Initial import of eBones.

(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.

7 files changed, 1379 insertions, 0 deletions

diff --git a/eBones/kdb/Makefile b/eBones/kdb/Makefile
new file mode 100644
index 0000000..b69c0d9
--- /dev/null
+++ b/eBones/kdb/Makefile
@@ -0,0 +1,11 @@
+#	From: @(#)Makefile	5.1 (Berkeley) 6/25/90
+#	$Id: Makefile,v 1.3 1994/09/09 21:43:41 g89r4222 Exp $
+
+SHLIB_MAJOR= 2
+SHLIB_MINOR= 0
+
+LIB=	kdb
+CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include
+SRCS=	krb_cache.c krb_dbm.c krb_kdb_utils.c krb_lib.c print_princ.c
+
+.include <bsd.lib.mk>
diff --git a/eBones/kdb/krb_cache.c b/eBones/kdb/krb_cache.c
new file mode 100644
index 0000000..4d8c594
--- /dev/null
+++ b/eBones/kdb/krb_cache.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>.
+ *
+ * This is where a cache would be implemented, if it were necessary.
+ *
+ *	from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $
+ *	$Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/uio.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <strings.h>
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+
+extern char *strncpy();
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+#endif
+static  init = 0;
+
+/*
+ * initialization routine for cache 
+ */
+
+int
+kerb_cache_init()
+{
+    init = 1;
+    return (0);
+}
+
+/*
+ * look up a principal in the cache returns number of principals found 
+ */
+
+int
+kerb_cache_get_principal(serv, inst, principal, max)
+    char   *serv;		/* could have wild card */
+    char   *inst;		/* could have wild card */
+    Principal *principal;
+    unsigned int max;		/* max number of name structs to return */
+
+{
+    int     found = 0;
+    u_long  i;
+
+    if (!init)
+	kerb_cache_init();
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "cache_get_principal for %s %s max = %d\n",
+	    serv, inst, max);
+#endif DEBUG
+    
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	if (found) {
+	    fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+		serv, inst, principal->name, principal->instance);
+	} else {
+	    fprintf(stderr, "cache %s %s not found\n", serv,
+		inst);
+	}
+    }
+#endif
+    return (found);
+}
+
+/*
+ * insert/replace a principal in the cache returns number of principals
+ * inserted 
+ */
+
+int
+kerb_cache_put_principal(principal, max)
+    Principal *principal;
+    unsigned int max;		/* max number of principal structs to
+				 * insert */
+
+{
+    int     found = 0;
+    u_long  i;
+    int     count = 0;
+
+    if (!init)
+	kerb_cache_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	fprintf(stderr, "kerb_cache_put_principal  max = %d",
+	    max);
+    }
+#endif
+    
+    for (i = 0; i < max; i++) {
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr, "\n %s %s",
+		    principal->name, principal->instance);
+#endif	
+	/* DO IT */
+	count++;
+	principal++;
+    }
+    return count;
+}
+
+/*
+ * look up a dba in the cache returns number of dbas found 
+ */
+
+int
+kerb_cache_get_dba(serv, inst, dba, max)
+    char   *serv;		/* could have wild card */
+    char   *inst;		/* could have wild card */
+    Dba    *dba;
+    unsigned int max;		/* max number of name structs to return */
+
+{
+    int     found = 0;
+    u_long  i;
+
+    if (!init)
+	kerb_cache_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "cache_get_dba for %s %s max = %d\n",
+	    serv, inst, max);
+#endif
+
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	if (found) {
+	    fprintf(stderr, "cache get %s %s found %s %s sid = %d\n",
+		serv, inst, dba->name, dba->instance);
+	} else {
+	    fprintf(stderr, "cache %s %s not found\n", serv, inst);
+	}
+    }
+#endif
+    return (found);
+}
+
+/*
+ * insert/replace a dba in the cache returns number of dbas inserted 
+ */
+
+int
+kerb_cache_put_dba(dba, max)
+    Dba    *dba;
+    unsigned int max;		/* max number of dba structs to insert */
+
+{
+    int     found = 0;
+    u_long  i;
+    int     count = 0;
+
+    if (!init)
+	kerb_cache_init();
+#ifdef DEBUG
+    if (kerb_debug & 2) {
+	fprintf(stderr, "kerb_cache_put_dba  max = %d", max);
+    }
+#endif
+    for (i = 0; i < max; i++) {
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr, "\n %s %s",
+		    dba->name, dba->instance);
+#endif	
+	/* DO IT */
+	count++;
+	dba++;
+    }
+    return count;
+}
+
diff --git a/eBones/kdb/krb_dbl.c b/eBones/kdb/krb_dbl.c
new file mode 100644
index 0000000..7776298
--- /dev/null
+++ b/eBones/kdb/krb_dbl.c
@@ -0,0 +1 @@
+This file is now obsolete.
diff --git a/eBones/kdb/krb_dbm.c b/eBones/kdb/krb_dbm.c
new file mode 100644
index 0000000..754dd68
--- /dev/null
+++ b/eBones/kdb/krb_dbm.c
@@ -0,0 +1,741 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ *	from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $
+ *	$Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $";
+#endif	lint
+
+#if defined(__FreeBSD__)
+#define NDBM
+#endif
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/uio.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+#include <sys/errno.h>
+#include <strings.h>
+#include <des.h>
+#include <sys/file.h>
+#ifdef NDBM
+#include <ndbm.h>
+#else /*NDBM*/
+#include <dbm.h>
+#endif /*NDBM*/
+/* before krb_db.h */
+#include <krb.h>
+#include <krb_db.h>
+
+#define KERB_DB_MAX_RETRY 5
+
+#ifdef DEBUG
+extern int debug;
+extern long kerb_debug;
+extern char *progname;
+#endif
+extern char *malloc();
+extern int errno;
+
+static  init = 0;
+static char default_db_name[] = DBM_FILE;
+static char *current_db_name = default_db_name;
+static void encode_princ_key(), decode_princ_key();
+static void encode_princ_contents(), decode_princ_contents();
+static void kerb_dbl_fini();
+static int kerb_dbl_lock();
+static void kerb_dbl_unlock();
+
+static struct timeval timestamp;/* current time of request */
+static int non_blocking = 0;
+
+/*
+ * This module contains all of the code which directly interfaces to
+ * the underlying representation of the Kerberos database; this
+ * implementation uses a DBM or NDBM indexed "file" (actually
+ * implemented as two separate files) to store the relations, plus a
+ * third file as a semaphore to allow the database to be replaced out
+ * from underneath the KDC server.
+ */
+
+/*
+ * Locking:
+ * 
+ * There are two distinct locking protocols used.  One is designed to
+ * lock against processes (the admin_server, for one) which make
+ * incremental changes to the database; the other is designed to lock
+ * against utilities (kdb_util, kpropd) which replace the entire
+ * database in one fell swoop.
+ *
+ * The first locking protocol is implemented using flock() in the 
+ * krb_dbl_lock() and krb_dbl_unlock routines.
+ *
+ * The second locking protocol is necessary because DBM "files" are
+ * actually implemented as two separate files, and it is impossible to
+ * atