr ,
+wasn't created.
+.It Sy Can't fork; try again. 
+A
+.Xr fork
+by the server failed.
+.It Sy <shellname>: ...
+The user's login shell could not be started.  This message is returned
+on the connection associated with the
+.Em stderr ,
+and is not preceded by a flag byte.
+.El
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr rcmd 3 ,
+.Xr ruserok 3
+.Sh BUGS
+A more extensible protocol (such as Telnet) should be used.
diff --git a/crypto/kerberosIV/man/su.1 b/crypto/kerberosIV/man/su.1
new file mode 100644
index 0000000..78d5c8d
--- /dev/null
+++ b/crypto/kerberosIV/man/su.1
@@ -0,0 +1,189 @@
+.\" Copyright (c) 1988, 1990 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	from: @(#)su.1	6.12 (Berkeley) 7/29/91
+.\"	$Id: su.1,v 1.3 1996/02/11 23:56:09 d91-jda Exp $
+.\"
+.Dd July 29, 1991
+.Dt SU 1
+.Os
+.Sh NAME
+.Nm su
+.Nd substitute user identity
+.Sh SYNOPSIS
+.Nm su
+.Op Fl Kflmi
+.Op Ar login Op Ar "shell arguments"
+.Sh DESCRIPTION
+.Nm Su
+requests the Kerberos password for
+.Ar login
+(or for
+.Dq Ar login Ns .root ,
+if no login is provided), and switches to
+that user and group ID after obtaining a Kerberos ticket granting ticket.
+A shell is then executed, and any additional
+.Ar "shell arguments"
+after the login name
+are passed to the shell.
+.Nm Su
+will resort to the local password file to find the password for
+.Ar login
+if there is a Kerberos error.
+If
+.Nm su
+is executed by root, no password is requested and a shell
+with the appropriate user ID is executed; no additional Kerberos tickets
+are obtained.
+.Pp
+Alternately, if the user enters the password "s/key", they will be
+authenticated using the S/Key one-time password system as described in
+.Xr skey 1 .
+S/Key is a Trademark of Bellcore.
+.Pp
+By default, the environment is unmodified with the exception of
+.Ev USER ,
+.Ev HOME ,
+and
+.Ev SHELL .
+.Ev HOME
+and
+.Ev SHELL
+are set to the target login's default values.
+.Ev USER
+is set to the target login, unless the target login has a user ID of 0,
+in which case it is unmodified.
+The invoked shell is the target login's.
+This is the traditional behavior of
+.Nm su .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl K
+Do not attempt to use Kerberos to authenticate the user.
+.It Fl f
+If the invoked shell is
+.Xr csh 1 ,
+this option prevents it from reading the
+.Dq Pa .cshrc
+file.
+.It Fl l
+Simulate a full login.
+The environment is discarded except for
+.Ev HOME ,
+.Ev SHELL ,
+.Ev PATH ,
+.Ev TERM ,
+and
+.Ev USER .
+.Ev HOME
+and
+.Ev SHELL
+are modified as above.
+.Ev USER
+is set to the target login.
+.Ev PATH
+is set to
+.Dq Pa /bin:/usr/bin .
+.Ev TERM
+is imported from your current environment.
+The invoked shell is the target login's, and
+.Nm su
+will change directory to the target login's home directory.
+.It Fl m
+Leave the environment unmodified.
+The invoked shell is your login shell, and no directory changes are made.
+As a security precaution, if the target user's shell is a non-standard
+shell (as defined by
+.Xr getusershell 3 )
+and the caller's real uid is
+non-zero,
+.Nm su
+will fail.
+.It Fl i
+If the kerberos root instance is not root any other value can be passed
+using this switch.
+.El
+.Pp
+The
+.Fl l
+and
+.Fl m
+options are mutually exclusive; the last one specified
+overrides any previous ones.
+.Pp
+Only users mentioned in
+.Dq Pa ~root/.klogin
+(or in group 0 when not doing kerberos) can
+.Nm su
+to
+.Dq root .
+.Pp
+By default (unless the prompt is reset by a startup file) the super-user
+prompt is set to
+.Dq Sy \&#
+to remind one of its awesome power.
+.Sh SEE ALSO
+.Xr csh 1 ,
+.Xr login 1 ,
+.Xr sh 1 ,
+.Xr skey 1 ,
+.Xr kinit 1 ,
+.Xr kerberos 1 ,
+.Xr passwd 5 ,
+.Xr group 5 ,
+.Xr environ 7
+.Sh ENVIRONMENT
+Environment variables used by
+.Nm su :
+.Bl -tag -width HOME
+.It Ev HOME
+Default home directory of real user ID unless modified as
+specified above.
+.It Ev PATH
+Default search path of real user ID unless modified as specified above.
+.It Ev TERM
+Provides terminal type which may be retained for the substituted
+user ID.
+.It Ev USER
+The user ID is always the effective ID (the target user ID) after an
+.Nm su
+unless the user ID is 0 (root).
+.El
+.Sh HISTORY
+A
+.Nm
+command appeared in
+.At v7 .
+The version described
+here is an adaptation of the
+.Tn MIT
+Athena Kerberos command.
diff --git a/crypto/kerberosIV/man/telnet.1 b/crypto/kerberosIV/man/telnet.1
new file mode 100644
index 0000000..2b3198e
--- /dev/null
+++ b/crypto/kerberosIV/man/telnet.1
@@ -0,0 +1,1369 @@
+.\" Copyright (c) 1983, 1990, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNET 1
+.Os BSD 4.2
+.Sh NAME
+.Nm telnet
+.Nd user interface to the 
+.Tn TELNET
+protocol
+.Sh SYNOPSIS
+.Nm telnet
+.Op Fl 78EFKLacdfrx
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl e Ar escapechar
+.Op Fl k Ar realm
+.Op Fl l Ar user
+.Op Fl n Ar tracefile
+.Oo
+.Ar host
+.Op port
+.Oc
+.Sh DESCRIPTION
+The
+.Nm telnet
+command
+is used to communicate with another host using the 
+.Tn TELNET
+protocol.
+If
+.Nm telnet
+is invoked without the
+.Ar host
+argument, it enters command mode,
+indicated by its prompt
+.Pq Nm telnet\&> .
+In this mode, it accepts and executes the commands listed below.
+If it is invoked with arguments, it performs an
+.Ic open
+command with those arguments.
+.Pp
+Options:
+.Bl -tag -width indent
+.It Fl 8
+Specifies an 8-bit data path.  This causes an attempt to
+negotiate the
+.Dv TELNET BINARY
+option on both input and output.
+.It Fl 7
+Do not try to negotiate
+.Dv TELNET BINARY
+option.
+.It Fl E
+Stops any character from being recognized as an escape character.
+.It Fl F
+If Kerberos V5 authentication is being used, the
+.Fl F
+option allows the local credentials to be forwarded
+to the remote system, including any credentials that
+have already been forwarded into the local environment.
+.It Fl K
+Specifies no automatic login to the remote system.
+.It Fl L
+Specifies an 8-bit data path on output.  This causes the
+BINARY option to be negotiated on output.
+.It Fl S Ar tos
+Sets the IP type-of-service (TOS) option for the telnet
+connection to the value
+.Ar tos,
+which can be a numeric TOS value
+or, on systems that support it, a symbolic
+TOS name found in the /etc/iptos file.
+.It Fl X Ar atype 
+Disables the
+.Ar atype
+type of authentication.
+.It Fl a
+Attempt automatic login.
+Currently, this sends the user name via the
+.Ev USER
+variable
+of the
+.Ev ENVIRON
+option if supported by the remote system.
+The name used is that of the current user as returned by
+.Xr getlogin 2
+if it agrees with the current user ID,
+otherwise it is the name associated with the user ID.
+.It Fl c
+Disables the reading of the user's
+.Pa \&.telnetrc
+file.  (See the
+.Ic toggle skiprc
+command on this man page.)
+.It Fl d
+Sets the initial value of the
+.Ic debug
+toggle to
+.Dv TRUE
+.It Fl e Ar escape char 
+Sets the initial
+.Nm
+.Nm telnet
+escape character to
+.Ar escape char.
+If
+.Ar escape char
+is omitted, then
+there will be no escape character.
+.It Fl f
+If Kerberos V5 authentication is being used, the
+.Fl f
+option allows the local credentials to be forwarded to the remote system.
+.ne 1i
+.It Fl k Ar realm
+If Kerberos authentication is being used, the
+.Fl k
+option requests that telnet obtain tickets for the remote host in
+realm realm instead of the remote host's realm, as determined
+by
+.Xr krb_realmofhost 3 .
+.It Fl l Ar user 
+When connecting to the remote system, if the remote system
+understands the
+.Ev ENVIRON
+option, then
+.Ar user
+will be sent to the remote system as the value for the variable USER.
+This option implies the
+.Fl a
+option.
+This option may also be used with the
+.Ic open
+command.
+.It Fl n Ar tracefile 
+Opens
+.Ar tracefile
+for recording trace information.
+See the
+.Ic set tracefile
+command below.
+.It Fl r
+Specifies a user interface similar to
+.Xr rlogin 1 .
+In this
+mode, the escape character is set to the tilde (~) character,
+unless modified by the -e option.
+.It Fl x
+Turns on encryption of the data stream if possible. This is 
+currently the default and when it fails a warning is issued.
+.It Ar host
+Indicates the official name, an alias, or the Internet address
+of a remote host.
+.It Ar port
+Indicates a port number (address of an application).  If a number is
+not specified, the default
+.Nm telnet
+port is used.
+.El
+.Pp
+When in rlogin mode, a line of the form ~.  disconnects from the
+remote host; ~ is the telnet escape character.
+Similarly, the line ~^Z suspends the telnet session.
+The line ~^] escapes to the normal telnet escape prompt.
+.Pp
+Once a connection has been opened,
+.Nm telnet
+will attempt to enable the
+.Dv TELNET LINEMODE
+option.
+If this fails, then
+.Nm telnet
+will revert to one of two input modes:
+either \*(Lqcharacter at a time\*(Rq
+or \*(Lqold line by line\*(Rq
+depending on what the remote system supports.
+.Pp
+When 
+.Dv LINEMODE
+is enabled, character processing is done on the
+local system, under the control of the remote system.  When input
+editing or character echoing is to be disabled, the remote system
+will relay that information.  The remote system will also relay
+changes to any special characters that happen on the remote
+system, so that they can take effect on the local system.
+.Pp
+In \*(Lqcharacter at a time\*(Rq mode, most
+text typed is immediately sent to the remote host for processing.
+.Pp
+In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
+and (normally) only completed lines are sent to the remote host.
+The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
+to turn off and on the local echo
+(this would mostly be used to enter passwords
+without the password being echoed).
+.Pp
+If the 
+.Dv LINEMODE
+option is enabled, or if the
+.Ic localchars
+toggle is
+.Dv TRUE
+(the default for \*(Lqold line by line\*(Lq; see below),
+the user's
+.Ic quit  ,
+.Ic intr ,
+and
+.Ic flush
+characters are trapped locally, and sent as
+.Tn TELNET
+protocol sequences to the remote side.
+If 
+.Dv LINEMODE
+has ever been enabled, then the user's
+.Ic susp
+and
+.Ic eof
+are also sent as
+.Tn TELNET
+protocol sequences,
+and
+.Ic quit
+is sent as a 
+.Dv TELNET ABORT
+instead of 
+.Dv BREAK
+There are options (see
+.Ic toggle
+.Ic autoflush
+and
+.Ic toggle
+.Ic autosynch
+below)
+which cause this action to flush subsequent output to the terminal
+(until the remote host acknowledges the
+.Tn TELNET
+sequence) and flush previous terminal input
+(in the case of
+.Ic quit
+and
+.Ic intr  ) .
+.Pp
+While connected to a remote host,
+.Nm telnet
+command mode may be entered by typing the
+.Nm telnet
+\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
+When in command mode, the normal terminal editing conventions are available.
+.Pp
+The following
+.Nm telnet
+commands are available.
+Only enough of each command to uniquely identify it need be typed
+(this is also true for arguments to the
+.Ic mode  ,
+.Ic set ,
+.Ic toggle  ,
+.Ic unset ,
+.Ic slc  ,
+.Ic environ ,
+and
+.Ic display
+commands).
+.Pp
+.Bl -tag -width "mode type"
+.It Ic auth Ar argument ... 
+The auth command manipulates the information sent through the
+.Dv TELNET AUTHENTICATE
+option.  Valid arguments for the
+auth command are as follows:
+.Bl -tag -width "disable type"
+.It Ic disable Ar type
+Disables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth disable \&?
+command.
+.It Ic enable Ar type
+Enables the specified type of authentication.  To
+obtain a list of available types, use the
+.Ic auth enable \&?
+command.
+.It Ic status
+Lists the current status of the various types of
+authentication.
+.El
+.It Ic close
+Close a
+.Tn TELNET
+session and return to command mode.
+.It Ic display Ar argument ... 
+Displays all, or some, of the
+.Ic set
+and
+.Ic toggle
+values (see below).
+.It Ic encrypt Ar argument ...
+The encrypt command manipulates the information sent through the
+.Dv TELNET ENCRYPT
+option.
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside of the United States and Canada.
+.Pp
+Valid arguments for the encrypt command are as follows:
+.Bl -tag -width Ar
+.It Ic disable Ar type Ic [input|output]
+Disables the specified type of encryption.  If you
+omit the input and output, both input and output
+are disabled.  To obtain a list of available
+types, use the
+.Ic encrypt disable \&?
+command.
+.It Ic enable Ar type Ic [input|output]
+Enables the specified type of encryption.  If you
+omit input and output, both input and output are
+enabled.  To obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic input
+This is the same as the
+.Ic encrypt start input
+command.
+.It Ic -input
+This is the same as the
+.Ic encrypt stop input
+command.
+.It Ic output
+This is the same as the
+.Ic encrypt start output
+command.
+.It Ic -output
+This is the same as the
+.Ic encrypt stop output
+command.
+.It Ic start Ic [input|output]
+Attempts to start encryption.  If you omit
+.Ic input
+and
+.Ic output,
+both input and output are enabled.  To
+obtain a list of available types, use the
+.Ic encrypt enable \&?
+command.
+.It Ic status
+Lists the current status of encryption.
+.It Ic stop Ic [input|output]
+Stops encryption.  If you omit input and output,
+encryption is on both input and output.
+.It Ic type Ar type
+Sets the default type of encryption to be used
+with later
+.Ic encrypt start
+or
+.Ic encrypt stop
+commands.
+.El
+.It Ic environ Ar arguments... 
+The
+.Ic environ
+command is used to manipulate the
+the variables that my be sent through the
+.Dv TELNET ENVIRON
+option.
+The initial set of variables is taken from the users
+environment, with only the
+.Ev DISPLAY
+and
+.Ev PRINTER
+variables being exported by default.
+The
+.Ev USER
+variable is also exported if the
+.Fl a
+or
+.Fl l
+options are used.
+.br
+Valid arguments for the
+.Ic environ
+command are:
+.Bl -tag -width Fl
+.It Ic define Ar variable value 
+Define the variable
+.Ar variable
+to have a value of
+.Ar value.
+Any variables defined by this command are automatically exported.
+The
+.Ar value
+may be enclosed in single or double quotes so
+that tabs and spaces may be included.
+.It Ic undefine Ar variable 
+Remove
+.Ar variable
+from the list of environment variables.
+.It Ic export Ar variable 
+Mark the variable
+.Ar variable
+to be exported to the remote side.
+.It Ic unexport Ar variable 
+Mark the variable
+.Ar variable
+to not be exported unless
+explicitly asked for by the remote side.
+.It Ic list
+List the current set of environment variables.
+Those marked with a
+.Cm *
+will be sent automatically,
+other variables will only be sent if explicitly requested.
+.It Ic \&?
+Prints out help information for the
+.Ic environ
+command.
+.El
+.It Ic logout
+Sends the
+.Dv TELNET LOGOUT
+option to the remote side.
+This command is similar to a
+.Ic close
+command; however, if the remote side does not support the
+.Dv LOGOUT
+option, nothing happens.
+If, however, the remote side does support the
+.Dv LOGOUT
+option, this command should cause the remote side to close the
+.Tn TELNET
+connection.
+If the remote side also supports the concept of
+suspending a user's session for later reattachment,
+the logout argument indicates that you
+should terminate the session immediately.
+.It Ic mode Ar type 
+.Ar Type
+is one of several options, depending on the state of the
+.Tn TELNET
+session.
+The remote host is asked for permission to go into the requested mode.
+If the remote host is capable of entering that mode, the requested
+mode will be entered.
+.Bl -tag -width Ar
+.It Ic character
+Disable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then enter \*(Lqcharacter at a time\*(Lq mode.
+.It Ic line
+Enable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
+.It Ic isig Pq Ic \-isig 
+Attempt to enable (disable) the 
+.Dv TRAPSIG
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic edit Pq Ic \-edit 
+Attempt to enable (disable) the 
+.Dv EDIT
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic softtabs Pq Ic \-softtabs 
+Attempt to enable (disable) the 
+.Dv SOFT_TAB
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.ne 1i
+.It Ic litecho Pq Ic \-litecho 
+Attempt to enable (disable) the 
+.Dv LIT_ECHO
+mode of the 
+.Dv LINEMODE
+option.
+This requires that the 
+.Dv LINEMODE
+option be enabled.
+.It Ic \&?
+Prints out help information for the
+.Ic mode
+command.
+.El
+.It Xo
+.Ic open Ar host
+.Oo Op Fl l
+.Ar user
+.Oc Ns Oo Fl
+.Ar port Oc
+.Xc
+Open a connection to the named host.
+If no port number
+is specified,
+.Nm telnet
+will attempt to contact a
+.Tn TELNET
+server at the default port.
+The host specification may be either a host name (see
+.Xr hosts  5  )
+or an Internet address specified in the \*(Lqdot notation\*(Rq (see
+.Xr inet 3 ) .
+The
+.Op Fl l
+option may be used to specify the user name
+to be passed to the remote system via the
+.Ev ENVIRON
+option.
+When connecting to a non-standard port,
+.Nm telnet
+omits any automatic initiation of
+.Tn TELNET
+options.  When the port number is preceded by a minus sign,
+the initial option negotiation is done.
+After establishing a connection, the file
+.Pa \&.telnetrc
+in the
+users home directory is opened.  Lines beginning with a # are
+comment lines.  Blank lines are ignored.  Lines that begin
+without white space are the start of a machine entry.  The
+first thing on the line is the name of the machine that is
+being connected to.  The rest of the line, and successive
+lines that begin with white space are assumed to be
+.Nm telnet
+commands and are processed as if they had been typed
+in manually to the
+.Nm telnet
+command prompt.
+.It Ic quit
+Close any open
+.Tn TELNET
+session and exit
+.Nm telnet  .
+An end of file (in command mode) will also close a session and exit.
+.It Ic send Ar arguments 
+Sends one or more special character sequences to the remote host.
+The following are the arguments which may be specified
+(more than one argument may be specified at a time):
+.Pp
+.Bl -tag -width escape
+.It Ic abort
+Sends the
+.Dv TELNET ABORT
+(Abort
+processes)
+sequence.
+.It Ic ao
+Sends the
+.Dv TELNET AO
+(Abort Output) sequence, which should cause the remote system to flush
+all output
+.Em from
+the remote system
+.Em to
+the user's terminal.
+.It Ic ayt
+Sends the
+.Dv TELNET AYT
+(Are You There)
+sequence, to which the remote system may or may not choose to respond.
+.It Ic brk
+Sends the
+.Dv TELNET BRK
+(Break) sequence, which may have significance to the remote
+system.
+.It Ic ec
+Sends the
+.Dv TELNET EC
+(Erase Character)
+sequence, which should cause the remote system to erase the last character
+entered.
+.It Ic el
+Sends the
+.Dv TELNET EL
+(Erase Line)
+sequence, which should cause the remote system to erase the line currently
+being entered.
+.It Ic eof
+Sends the
+.Dv TELNET EOF
+(End Of File)
+sequence.
+.It Ic eor
+Sends the
+.Dv TELNET EOR
+(End of Record)
+sequence.
+.It Ic escape
+Sends the current
+.Nm telnet
+escape character (initially \*(Lq^\*(Rq).
+.It Ic ga
+Sends the
+.Dv TELNET GA
+(Go Ahead)
+sequence, which likely has no significance to the remote system.
+.It Ic getstatus
+If the remote side supports the
+.Dv TELNET STATUS
+command,
+.Ic getstatus
+will send the subnegotiation to request that the server send
+its current option status.
+.ne 1i
+.It Ic ip
+Sends the
+.Dv TELNET IP
+(Interrupt Process) sequence, which should cause the remote
+system to abort the currently running process.
+.It Ic nop
+Sends the
+.Dv TELNET NOP
+(No OPeration)
+sequence.
+.It Ic susp
+Sends the
+.Dv TELNET SUSP
+(SUSPend process)
+sequence.
+.It Ic synch
+Sends the
+.Dv TELNET SYNCH
+sequence.
+This sequence causes the remote system to discard all previously typed
+(but not yet read) input.
+This sequence is sent as
+.Tn TCP
+urgent
+data (and may not work if the remote system is a
+.Bx 4.2
+system -- if
+it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
+.It Ic do Ar cmd
+.It Ic dont Ar cmd
+.It Ic will Ar cmd
+.It Ic wont Ar cmd
+Sends the
+.Dv TELNET DO
+.Ar cmd
+sequence.
+.Ar Cmd
+can be either a decimal number between 0 and 255,
+or a symbolic name for a specific
+.Dv TELNET
+command.
+.Ar Cmd
+can also be either
+.Ic help
+or
+.Ic \&?
+to print out help information, including
+a list of known symbolic names.
+.It Ic \&?
+Prints out help information for the
+.Ic send
+command.
+.El
+.It Ic set Ar argument value 
+.It Ic unset Ar argument value 
+The
+.Ic set
+command will set any one of a number of
+.Nm telnet
+variables to a specific value or to
+.Dv TRUE .
+The special value
+.Ic off
+turns off the function associated with
+the variable, this is equivalent to using the
+.Ic unset
+command.
+The
+.Ic unset
+command will disable or set to
+.Dv FALSE
+any of the specified functions.
+The values of variables may be interrogated with the
+.Ic display
+command.
+The variables which may be set or unset, but not toggled, are
+listed here.  In addition, any of the variables for the
+.Ic toggle
+command may be explicitly set or unset using
+the
+.Ic set
+and
+.Ic unset
+commands.
+.Bl -tag -width escape
+.It Ic ayt
+If
+.Tn TELNET
+is in localchars mode, or
+.Dv LINEMODE
+is enabled, and the status character is typed, a
+.Dv TELNET AYT
+sequence (see
+.Ic send ayt
+preceding) is sent to the
+remote host.  The initial value for the "Are You There"
+character is the terminal's status character.
+.It Ic echo
+This is the value (initially \*(Lq^E\*(Rq) which, when in
+\*(Lqline by line\*(Rq mode, toggles between doing local echoing
+of entered characters (for normal processing), and suppressing
+echoing of entered characters (for entering, say, a password).
+.It Ic eof
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Rq mode, entering this character
+as the first character on a line will cause this character to be
+sent to the remote system.
+The initial value of the eof character is taken to be the terminal's
+.Ic eof
+character.
+.It Ic erase
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Sy and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EC
+sequence (see
+.Ic send
+.Ic ec
+above)
+is sent to the remote system.
+The initial value for the erase character is taken to be
+the terminal's
+.Ic erase
+character.
+.It Ic escape
+This is the
+.Nm telnet
+escape character (initially \*(Lq^[\*(Rq) which causes entry
+into
+.Nm telnet
+command mode (when connected to a remote system).
+.It Ic flushoutput
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic flushoutput
+character is typed, a
+.Dv TELNET AO
+sequence (see
+.Ic send
+.Ic ao
+above)
+is sent to the remote host.
+The initial value for the flush character is taken to be
+the terminal's
+.Ic flush
+character.
+.It Ic forw1
+.It Ic forw2
+If
+.Tn TELNET
+is operating in
+.Dv LINEMODE ,
+these are the
+characters that, when typed, cause partial lines to be
+forwarded to the remote system.  The initial value for
+the forwarding characters are taken from the terminal's
+eol and eol2 characters.
+.It Ic interrupt
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic interrupt
+character is typed, a
+.Dv TELNET IP
+sequence (see
+.Ic send
+.Ic ip
+above)
+is sent to the remote host.
+The initial value for the interrupt character is taken to be
+the terminal's
+.Ic intr
+character.
+.It Ic kill
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Ic and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EL
+sequence (see
+.Ic send
+.Ic el
+above)
+is sent to the remote system.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic kill
+character.
+.It Ic lnext
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic lnext
+character.
+The initial value for the lnext character is taken to be
+the terminal's
+.Ic lnext
+character.
+.It Ic quit
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic quit
+character is typed, a
+.Dv TELNET BRK
+sequence (see
+.Ic send
+.Ic brk
+above)
+is sent to the remote host.
+The initial value for the quit character is taken to be
+the terminal's
+.Ic quit
+character.
+.It Ic reprint
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic reprint
+character.
+The initial value for the reprint character is taken to be
+the terminal's
+.Ic reprint
+character.
+.It Ic rlogin
+This is the rlogin escape character.
+If set, the normal
+.Tn TELNET
+escape character is ignored unless it is
+preceded by this character at the beginning of a line.
+This character, at the beginning of a line followed by
+a "."  closes the connection; when followed by a ^Z it
+suspends the telnet command.  The initial state is to
+disable the rlogin escape character.
+.It Ic start
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic start
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic start
+character.
+.It Ic stop
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic stop
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic stop
+character.
+.It Ic susp
+If
+.Nm telnet
+is in
+.Ic localchars
+mode, or
+.Dv LINEMODE
+is enabled, and the
+.Ic suspend
+character is typed, a
+.Dv TELNET SUSP
+sequence (see
+.Ic send
+.Ic susp
+above)
+is sent to the remote host.
+The initial value for the suspend character is taken to be
+the terminal's
+.Ic suspend
+character.
+.ne 1i
+.It Ic tracefile
+This is the file to which the output, caused by
+.Ic netdata
+or
+.Ic option
+tracing being
+.Dv TRUE ,
+will be written.  If it is set to
+.Dq Fl ,
+then tracing information will be written to standard output (the default).
+.It Ic worderase
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic worderase
+character.
+The initial value for the worderase character is taken to be
+the terminal's
+.Ic worderase
+character.
+.It Ic \&?
+Displays the legal
+.Ic set
+.Pq Ic unset
+commands.
+.El
+.It Ic slc Ar state 
+The
+.Ic slc
+command (Set Local Characters) is used to set
+or change the state of the the special
+characters when the 
+.Dv TELNET LINEMODE
+option has
+been enabled.  Special characters are characters that get
+mapped to 
+.Tn TELNET
+commands sequences (like
+.Ic ip
+or
+.Ic quit  )
+or line editing characters (like
+.Ic erase
+and
+.Ic kill  ) .
+By default, the local special characters are exported.
+.Bl -tag -width Fl
+.It Ic check
+Verify the current settings for the current special characters.
+The remote side is requested to send all the current special
+character settings, and if there are any discrepancies with
+the local side, the local side will switch to the remote value.
+.It Ic export
+Switch to the local defaults for the special characters.  The
+local default characters are those of the local terminal at
+the time when
+.Nm telnet
+was started.
+.It Ic import
+Switch to the remote defaults for the special characters.
+The remote default characters are those of the remote system
+at the time when the 
+.Tn TELNET
+connection was established.
+.It Ic \&?
+Prints out help information for the
+.Ic slc
+command.
+.El
+.It Ic status
+Show the current status of
+.Nm telnet  .
+This includes the peer one is connected to, as well
+as the current mode.
+.It Ic toggle Ar arguments ... 
+Toggle (between
+.Dv TRUE
+and
+.Dv FALSE )
+various flags that control how
+.Nm telnet
+responds to events.
+These flags may be set explicitly to
+.Dv TRUE
+or
+.Dv FALSE
+using the
+.Ic set
+and
+.Ic unset
+commands listed above.
+More than one argument may be specified.
+The state of these flags may be interrogated with the
+.Ic display
+command.
+Valid arguments are:
+.Bl -tag -width Ar
+.It Ic authdebug
+Turns on debugging information for the authentication code.
+.It Ic autoflush
+If
+.Ic autoflush
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when the
+.Ic ao  ,
+or
+.Ic quit
+characters are recognized (and transformed into
+.Tn TELNET
+sequences; see
+.Ic set
+above for details),
+.Nm telnet
+refuses to display any data on the user's terminal
+until the remote system acknowledges (via a
+.Dv TELNET TIMING MARK
+option)
+that it has processed those
+.Tn TELNET
+sequences.
+The initial value for this toggle is
+.Dv TRUE
+if the terminal user had not
+done an "stty noflsh", otherwise
+.Dv FALSE
+(see
+.Xr stty  1  ) .
+.It Ic autodecrypt
+When the
+.Dv TELNET ENCRYPT
+option is negotiated, by
+default the actual encryption (decryption) of the data
+stream does not start automatically.  The autoencrypt
+(autodecrypt) command states that encryption of the
+output (input) stream should be enabled as soon as
+possible.
+.sp
+.Pp
+Note:  Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside the United States and Canada.
+.It Ic autologin
+If the remote side supports the
+.Dv TELNET AUTHENTICATION
+option
+.Tn TELNET
+attempts to use it to perform automatic authentication.  If the
+.Dv AUTHENTICATION
+option is not supported, the user's login
+name are propagated through the
+.Dv TELNET ENVIRON
+option.
+This command is the same as specifying
+.Ar a
+option on the
+.Ic open
+command.
+.It Ic autosynch
+If
+.Ic autosynch
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when either the
+.Ic intr
+or
+.Ic quit
+characters is typed (see
+.Ic set
+above for descriptions of the
+.Ic intr
+and
+.Ic quit
+characters), the resulting
+.Tn TELNET
+sequence sent is followed by the
+.Dv TELNET SYNCH
+sequence.
+This procedure
+.Ic should
+cause the remote system to begin throwing away all previously
+typed input until both of the
+.Tn TELNET
+sequences have been read and acted upon.
+The initial value of this toggle is
+.Dv FALSE .
+.It Ic binary
+Enable or disable the
+.Dv TELNET BINARY
+option on both input and output.
+.It Ic inbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on input.
+.It Ic outbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on output.
+.It Ic crlf
+If this is
+.Dv TRUE ,
+then carriage returns will be sent as
+.Li <CR><LF> .
+If this is
+.Dv FALSE ,
+then carriage returns will be send as
+.Li <CR><NUL> .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic crmod
+Toggle carriage return mode.
+When this mode is enabled, most carriage return characters received from
+the remote host will be mapped into a carriage return followed by
+a line feed.
+This mode does not affect those characters typed by the user, only
+those received from the remote host.
+This mode is not very useful unless the remote host
+only sends carriage return, but never line feed.
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic debug
+Toggles socket level debugging (useful only to the
+.Ic super user  ) .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic encdebug
+Turns on debugging information for the encryption code.
+.It Ic localchars
+If this is
+.Dv TRUE ,
+then the
+.Ic flush  ,
+.Ic interrupt ,
+.Ic quit  ,
+.Ic erase ,
+and
+.Ic kill
+characters (see
+.Ic set
+above) are recognized locally, and transformed into (hopefully) appropriate
+.Tn TELNET
+control sequences
+(respectively
+.Ic ao  ,
+.Ic ip ,
+.Ic brk  ,
+.Ic ec ,
+and
+.Ic el  ;
+see
+.Ic send
+above).
+The initial value for this toggle is
+.Dv TRUE
+in \*(Lqold line by line\*(Rq mode,
+and
+.Dv FALSE
+in \*(Lqcharacter at a time\*(Rq mode.
+When the
+.Dv LINEMODE
+option is enabled, the value of
+.Ic localchars
+is ignored, and assumed to always be
+.Dv TRUE .
+If
+.Dv LINEMODE
+has ever been enabled, then
+.Ic quit
+is sent as
+.Ic abort  ,
+and
+.Ic eof and
+.B suspend
+are sent as
+.Ic eof and
+.Ic susp ,
+see
+.Ic send
+above).
+.It Ic netdata
+Toggles the display of all network data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic options
+Toggles the display of some internal
+.Nm telnet
+protocol processing (having to do with
+.Tn TELNET
+options).
+The initial value for this toggle is
+.Dv FALSE .
+.ne 1i
+.It Ic prettydump
+When the
+.Ic netdata
+toggle is enabled, if
+.Ic prettydump
+is enabled the output from the
+.Ic netdata
+command will be formatted in a more user readable format.
+Spaces are put between each character in the output, and the
+beginning of any
+.Tn TELNET
+escape sequence is preceded by a '*' to aid in locating them.
+.It Ic skiprc
+When the skiprc toggle is
+.Dv TRUE ,
+.Tn TELNET
+skips the reading of the
+.Pa \&.telnetrc
+file in the users home
+directory when connections are opened.  The initial
+value for this toggle is
+.Dv FALSE.
+.It Ic termdata
+Toggles the display of all terminal data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic verbose_encrypt
+When the
+.Ic verbose_encrypt
+toggle is
+.Dv TRUE ,
+.Tn TELNET
+prints out a message each time encryption is enabled or
+disabled.  The initial value for this toggle is
+.Dv FALSE.
+Note:  Because of export controls, data encryption
+is not supported outside of the United States and Canada.
+.It Ic \&?
+Displays the legal
+.Ic toggle
+commands.
+.El
+.It Ic z
+Suspend
+.Nm telnet  .
+This command only works when the user is using the
+.Xr csh  1  .
+.It Ic \&! Op Ar command 
+Execute a single command in a subshell on the local
+system.  If
+.Ic command
+is omitted, then an interactive
+subshell is invoked.
+.It Ic \&? Op Ar command 
+Get help.  With no arguments,
+.Nm telnet
+prints a help summary.
+If a command is specified,
+.Nm telnet
+will print the help information for just that command.
+.El
+.Sh ENVIRONMENT
+.Nm Telnet
+uses at least the
+.Ev HOME ,
+.Ev SHELL ,
+.Ev DISPLAY ,
+and
+.Ev TERM
+environment variables.
+Other environment variables may be propagated
+to the other side via the
+.Dv TELNET ENVIRON
+option.
+.Sh FILES
+.Bl -tag -width ~/.telnetrc -compact
+.It Pa ~/.telnetrc
+user customized telnet startup values
+.El
+.Sh HISTORY
+The
+.Nm Telnet
+command appeared in
+.Bx 4.2 .
+.Sh NOTES
+.Pp
+On some remote systems, echo has to be turned off manually when in
+\*(Lqold line by line\*(Rq mode.
+.Pp
+In \*(Lqold line by line\*(Rq mode or 
+.Dv LINEMODE
+the terminal's
+.Ic eof
+character is only recognized (and sent to the remote system)
+when it is the first character on a line.
diff --git a/crypto/kerberosIV/man/telnetd.8 b/crypto/kerberosIV/man/telnetd.8
new file mode 100644
index 0000000..b26d8dd
--- /dev/null
+++ b/crypto/kerberosIV/man/telnetd.8
@@ -0,0 +1,527 @@
+.\" Copyright (c) 1983, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNETD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm telnetd
+.Nd DARPA
+.Tn TELNET
+protocol server
+.Sh SYNOPSIS
+.Nm telnetd
+.Op Fl BUhkln
+.Op Fl D Ar debugmode
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl a Ar authmode
+.Op Fl r Ns Ar lowpty-highpty
+.Op Fl u Ar len
+.Op Fl debug
+.Op Fl L Ar /bin/login
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm telnetd
+command is a server which supports the
+.Tn DARPA
+standard
+.Tn TELNET
+virtual terminal protocol.
+.Nm Telnetd
+is normally invoked by the internet server (see
+.Xr inetd 8 )
+for requests to connect to the
+.Tn TELNET
+port as indicated by the
+.Pa /etc/services
+file (see
+.Xr services 5 ) .
+The
+.Fl debug
+option may be used to start up
+.Nm telnetd
+manually, instead of through
+.Xr inetd 8 .
+If started up this way, 
+.Ar port
+may be specified to run
+.Nm telnetd
+on an alternate
+.Tn TCP
+port number.
+.Pp
+The
+.Nm telnetd
+command accepts the following options:
+.Bl -tag -width "-a authmode"
+.It Fl a Ar authmode
+This option may be used for specifying what mode should
+be used for authentication.
+Note that this option is only useful if
+.Nm telnetd
+has been compiled with support for the
+.Dv AUTHENTICATION
+option.
+There are several valid values for
+.Ar authmode:
+.Bl -tag -width debug
+.It debug
+Turns on authentication debugging code.
+.It user
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user,
+and is allowed access to the specified account
+without providing a password.
+.It valid
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user.
+The
+.Xr login 1
+command will provide any additional user verification
+needed if the remote user is not allowed automatic
+access to the specified account.
+.It other
+Only allow connections that supply some authentication information.
+This option is currently not supported
+by any of the existing authentication mechanisms,
+and is thus the same as specifying
+.Fl a
+.Cm valid .
+.It otp
+Only allow authenticated connections (as with
+.Fl a
+.Cm user )
+and also logins with one-time passwords (OTPs).  This option will call
+login with an option so that only OTPs are accepted.  The user can of
+course still type secret information at the prompt.
+.It none
+This is the default state.
+Authentication information is not required.
+If no or insufficient authentication information
+is provided, then the
+.Xr login 1
+program will provide the necessary user
+verification.
+.It off
+This disables the authentication code.
+All user verification will happen through the
+.Xr login 1
+program.
+.El
+.It Fl B
+Ignored.
+.It Fl D Ar debugmode
+This option may be used for debugging purposes.
+This allows
+.Nm telnetd
+to print out debugging information
+to the connection, allowing the user to see what
+.Nm telnetd
+is doing.
+There are several possible values for 
+.Ar debugmode:
+.Bl -tag -width exercise
+.It Cm options
+Prints information about the negotiation of
+.Tn TELNET
+options.
+.It Cm report
+Prints the 
+.Cm options
+information, plus some additional information
+about what processing is going on.
+.It Cm netdata
+Displays the data stream received by
+.Nm telnetd.
+.It Cm ptydata
+Displays data written to the pty.
+.It Cm exercise
+Has not been implemented yet.
+.El
+.It Fl h
+Disables the printing of host-specific information before
+login has been completed.
+.It Fl k
+.It Fl l
+Ignored.
+.It Fl n
+Disable
+.Dv TCP
+keep-alives.  Normally
+.Nm telnetd
+enables the
+.Tn TCP
+keep-alive mechanism to probe connections that
+have been idle for some period of time to determine
+if the client is still there, so that idle connections
+from machines that have crashed or can no longer
+be reached may be cleaned up.
+.It Fl r Ar lowpty-highpty
+This option is only enabled when
+.Nm telnetd
+is compiled for
+.Dv UNICOS.
+It specifies an inclusive range of pseudo-terminal devices to
+use.  If the system has sysconf variable
+.Dv _SC_CRAY_NPTY
+configured, the default pty search range is 0 to
+.Dv _SC_CRAY_NPTY;
+otherwise, the default range is 0 to 128.  Either
+.Ar lowpty
+or
+.Ar highpty
+may be omitted to allow changing
+either end of the search range.  If
+.Ar lowpty
+is omitted, the - character is still required so that
+.Nm telnetd
+can differentiate
+.Ar highpty
+from
+.Ar lowpty .
+.It Fl S Ar tos
+.It Fl u Ar len
+This option is used to specify the size of the field
+in the
+.Dv utmp
+structure that holds the remote host name.
+If the resolved host name is longer than
+.Ar len ,
+the dotted decimal value will be used instead.
+This allows hosts with very long host names that
+overflow this field to still be uniquely identified.
+Specifying
+.Fl u0
+indicates that only dotted decimal addresses
+should be put into the
+.Pa utmp
+file.
+.ne 1i
+.It Fl U
+This option causes
+.Nm telnetd
+to refuse connections from addresses that
+cannot be mapped back into a symbolic name
+via the
+.Xr gethostbyaddr 3
+routine.
+.It Fl X Ar authtype
+This option is only valid if
+.Nm telnetd
+has been built with support for the authentication option.
+It disables the use of
+.Ar authtype
+authentication, and
+can be used to temporarily disable
+a specific authentication type without having to recompile
+.Nm telnetd .
+.It Fl L pathname
+Specify pathname to an alternative login program.
+.El
+.Pp
+.Nm Telnetd
+operates by allocating a pseudo-terminal device (see
+.Xr pty 4 )
+for a client, then creating a login process which has
+the slave side of the pseudo-terminal as 
+.Dv stdin ,
+.Dv stdout
+and
+.Dv stderr .
+.Nm Telnetd
+manipulates the master side of the pseudo-terminal,
+implementing the
+.Tn TELNET
+protocol and passing characters
+between the remote client and the login process.
+.Pp
+When a
+.Tn TELNET
+session is started up, 
+.Nm telnetd
+sends
+.Tn TELNET
+options to the client side indicating
+a willingness to do the
+following
+.Tn TELNET
+options, which are described in more detail below:
+.Bd -literal -offset indent
+DO AUTHENTICATION
+WILL ENCRYPT
+DO TERMINAL TYPE
+DO TSPEED
+DO XDISPLOC
+DO NEW-ENVIRON
+DO ENVIRON
+WILL SUPPRESS GO AHEAD
+DO ECHO
+DO LINEMODE
+DO NAWS
+WILL STATUS
+DO LFLOW
+DO TIMING-MARK
+.Ed
+.Pp
+The pseudo-terminal allocated to the client is configured
+to operate in \*(lqcooked\*(rq mode, and with
+.Dv XTABS and
+.Dv CRMOD
+enabled (see
+.Xr tty 4 ) .
+.Pp
+.Nm Telnetd
+has support for enabling locally the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "WILL ECHO"
+When the
+.Dv LINEMODE
+option is enabled, a
+.Dv WILL ECHO
+or
+.Dv WONT ECHO
+will be sent to the client to indicate the
+current state of terminal echoing.
+When terminal echo is not desired, a
+.Dv WILL ECHO
+is sent to indicate that
+.Tn telnetd
+will take care of echoing any data that needs to be
+echoed to the terminal, and then nothing is echoed.
+When terminal echo is desired, a
+.Dv WONT ECHO
+is sent to indicate that
+.Tn telnetd
+will not be doing any terminal echoing, so the
+client should do any terminal echoing that is needed.
+.It "WILL BINARY"
+Indicates that the client is willing to send a
+8 bits of data, rather than the normal 7 bits
+of the Network Virtual Terminal.
+.It "WILL SGA"
+Indicates that it will not be sending
+.Dv IAC GA,
+go ahead, commands.
+.It "WILL STATUS"
+Indicates a willingness to send the client, upon
+request, of the current status of all
+.Tn TELNET
+options.
+.It "WILL TIMING-MARK"
+Whenever a
+.Dv DO TIMING-MARK
+command is received, it is always responded
+to with a
+.Dv WILL TIMING-MARK
+.ne 1i
+.It "WILL LOGOUT"
+When a
+.Dv DO LOGOUT
+is received, a
+.Dv WILL LOGOUT
+is sent in response, and the
+.Tn TELNET
+session is shut down.
+.It "WILL ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Pp
+.Nm Telnetd
+has support for enabling remotely the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "DO BINARY"
+Sent to indicate that
+.Tn telnetd
+is willing to receive an 8 bit data stream.
+.It "DO LFLOW"
+Requests that the client handle flow control
+characters remotely.
+.It "DO ECHO"
+This is not really supported, but is sent to identify a 4.2BSD
+.Xr telnet 1
+client, which will improperly respond with
+.Dv WILL ECHO.
+If a
+.Dv WILL ECHO
+is received, a
+.Dv DONT ECHO
+will be sent in response.
+.It "DO TERMINAL-TYPE"
+Indicates a desire to be able to request the
+name of the type of terminal that is attached
+to the client side of the connection.
+.It "DO SGA"
+Indicates that it does not need to receive
+.Dv IAC GA,
+the go ahead command.
+.It "DO NAWS"
+Requests that the client inform the server when
+the window (display) size changes.
+.It "DO TERMINAL-SPEED"
+Indicates a desire to be able to request information
+about the speed of the serial line to which
+the client is attached.
+.It "DO XDISPLOC"
+Indicates a desire to be able to request the name
+of the X windows display that is associated with
+the telnet client.
+.It "DO NEW-ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1572.
+.It "DO ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1408.
+.It "DO LINEMODE"
+Only sent if
+.Nm telnetd
+is compiled with support for linemode, and
+requests that the client do line by line processing.
+.It "DO TIMING-MARK"
+Only sent if
+.Nm telnetd
+is compiled with support for both linemode and
+kludge linemode, and the client responded with
+.Dv WONT LINEMODE.
+If the client responds with
+.Dv WILL TM,
+the it is assumed that the client supports
+kludge linemode.
+Note that the
+.Op Fl k
+option can be used to disable this.
+.It "DO AUTHENTICATION"
+Only sent if
+.Nm telnetd
+is compiled with support for authentication, and
+indicates a willingness to receive authentication
+information for automatic login.
+.It "DO ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.Sh ENVIRONMENT
+.Sh FILES
+.Pa /etc/services
+.br
+.Pa /etc/inittab
+(UNICOS systems only)
+.br
+.Pa /etc/iptos
+(if supported)
+.br
+.Sh "SEE ALSO"
+.Xr telnet 1 ,
+.Xr login 1
+.Sh STANDARDS
+.Bl -tag -compact -width RFC-1572
+.It Cm RFC-854
+.Tn TELNET
+PROTOCOL SPECIFICATION
+.It Cm RFC-855
+TELNET OPTION SPECIFICATIONS
+.It Cm RFC-856
+TELNET BINARY TRANSMISSION
+.It Cm RFC-857
+TELNET ECHO OPTION
+.It Cm RFC-858
+TELNET SUPPRESS GO AHEAD OPTION
+.It Cm RFC-859
+TELNET STATUS OPTION
+.It Cm RFC-860
+TELNET TIMING MARK OPTION
+.It Cm RFC-861
+TELNET EXTENDED OPTIONS - LIST OPTION
+.It Cm RFC-885
+TELNET END OF RECORD OPTION
+.It Cm RFC-1073
+Telnet Window Size Option
+.It Cm RFC-1079
+Telnet Terminal Speed Option
+.It Cm RFC-1091
+Telnet Terminal-Type Option
+.It Cm RFC-1096
+Telnet X Display Location Option
+.It Cm RFC-1123
+Requirements for Internet Hosts -- Application and Support
+.It Cm RFC-1184
+Telnet Linemode Option
+.It Cm RFC-1372
+Telnet Remote Flow Control Option
+.It Cm RFC-1416
+Telnet Authentication Option
+.It Cm RFC-1411
+Telnet Authentication: Kerberos Version 4
+.It Cm RFC-1412
+Telnet Authentication: SPX
+.It Cm RFC-1571
+Telnet Environment Option Interoperability Issues
+.It Cm RFC-1572
+Telnet Environment Option
+.Sh BUGS
+Some
+.Tn TELNET
+commands are only partially implemented.
+.Pp
+Because of bugs in the original 4.2 BSD
+.Xr telnet 1 ,
+.Nm telnetd
+performs some dubious protocol exchanges to try to discover if the remote
+client is, in fact, a 4.2 BSD
+.Xr telnet 1 .
+.Pp
+Binary mode
+has no common interpretation except between similar operating systems
+(Unix in this case).
+.Pp
+The terminal type name received from the remote client is converted to
+lower case.
+.Pp
+.Nm Telnetd
+never sends
+.Tn TELNET
+.Dv IAC GA
+(go ahead) commands.
diff --git a/crypto/kerberosIV/server/Makefile.in b/crypto/kerberosIV/server/Makefile.in
index 64e7eb1..42bfaff 100644
--- a/crypto/kerberosIV/server/Makefile.in
+++ b/crypto/kerberosIV/server/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.24 1997/05/02 17:52:00 assar Exp $
+# $Id: Makefile.in,v 1.30 1999/03/10 19:01:17 joda Exp $
 
 SHELL = /bin/sh
 
@@ -6,10 +6,12 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 
 INSTALL = @INSTALL@
@@ -38,17 +40,17 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -67,13 +69,9 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 kerberos$(EXECSUFFIX): kerberos.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken
 
 $(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c
index 405e48d..c310f6e 100644
--- a/crypto/kerberosIV/server/kerberos.c
+++ b/crypto/kerberosIV/server/kerberos.c
@@ -9,7 +9,7 @@
 #include "config.h"
 #include "protos.h"
 
-RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $");
+RCSID("$Id: kerberos.c,v 1.84.2.1 1999/07/22 03:18:03 assar Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -54,7 +54,7 @@ RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $");
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
 #include <sys/ioctl.h>
 #endif
 #ifdef HAVE_SYS_FILIO_H
@@ -71,6 +71,7 @@ RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $");
 #endif
 
 #include <roken.h>
+#include <base64.h>
 
 #include <des.h>
 #include <krb.h>
@@ -78,6 +79,8 @@ RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $");
 #include <prot.h>
 #include <klog.h>
 
+#include <krb_log.h>
+
 #include <kdc.h>
 
 static des_key_schedule master_key_schedule;
@@ -85,12 +88,11 @@ static des_cblock master_key;
 
 static struct timeval kerb_time;
 static u_char master_key_version;
-static char k_instance[INST_SZ];
 static char *lt;
 static int more;
 
 static int mflag;		/* Are we invoked manually? */
-static char *log_file;		/* name of alt. log file */
+static char *log_file = KRBLOG;	/* name of alt. log file */
 static int nflag;		/* don't check max age */
 static int rflag;		/* alternate realm specified */
 
@@ -113,7 +115,8 @@ static void
 usage(void)
 {
     fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]"
-	    " [-a max_age] [-l log_file] [-r realm] [database_pathname]\n",
+	    " [-a max_age] [-l log_file] [-i address_to_listen_on]"
+	    " [-r realm] [database_pathname]\n",
 	    __progname);
     exit(1);
 }
@@ -130,8 +133,8 @@ kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string)
     KTEXT   e_pkt = &e_pkt_st;
     static char e_msg[128];
 
-    strcpy(e_msg, "\nKerberos error -- ");
-    strcat(e_msg, string);
+    snprintf (e_msg, sizeof(e_msg),
+	      "\nKerberos error -- %s", string);
     cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
 		 req_time_ws, err, e_msg);
     sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client,
@@ -242,13 +245,16 @@ set_tgtkey(char *r)
     copy_to_key(&p->key_low, &p->key_high, key);
     unseal(&key);
     krb_set_key(key, 0);
-    strcpy(lastrealm, r);
+    strcpy_truncate (lastrealm, r, REALM_SZ);
     return (KSUCCESS);
 }
 
 
 static int
-kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
+kerberos(unsigned char *buf, int len,
+	 char *proto, struct sockaddr_in *client,
+	 struct sockaddr_in *server,
+	 KTEXT rpkt)
 {
     int pvno;
     int msg_type;
@@ -270,7 +276,9 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
     
     unsigned char *p = buf;
     if(len < 2){
-	strcpy((char*)rpkt->dat, "Packet too short");
+	strcpy_truncate((char*)rpkt->dat,
+			"Packet too short",
+			sizeof(rpkt->dat));
 	return KFAILURE;
     }
 
@@ -279,7 +287,9 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
     pvno = *p++;
     if(pvno != KRB_PROT_VERSION){
 	msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno);
-	strcpy((char*)rpkt->dat, msg);
+	strcpy_truncate((char*)rpkt->dat,
+			msg,
+			sizeof(rpkt->dat));
 	return KERB_ERR_PKT_VER;
     }
     msg_type = *p++;
@@ -292,15 +302,22 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
 	p += krb_get_int(p, &req_time, 4, lsb);
 	life = *p++;
 	p += krb_get_nir(p, service, sinst, NULL);
-	klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s", 
-	     name, inst, realm, service, sinst, inet_ntoa(client));
+	klog(L_INI_REQ,
+	     "AS REQ %s.%s@%s for %s.%s from %s (%s/%u)", 
+	     name, inst, realm, service, sinst,
+	     inet_ntoa(client->sin_addr),
+	     proto, ntohs(server->sin_port));
 	if((err = check_princ(name, inst, 0, &a_name))){
-	    strcpy((char*)rpkt->dat, krb_get_err_text(err));
+	    strcpy_truncate((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
 	    return err;
 	}
 	tk->length = 0;
 	if((err = check_princ(service, sinst, 0, &s_name))){
-	    strcpy((char*)rpkt->dat, krb_get_err_text(err));
+	    strcpy_truncate((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
 	    return err;
 	}
 	life = min(life, s_name.max_life);
@@ -310,7 +327,8 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
 	copy_to_key(&s_name.key_low, &s_name.key_high, key);
 	unseal(&key);
 	krb_create_ticket(tk, flags, a_name.name, a_name.instance, 
-			  local_realm, client.s_addr, session, 
+			  local_realm, client->sin_addr.s_addr,
+			  session, 
 			  life, kerb_time.tv_sec, 
 			  s_name.name, s_name.instance, &key);
 	copy_to_key(&a_name.key_low, &a_name.key_high, key);
@@ -328,11 +346,15 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
 	}
 	return 0;
     case AUTH_MSG_APPL_REQUEST:
-	strcpy(realm, (char*)buf + 3);
+	strcpy_truncate(realm, (char*)buf + 3, REALM_SZ);
 	if((err = set_tgtkey(realm))){
-	    msg = klog(L_ERR_UNK, "Unknown realm %s from %s", 
-		       realm, inet_ntoa(client));
-	    strcpy((char*)rpkt->dat, msg);
+	    msg = klog(L_ERR_UNK,
+		       "Unknown realm %s from %s (%s/%u)", 
+		       realm, inet_ntoa(client->sin_addr),
+		       proto, ntohs(server->sin_port));
+	    strcpy_truncate((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
 	    return err;
 	}
 	p = buf + strlen(realm) + 4;
@@ -340,36 +362,51 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
 	auth->length = p - buf;
 	memcpy(auth->dat, buf, auth->length);
 	err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET,
-			 realm, client.s_addr, &ad, 0);
+			 realm, client->sin_addr.s_addr, &ad, 0);
 	if(err){
-	    msg = klog(L_ERR_UNK, "krb_rd_req from %s: %s", 
-		       inet_ntoa(client), krb_get_err_text(err));
-	    strcpy((char*)rpkt->dat, msg);
+	    msg = klog(L_ERR_UNK,
+		       "krb_rd_req from %s (%s/%u): %s", 
+		       inet_ntoa(client->sin_addr),
+		       proto,
+		       ntohs(server->sin_port),
+		       krb_get_err_text(err));
+	    strcpy_truncate((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
 	    return err;
 	}
 	p += krb_get_int(p, &req_time, 4, lsb);
 	life = *p++;
 	p += krb_get_nir(p, service, sinst, NULL);
-	klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s",
-	     ad.pname, ad.pinst, ad.prealm, 
-	     service, sinst, 
-	     inet_ntoa(client));
+	klog(L_APPL_REQ,
+	     "APPL REQ %s.%s@%s for %s.%s from %s (%s/%u)",
+	     ad.pname, ad.pinst, ad.prealm,
+	     service, sinst,
+	     inet_ntoa(client->sin_addr),
+	     proto,
+	     ntohs(server->sin_port));
+
 	if(strcmp(ad.prealm, realm)){
 	    msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s", 
 		       realm, ad.prealm);
-	    strcpy((char*)rpkt->dat, msg);
+	    strcpy_truncate((char*)rpkt->dat,
+			    msg,
+			    sizeof(rpkt->dat));
 	    return KERB_ERR_PRINCIPAL_UNKNOWN;
 	}
 
 	if(!strcmp(service, "changepw")){
-	    strcpy((char*)rpkt->dat, 
-		   "Can't authorize password changed based on TGT");
+	    strcpy_truncate((char*)rpkt->dat, 
+			    "Can't authorize password changed based on TGT",
+			    sizeof(rpkt->dat));
 	    return KERB_ERR_PRINCIPAL_UNKNOWN;
 	}
 
 	err = check_princ(service, sinst, life, &s_name);
 	if(err){
-	    strcpy((char*)rpkt->dat, krb_get_err_text(err));
+	    strcpy_truncate((char*)rpkt->dat,
+			    krb_get_err_text(err),
+			    sizeof(rpkt->dat));
 	    return err;
 	}
 	life = min(life, 
@@ -381,7 +418,8 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
 	unseal(&key);
 	des_new_random_key(&session);
 	krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm,
-			  client.s_addr, &session, life, kerb_time.tv_sec,
+			  client->sin_addr.s_addr, &session,
+			  life, kerb_time.tv_sec,
 			  s_name.name, s_name.instance,
 			  &key);
 	
@@ -405,21 +443,38 @@ kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt)
     case AUTH_MSG_ERR_REPLY:
 	return -1;
     default:
-	msg = klog(L_KRB_PERR, "Unknown message type: %d from %s", 
-		   msg_type, inet_ntoa(client));
-	strcpy((char*)rpkt->dat, msg);
+	msg = klog(L_KRB_PERR,
+		   "Unknown message type: %d from %s (%s/%u)", 
+		   msg_type,
+		   inet_ntoa(client->sin_addr),
+		   proto,
+		   ntohs(server->sin_port));
+	strcpy_truncate((char*)rpkt->dat,
+			msg,
+			sizeof(rpkt->dat));
 	return KFAILURE;
     }
 }
 
 
 static void
-kerberos_wrap(int s, KTEXT data, struct sockaddr_in *client)
+kerberos_wrap(int s, KTEXT data, char *proto, struct sockaddr_in *client, 
+	      struct sockaddr_in *server)
 {
     KTEXT_ST pkt;
-    int err = kerberos(data->dat, data->length, client->sin_addr, &pkt);
+    int http_flag = strcmp(proto, "http") == 0;
+    int err = kerberos(data->dat, data->length, proto, client, server, &pkt);
     if(err == -1)
 	return;
+    if(http_flag){
+	const char *msg = 
+	    "HTTP/1.1 200 OK\r\n"
+	    "Server: KTH-KRB/1\r\n"
+	    "Content-type: application/octet-stream\r\n"
+	    "Content-transfer-encoding: binary\r\n\r\n";
+	sendto(s, msg, strlen(msg), 0, (struct sockaddr *)client,
+	       sizeof(*client));
+    }
     if(err){
 	kerb_err_reply(s, client, err, (char*)pkt.dat);
 	return;
@@ -487,13 +542,13 @@ struct descr{
     KTEXT_ST buf;
     int type;
     int timeout;
+    struct sockaddr_in addr;
 };
 
 static void
 mksocket(struct descr *d, struct in_addr addr, int type, 
 	 const char *service, int port)
 {
-    struct sockaddr_in sina;
     int     on = 1;
     int sock;
 
@@ -505,14 +560,14 @@ mksocket(struct descr *d, struct in_addr addr, int type,
 		   sizeof(on)) < 0)
 	warn ("setsockopt (SO_REUSEADDR)");
 #endif
-    memset(&sina, 0, sizeof(sina));
-    sina.sin_family = AF_INET;
-    sina.sin_port   = port;
-    sina.sin_addr   = addr;
-    if (bind(sock, (struct sockaddr *)&sina, sizeof(sina)) < 0)
+    memset(&d->addr, 0, sizeof(d->addr));
+    d->addr.sin_family = AF_INET;
+    d->addr.sin_port   = port;
+    d->addr.sin_addr   = addr;
+    if (bind(sock, (struct sockaddr *)&d->addr, sizeof(d->addr)) < 0)
 	err (1, "bind '%s/%s' (%d)",
 	     service, (type == SOCK_DGRAM) ? "udp" : "tcp",
-	     ntohs(sina.sin_port));
+	     ntohs(d->addr.sin_port));
     
     if(type == SOCK_STREAM)
 	listen(sock, SOMAXCONN);
@@ -523,6 +578,118 @@ mksocket(struct descr *d, struct in_addr addr, int type,
 
 static void loop(struct descr *fds, int maxfd);
 
+struct port_spec {
+    int port;
+    int type;
+};
+
+static int
+add_port(struct port_spec **ports, int *num_ports, int port, int type)
+{
+    struct port_spec *tmp;
+    tmp = realloc(*ports, (*num_ports + 1) * sizeof(*tmp));
+    if(tmp == NULL)
+	return ENOMEM;
+    *ports = tmp;
+    tmp[*num_ports].port = port;
+    tmp[*num_ports].type = type;
+    (*num_ports)++;
+    return 0;
+}
+
+static void
+make_sockets(const char *port_spec, struct in_addr *i_addr, 
+	     struct descr **fds, int *nfds)
+{
+    int tp;
+    struct in_addr *a;
+    char *p, *q, *pos = NULL;
+    struct servent *sp;
+    struct port_spec *ports = NULL;
+    int num_ports = 0;
+    int i, j;
+    char *port_spec_copy = strdup (port_spec);
+
+    if (port_spec_copy == NULL)
+	err (1, "strdup");
+
+    for(p = strtok_r(port_spec_copy, ", \t", &pos); 
+	p; 
+	p = strtok_r(NULL, ", \t", &pos)){
+	if(strcmp(p, "+") == 0){
+	    add_port(&ports, &num_ports, 88, SOCK_DGRAM);
+	    add_port(&ports, &num_ports, 88, SOCK_STREAM);
+	    add_port(&ports, &num_ports, 750, SOCK_DGRAM);
+	    add_port(&ports, &num_ports, 750, SOCK_STREAM);
+	}else{
+	    q = strchr(p, '/');
+	    if(q){
+		*q = 0;
+		q++;
+	    }
+	    sp = getservbyname(p, q);
+	    if(sp)
+		tp = ntohs(sp->s_port);
+	    else if(sscanf(p, "%d", &tp) != 1) {
+		warnx("Unknown port: %s%s%s", p, q ? "/" : "", q ? q : "");
+		continue;
+	    }
+	    if(q){
+		if(strcasecmp(q, "tcp") == 0)
+		    add_port(&ports, &num_ports, tp, SOCK_STREAM);
+		else if(strcasecmp(q, "udp") == 0)
+		    add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+		else
+		    warnx("Unknown protocol type: %s", q);
+	    }else{
+		add_port(&ports, &num_ports, tp, SOCK_DGRAM);
+		add_port(&ports, &num_ports, tp, SOCK_STREAM);
+	    }
+	}
+    }
+    free (port_spec_copy);
+
+    if(num_ports == 0)
+	errx(1, "No valid ports specified!");
+    
+    if (i_addr) {
+	*nfds = 1;
+	a = malloc(sizeof(*a) * *nfds);
+	if (a == NULL)
+	    errx (1, "Failed to allocate %lu bytes",
+		  (unsigned long)(sizeof(*a) * *nfds));
+	memcpy(a, i_addr, sizeof(struct in_addr));
+    } else
+	*nfds = k_get_all_addrs (&a);
+    if (*nfds < 0) {
+	struct in_addr any;
+
+	any.s_addr = INADDR_ANY;
+
+	warnx ("Could not get local addresses, binding to INADDR_ANY");
+	*nfds = 1;
+	a = malloc(sizeof(*a) * *nfds);
+	if (a == NULL)
+	    errx (1, "Failed to allocate %lu bytes",
+		  (unsigned long)(sizeof(*a) * *nfds));
+	memcpy(a, &any, sizeof(struct in_addr));
+    }
+    *fds = malloc(*nfds * num_ports * sizeof(**fds));
+    if (*fds == NULL)
+	errx (1, "Failed to allocate %lu bytes",
+	      (unsigned long)(*nfds * num_ports * sizeof(**fds)));
+    for (i = 0; i < *nfds; i++) {
+	for(j = 0; j < num_ports; j++) {
+	    mksocket(*fds + num_ports * i + j, a[i], 
+		     ports[j].type, "", htons(ports[j].port));
+	}
+    }
+    *nfds *= num_ports;
+    free(ports);
+    free (a);
+}
+
+
 int
 main(int argc, char **argv)
 {
@@ -530,30 +697,26 @@ main(int argc, char **argv)
     int c;
     struct descr *fds;
     int nfds;
-    int i;
     int n;
     int     kerror;
+    int i_flag = 0;
+    struct in_addr i_addr;
+    char *port_spec = "+";
 
     umask(077);		/* Create protected files */
 
     set_progname (argv[0]);
 
-    while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) {
+    while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != EOF) {
 	switch(c) {
 	case 's':
 	    /*
 	     * Set parameters to slave server defaults.
 	     */
 	    if (max_age == -1 && !nflag)
-		max_age = ONE_DAY;	/* 24 hours */
+		max_age = THREE_DAYS;	/* Survive weekend */
 	    if (pause_int == -1)
 		pause_int = FIVE_MINUTES; /* 5 minutes */
-#if 0
-	    if (log_file == NULL) {
-		/* this is only silly */
-		log_file = KRBSLAVELOG;
-	    }
-#endif
 	    break;
 	case 'n':
 	    max_age = -1;	/* don't check max age. */
@@ -562,26 +725,41 @@ main(int argc, char **argv)
 	case 'm':
 	    mflag++;		/* running manually; prompt for master key */
 	    break;
-	case 'p':
+	case 'p': {
 	    /* Set pause interval. */
-	    if (!isdigit(optarg[0]))
-		usage();
-	    pause_int = atoi(optarg);
+	    char *tmp;
+
+	    pause_int = strtol (optarg, &tmp, 0);
+	    if (pause_int == 0 && tmp == optarg) {
+		fprintf(stderr, "pause_int `%s' not a number\n", optarg);
+		usage ();
+	    }
+
 	    if ((pause_int < 5) ||  (pause_int > ONE_HOUR)) {
 		fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n");
 		usage();
 	    }
 	    break;
-	case 'a':
+	}
+	case 'P':
+	    port_spec = optarg;
+	    break;
+	case 'a': {
 	    /* Set max age. */
-	    if (!isdigit(optarg[0])) 
-		usage();
-	    max_age = atoi(optarg);
+	    char *tmp;
+
+	    max_age = strtol (optarg, &tmp, 0);
+	    if (max_age == 0 && tmp == optarg) {
+		fprintf (stderr, "max_age `%s' not a number\n", optarg);
+		usage ();
+	    }
 	    if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) {
-		fprintf(stderr, "max_age must be between one hour and three days, in seconds\n");
+		fprintf(stderr, "max_age must be between one hour and "
+			"three days, in seconds\n");
 		usage();
 	    }
 	    break;
+	}
 	case 'l':
 	    /* Set alternate log file */
 	    log_file = optarg;
@@ -589,7 +767,15 @@ main(int argc, char **argv)
 	case 'r':
 	    /* Set realm name */
 	    rflag++;
-	    strcpy(local_realm, optarg);
+	    strcpy_truncate(local_realm, optarg, sizeof(local_realm));
+	    break;
+	case 'i':
+	    /* Only listen on this address */
+	    if(inet_aton (optarg, &i_addr) == 0) {
+		fprintf (stderr, "Bad address: %s\n", optarg);
+		exit (1);
+	    }
+	    ++i_flag;
 	    break;
 	default:
 	    usage();
@@ -597,9 +783,6 @@ main(int argc, char **argv)
 	}
     }
     
-    if(log_file == NULL)
-	log_file = KRBLOG;
-
     if (optind == (argc-1)) {
 	if (kerb_db_set_name(argv[optind]) != 0) {
 	    fprintf(stderr, "Could not set alternate database name\n");
@@ -626,51 +809,8 @@ main(int argc, char **argv)
 
     kset_logfile(log_file);
     
-    /* find our hostname, and use it as the instance */
-    if (k_gethostname(k_instance, INST_SZ))
-	err (1, "gethostname");
+    make_sockets(port_spec, i_flag ? &i_addr : NULL, &fds, &nfds);
 
-    /*
-     * Yes this looks backwards but it has to be this way to enable a
-     * smooth migration to the new port 88.
-     */
-    {
-      int p1, p2;
-      struct in_addr *a;
-
-      p1 = k_getportbyname ("kerberos-iv", "udp", htons(750));
-      p2 = k_getportbyname ("kerberos-sec", "udp", htons(88));
-
-      if (p1 == p2)
-	{
-	  fprintf(stderr, "Either define kerberos-iv/udp as 750\n");
-	  fprintf(stderr, "      and kerberos-sec/udp as 88\n");
-	  fprintf(stderr, "or the other way around!");
-	  exit(1);
-	}
-
-      nfds = k_get_all_addrs (&a);
-      if (nfds < 0) {
-	   struct in_addr any;
-
-	   any.s_addr = INADDR_ANY;
-
-	   fprintf (stderr, "Could not get local addresses, "
-		    "binding to INADDR_ANY\n");
-	   nfds = 1;
-	   a = malloc(sizeof(*a) * nfds);
-	   memcpy(a, &any, sizeof(struct in_addr));
-      }
-      nfds *= 4;
-      fds = (struct descr*)malloc(nfds * sizeof(struct descr));
-      for (i = 0; i < nfds/4; i++) {
-	  mksocket(fds + 4 * i + 0, a[i], SOCK_DGRAM, "kerberos-iv", p1);
-	  mksocket(fds + 4 * i + 1, a[i], SOCK_DGRAM, "kerberos-sec", p2);
-	  mksocket(fds + 4 * i + 2, a[i], SOCK_STREAM, "kerberos-iv", p1);
-	  mksocket(fds + 4 * i + 3, a[i], SOCK_STREAM, "kerberos-sec", p2);
-      }
-      free (a);
-    }
     /* do all the database and cache inits */
     if ((n = kerb_init())) {
 	if (mflag) {
@@ -689,7 +829,7 @@ main(int argc, char **argv)
     
     /* setup master key */
     if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) {
-      klog (L_KRB_PERR, "kerberos: couldn't get master key.\n");
+      klog (L_KRB_PERR, "kerberos: couldn't get master key.");
       exit (1);
     }
     kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout);
@@ -737,6 +877,98 @@ main(int argc, char **argv)
 
 
 static void
+read_socket(struct descr *n)
+{
+    int b;
+    struct sockaddr_in from;
+    int fromlen = sizeof(from);
+    b = recvfrom(n->s, n->buf.dat + n->buf.length, 
+		 MAX_PKT_LEN - n->buf.length, 0, 
+		 (struct sockaddr *)&from, &fromlen);
+    if(b < 0){
+	if(n->type == SOCK_STREAM){
+	    close(n->s);
+	    n->s = -1;
+	}
+	n->buf.length = 0;
+	return;
+    }
+    n->buf.length += b;
+    if(n->type == SOCK_STREAM){
+	char *proto = "tcp";
+	if(n->buf.length > 4 && 
+	   strncmp((char *)n->buf.dat, "GET ", 4) == 0 &&
+	   strncmp((char *)n->buf.dat + n->buf.length - 4, 
+		   "\r\n\r\n", 4) == 0){
+	    char *p;
+	    char *save = NULL;
+
+	    n->buf.dat[n->buf.length - 1] = 0;
+	    strtok_r((char *)n->buf.dat, " \t\r\n", &save);
+	    p = strtok_r(NULL, " \t\r\n", &save);
+	    if(p == NULL)
+		p = "";
+	    if(*p == '/') p++;
+	    n->buf.length = base64_decode(p, n->buf.dat);
+	    if(n->buf.length <= 0){
+		const char *msg = 
+		    "HTTP/1.1 404 Not found\r\n"
+		    "Server: KTH-KRB/1\r\n"
+		    "Content-type: text/html\r\n"
+		    "Content-transfer-encoding: 8bit\r\n\r\n"
+		    "<TITLE>404 Not found</TITLE>\r\n"
+		    "<H1>404 Not found</H1>\r\n"
+		    "That page does not exist. Information about "
+		    "<A HREF=\"http://www.pdc.kth.se/kth-krb\">KTH-KRB</A> "
+		    "is available elsewhere.\r\n";
+		fromlen = sizeof(from);
+		if(getpeername(n->s,(struct sockaddr*)&from, &fromlen) == 0)
+		    klog(L_KRB_PERR, "Unknown HTTP request from %s", 
+			 inet_ntoa(from.sin_addr));
+		else
+		    klog(L_KRB_PERR, "Unknown HTTP request from <unknown>");
+		write(n->s, msg, strlen(msg));
+		close(n->s);
+		n->s = -1;
+		n->buf.length = 0;
+		return;
+	    }
+	    proto = "http";
+	    b = 0;
+	}
+	else if(n->buf.length >= 4 && n->buf.dat[0] == 0){
+	    /* if this is a new type of packet (with
+	       the length attached to the head of the
+	       packet), and there is no more data to
+	       be read, fake an old packet, so the
+	       code below will work */
+	    u_int32_t len;
+	    krb_get_int(n->buf.dat, &len, 4, 0);
+	    if(n->buf.length == len + 4){
+		memmove(n->buf.dat, n->buf.dat + 4, len);
+		b = 0;
+	    }
+	}
+	if(b == 0){
+	    /* handle request if there are 
+	       no more bytes to read */
+	    fromlen = sizeof(from);
+	    getpeername(n->s,(struct sockaddr*)&from, &fromlen);
+	    kerberos_wrap(n->s, &n->buf, proto, &from,
+			  &n->addr);
+	    n->buf.length = 0;
+	    close(n->s);
+	    n->s = -1;
+	}
+    }else{
+	/* udp packets are atomic */
+	kerberos_wrap(n->s, &n->buf, "udp", &from,
+		      &n->addr);
+	n->buf.length = 0;
+    }
+}
+
+static void
 loop(struct descr *fds, int nfds)
 {
     for (;;) {
@@ -745,6 +977,7 @@ loop(struct descr *fds, int nfds)
 	struct timeval tv;
 	int maxfd = 0;
 	struct descr *n, *minfree;
+	int accepted; /* accept at most one socket per `round' */
 	
 	FD_ZERO(&readfds);
 	gettimeofday(&tv, NULL);
@@ -778,13 +1011,17 @@ loop(struct descr *fds, int nfds)
 	    }
 	}
 	ret = select(maxfd + 1, &readfds, 0, 0, 0);
+	accepted = 0;
 	for (n = fds; n < fds + nfds; n++){
 	    if(n->s < 0) continue;
 	    if (FD_ISSET(n->s, &readfds)){
 		if(n->type == SOCK_STREAM && n->timeout == 0){
 		    /* add accepted socket to list of sockets we are
                        selecting on */
-		    int s = accept(n->s, NULL, 0);
+		    int s;
+		    if(accepted) continue;
+		    accepted = 1;
+		    s = accept(n->s, NULL, 0);
 		    if(minfree == NULL){
 			kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
 			close(s);
@@ -793,53 +1030,11 @@ loop(struct descr *fds, int nfds)
 			minfree->type = SOCK_STREAM;
 			gettimeofday(&tv, NULL);
 			minfree->timeout = tv.tv_sec + 4; /* XXX */
+			minfree->buf.length = 0;
+			memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr));
 		    }
-		}else{
-		    int b;
-		    struct sockaddr_in from;
-		    int fromlen = sizeof(from);
-		    b = recvfrom(n->s, n->buf.dat + n->buf.length, 
-				 MAX_PKT_LEN - n->buf.length, 0, 
-				 (struct sockaddr *)&from, &fromlen);
-		    if(b < 0){
-			if(n->type == SOCK_STREAM){
-			    close(n->s);
-			    n->s = -1;
-			}
-			n->buf.length = 0;
-			continue;
-		    }
-		    n->buf.length += b;
-		    if(n->type == SOCK_STREAM){
-			if(n->buf.length >= 4 && n->buf.dat[0] == 0){
-			    /* if this is a new type of packet (with
-                               the length attached to the head of the
-                               packet), and there is no more data to
-                               be read, fake an old packet, so the
-                               code below will work */
-			    u_int32_t len;
-			    krb_get_int(n->buf.dat, &len, 4, 0);
-			    if(n->buf.length == len + 4){
-				memmove(n->buf.dat, n->buf.dat + 4, len);
-				b = 0;
-			    }
-			}
-			if(b == 0){
-			    /* handle request if there are 
-			       no more bytes to read */
-			    fromlen = sizeof(from);
-			    getpeername(n->s,(struct sockaddr*)&from, &fromlen);
-			    kerberos_wrap(n->s, &n->buf, &from);
-			    n->buf.length = 0;
-			    close(n->s);
-			    n->s = -1;
-			}
-		    }else{
-			/* udp packets are atomic */
-			kerberos_wrap(n->s, &n->buf, &from);
-			n->buf.length = 0;
-		    }
-		}
+		}else
+		    read_socket(n);
 	    }
 	}
     }
diff --git a/crypto/kerberosIV/slave/Makefile.in b/crypto/kerberosIV/slave/Makefile.in
index ce35546..938e61c 100644
--- a/crypto/kerberosIV/slave/Makefile.in
+++ b/crypto/kerberosIV/slave/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.27 1997/05/04 04:16:28 assar Exp $
+# $Id: Makefile.in,v 1.33 1999/03/10 19:01:17 joda Exp $
 
 SHELL = /bin/sh
 
@@ -6,10 +6,12 @@ srcdir = @srcdir@
 VPATH = @srcdir@
 
 CC = @CC@
+LINK = @LINK@
 AR = ar
 RANLIB = @RANLIB@
 DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\"
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ $(WFLAGS)
+WFLAGS = @WFLAGS@
 LD_FLAGS = @LD_FLAGS@
 
 INSTALL = @INSTALL@
@@ -38,17 +40,17 @@ Wall:
 	make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
 
 .c.o:
-	$(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $<
+	$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CPPFLAGS) $(CFLAGS) $<
 
 install: all
-	$(MKINSTALLDIRS) $(libexecdir)
+	$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
 	for x in $(PROGS); do \
-	  $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 uninstall:
 	for x in $(PROGS); do \
-	  rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \
+	  rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
 	done
 
 TAGS: $(SOURCES)
@@ -67,16 +69,12 @@ distclean: clean
 realclean: distclean
 	rm -f TAGS
 
-dist: $(DISTFILES)
-	for file in $(DISTFILES); do \
-	  ln $$file ../`cat ../.fname`/lib \
-	    || cp -p $$file ../`cat ../.fname`/lib; \
-	done
-
 kprop$(EXECSUFFIX): kprop.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
 
 kpropd$(EXECSUFFIX): kpropd.o
-	$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
+	$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken
 
 $(OBJECTS): ../include/config.h
+
+.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/slave/kprop.c b/crypto/kerberosIV/slave/kprop.c
index 8901121..877787d 100644
--- a/crypto/kerberosIV/slave/kprop.c
+++ b/crypto/kerberosIV/slave/kprop.c
@@ -19,7 +19,7 @@ provided "as is" without express or implied warranty.
 
 #include "slav_locl.h"
 
-RCSID("$Id: kprop.c,v 1.29 1997/05/25 02:43:54 joda Exp $");
+RCSID("$Id: kprop.c,v 1.36 1999/03/11 20:57:07 bg Exp $");
 
 #include "kprop.h"
 
@@ -43,26 +43,23 @@ struct slave_host {
     struct slave_host *next;
 };
 
-static
-int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
+static int
+get_slaves(struct slave_host **psl,
+	   const char *dir_path,
+	   const char *file,
+	   time_t ok_mtime)
 {
     FILE   *fin;
     char    namebuf[128], *inst;
     char   *pc;
     struct hostent *host;
     struct slave_host **th;
-    char    path[256];
-    char   *ppath;
+    char   *last_prop_path;
     struct stat stbuf;
 
     if ((fin = fopen(file, "r")) == NULL)
 	err (1, "open(%s)", file);
-    strcpy(path, file);
-    if ((ppath = strrchr(path, '/'))) {
-	ppath += 1;
-    } else {
-	ppath = path;
-    }
+
     th = psl;
     while(fgets(namebuf, sizeof(namebuf), fin)){
 	if ((pc = strchr(namebuf, '\n'))) {
@@ -84,12 +81,7 @@ int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
 	if (host == NULL) {
 	    warnx ("Ignoring host '%s' in '%s': %s", 
 		   namebuf, file,
-#ifdef HAVE_H_ERRNO
-		   hstrerror(h_errno)
-#else
-		   "unknown error"
-#endif
-		   );
+		   hstrerror(h_errno));
 	    continue;
 	}
 	(*th) = (struct slave_host *) malloc(sizeof(struct slave_host));
@@ -113,11 +105,16 @@ int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
 	(*th)->not_time_yet = 0;
 	(*th)->succeeded = 0;
 	(*th)->next = NULL;
-	strcat(strcpy(ppath, (*th)->name), "-last-prop");
-	if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) {
+	asprintf(&last_prop_path, "%s%s-last-prop", dir_path, (*th)->name);
+	if (last_prop_path == NULL)
+	    errx (1, "malloc failed");
+	if (!force_flag
+	    && !stat(last_prop_path, &stbuf)
+	    && stbuf.st_mtime > ok_mtime) {
 	    (*th)->not_time_yet = 1;
 	    (*th)->succeeded = 1;	/* no change since last success */
 	}
+	free(last_prop_path);
 	th = &(*th)->next;
     }
     fclose(fin);
@@ -135,16 +132,18 @@ int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)
 */
 
 static int
-prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
+prop_to_slaves(struct slave_host *sl,
+	       int fd,
+	       const char *dir_path,
+	       const char *fslv)
 {
     u_char buf[KPROP_BUFSIZ];
     u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */
     struct sockaddr_in sin, my_sin;
     int     i, n, s;
     struct slave_host *cs;	/* current slave */
-    char   path[256], my_host_name[MaxHostNameLen], *p_my_host_name;
+    char   my_host_name[MaxHostNameLen], *p_my_host_name;
     char   kprop_service_instance[INST_SZ];
-    char   *pc;
     u_int32_t cksum;
     u_int32_t length, nlength;
     long   kerror;
@@ -152,8 +151,8 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
     CREDENTIALS  cred;
     MSG_DAT msg_dat;
     static char tkstring[] = "/tmp/kproptktXXXXXX";
-    
     des_key_schedule session_sched;
+    char   *last_prop_path;
 
     close(mkstemp(tkstring));
     krb_set_tkt_string(tkstring);
@@ -163,13 +162,6 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
     sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT));
     sin.sin_addr.s_addr = INADDR_ANY;
 
-    strcpy(path, fslv);
-    if ((pc = strrchr(path, '/'))) {
-	pc += 1;
-    } else {
-	pc = path;
-    }
-
     for (i = 0; i < 5; i++) {	/* try each slave five times max */
 	for (cs = sl; cs; cs = cs->next) {
 	    if (!cs->succeeded) {
@@ -205,15 +197,10 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
 		 * first get a TGT ...
 		 */
 		if (kerror != MK_AP_OK) {
-		    if (k_gethostname (my_host_name, sizeof(my_host_name)) != 0) {
+		    if (gethostname (my_host_name, sizeof(my_host_name)) != 0) {
 			warnx ("gethostname(%s): %s",
 			       my_host_name,
-#ifdef HAVE_H_ERRNO
-			       hstrerror(h_errno)
-#else
-			       "unknown error"
-#endif			       
-			       );
+			       hstrerror(h_errno));
 			close (s);
 			break;	/* next one can't work either! */
 		    }
@@ -221,7 +208,9 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
 		    p_my_host_name = krb_get_phost (my_host_name);
 		    /* copy it to make sure gethostbyname static doesn't
 		     * screw us. */
-		    strcpy (kprop_service_instance, p_my_host_name);
+		    strcpy_truncate (kprop_service_instance,
+				     p_my_host_name,
+				     INST_SZ);
 		    kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, 
 #if 0
 						 kprop_service_instance,
@@ -240,7 +229,8 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
 			goto punt;
 		    }
 		    kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, 
-					 cs->instance, cs->realm, (u_int32_t) 0);
+					 cs->instance, cs->realm,
+					 (u_int32_t) 0);
 		}
 		if (kerror != MK_AP_OK) {
 		    warnx ("%s: krb_mk_req: %s",
@@ -363,10 +353,17 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)
 		}
 		close(s);
 		cs->succeeded = 1;
-		fprintf(stderr, "%s: success.\n", cs->name);
-		strcat(strcpy(pc, cs->name), "-last-prop");
-		unlink(path);
-		close(creat(path, 0600));
+		printf("%s: success.\n", cs->name);
+
+		asprintf(&last_prop_path,
+			 "%s%s-last-prop",
+			 dir_path,
+			 cs->name);
+		if (last_prop_path == NULL)
+		    errx (1, "malloc failed");
+
+		unlink(last_prop_path);
+		close(creat(last_prop_path, 0600));
 	    }
 	}
     }
@@ -381,7 +378,7 @@ punt:
 }
 
 static void
-usage()
+usage(void)
 {
     /* already got floc and fslv, what is this? */
     fprintf(stderr,
@@ -400,6 +397,7 @@ main(int argc, char **argv)
     int     fd, i;
     char   *floc, *floc_ok;
     char   *fslv;
+    char   *dir_path;
     struct stat stbuf, stbuf_ok;
     time_t   l_init, l_final;
     char   *pc;
@@ -436,7 +434,7 @@ main(int argc, char **argv)
 	else if (strcmp (argv[i], "-realm") == 0) {
 	    i++;
 	    if (i < argc)
-		strcpy(my_realm, argv[i]);
+		strcpy_truncate(my_realm, argv[i], REALM_SZ);
 	    else
 		usage();
 	} else if (strcmp (argv[i], "-force") == 0)
@@ -466,9 +464,19 @@ main(int argc, char **argv)
     if (floc_ok == NULL)
 	errx (1, "out of memory in copying %s", floc);
 
+    dir_path = strdup(fslv);
+    if(dir_path == NULL)
+	errx (1, "malloc failed");
+    pc = strrchr(dir_path, '/');
+    if (pc != NULL)
+	++pc;
+    else
+	pc = dir_path;
+    *pc = '\0';
+
     if ((fd = open(floc, O_RDONLY)) < 0)
 	err (1, "open(%s)", floc);
-    if (k_flock(fd, K_LOCK_SH | K_LOCK_NB))
+    if (flock(fd, LOCK_SH | LOCK_NB))
 	err (1, "flock(%s)", floc);
     if (stat(floc, &stbuf))
 	err (1, "stat(%s)", floc);
@@ -476,7 +484,7 @@ main(int argc, char **argv)
 	err (1, "stat(%s)", floc_ok);
     if (stbuf.st_mtime > stbuf_ok.st_mtime)
 	errx (1, "'%s' more recent than '%s'.", floc, floc_ok);
-    if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime))
+    if (!get_slaves(&slave_host_list, dir_path, fslv, stbuf_ok.st_mtime))
 	errx (1, "can't read slave host file '%s'.", fslv);
 #ifdef KPROP_DBG
     {
@@ -492,14 +500,19 @@ main(int argc, char **argv)
     }
 #endif				/* KPROP_DBG */
 
-    if (!prop_to_slaves(slave_host_list, fd, fslv))
+    if (!prop_to_slaves(slave_host_list, fd, dir_path, fslv))
 	errx (1, "propagation failed.");
-    if (k_flock(fd, K_LOCK_UN))
+    if (flock(fd, LOCK_UN))
 	err (1, "flock(%s, LOCK_UN)", floc);
-    fprintf(stderr, "\n\n");
+    printf("\n\n");
     for (sh = slave_host_list; sh; sh = sh->next) {
-	fprintf(stderr, "%s:\t\t%s\n", sh->name,
-		(sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED")));
+        if (sh->not_time_yet)
+	    printf(         "%s:\t\tNot time yet\n", sh->name);
+	else if (sh->succeeded)
+	    printf(         "%s:\t\tSucceeded\n", sh->name);
+	else
+	    fprintf(stderr, "%s:\t\tFAILED\n", sh->name);
+	fflush(stdout);
     }
 
     time(&l_final);
diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c
index e2b5f0a..cf30d7b 100644
--- a/crypto/kerberosIV/slave/kpropd.c
+++ b/crypto/kerberosIV/slave/kpropd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -40,7 +40,7 @@
 
 #include "kprop.h"
 
-RCSID("$Id: kpropd.c,v 2.21 1997/05/02 17:52:13 assar Exp $");
+RCSID("$Id: kpropd.c,v 2.30 1999/03/11 20:29:14 bg Exp $");
 
 #ifndef SBINDIR
 #define SBINDIR "/usr/athena/sbin"
@@ -95,7 +95,8 @@ copy_data(int from, int to, des_cblock *session, des_key_schedule schedule)
 	    klog(L_KRB_PERR, "Premature end of data");
 	    return -1;
 	}
-	kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m);
+	kerr = krb_rd_priv (buf, length, schedule, session,
+			    &master, &slave, &m);
 	if(kerr != KSUCCESS){
 	    klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
 	    return -1;
@@ -115,7 +116,6 @@ kprop(int s)
     KTEXT_ST ticket;
     AUTH_DAT ad;
     char sinst[INST_SZ];
-    char command[1024];
     des_key_schedule schedule;
     int mode;
     int kerr;
@@ -159,6 +159,19 @@ kprop(int s)
 	klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr));
 	return 1;
     }
+
+    if(strcmp(ad.pname, KPROP_SERVICE_NAME) ||
+#if 0
+       strcmp(ad.pinst, /* XXX remote host */) ||
+#else
+       strcmp(ad.pinst, KRB_MASTER) ||
+#endif
+       strcmp(ad.prealm, realm)){
+	klog(L_KRB_PERR, "Connection from unauthorized client: %s", 
+	     krb_unparse_name_long(ad.pname, ad.pinst, ad.prealm));
+	return 1;
+    }
+
     des_set_key(&ad.session, schedule);
     
     lock = open(lockfile, O_WRONLY|O_CREAT, 0600);
@@ -166,7 +179,7 @@ kprop(int s)
 	klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno));
 	return 1;
     }
-    if(k_flock(lock, K_LOCK_EX | K_LOCK_NB)){
+    if(flock(lock, LOCK_EX | LOCK_NB)){
 	close(lock);
 	klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno));
 	return 1;
@@ -183,15 +196,15 @@ kprop(int s)
 	return 1;
     }
     close(lock);
-    snprintf(command, sizeof(command),
-	     "%s %s %s %s", kdb_util, kdb_util_command, 
-	    lockfile, database);
-    if(system(command) == 0){
+    
+    if(simple_execlp(kdb_util, "kdb_util", kdb_util_command, 
+		     lockfile, database, NULL) != 0) {
+	klog(L_KRB_PERR, "*** Propagation failed ***");
+	return 1;
+    }else{
 	klog(L_KRB_PERR, "Propagation finished successfully");
 	return 0;
     }
-    klog(L_KRB_PERR, "*** Propagation failed ***");
-    return 1;
 }
 
 static int
@@ -279,7 +292,7 @@ main(int argc, char **argv)
 	    kdb_util = optarg;
 	    break;
 	case 'r':
-	    strcpy(realm, optarg);
+	    strcpy_truncate(realm, optarg, REALM_SZ);
 	    break;
 	case 's':
 	    srvtab = optarg;
@@ -293,6 +306,15 @@ main(int argc, char **argv)
 	    exit(1);
 	}
     }
+    if (!interactive) {
+      /* Use logfile as stderr so we don't lose error messages. */
+      int fd = open(logfile, O_CREAT | O_WRONLY | O_APPEND, 0600);
+      if (fd == -1)
+	klog(L_KRB_PERR, "Can't open logfile %s: %s", logfile,strerror(errno));
+      else
+	dup2(fd, 2);
+      close(fd);
+    }
     kset_logfile(logfile);
     if (interactive)
       return doit_interactive ();
diff --git a/crypto/kerberosIV/slave/slav_locl.h b/crypto/kerberosIV/slave/slav_locl.h
index 760fb9d..50c19e6 100644
--- a/crypto/kerberosIV/slave/slav_locl.h
+++ b/crypto/kerberosIV/slave/slav_locl.h
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  */
 
-/* $Id: slav_locl.h,v 1.11 1997/05/20 18:40:47 bg Exp $ */
+/* $Id: slav_locl.h,v 1.13 1998/06/13 00:07:00 assar Exp $ */
 
 #ifndef __slav_locl_h
 #define __slav_locl_h
@@ -86,6 +86,9 @@
 
 #ifdef SOCKS
 #include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent  *gethostbyname(const char *);
 #endif
 
 #include <roken.h>
@@ -96,6 +99,8 @@
 #include <prot.h>
 #include <kdc.h>
 
+#include <krb_log.h>
+
 #include "kprop.h"
 
 #endif /*  __slav_locl_h */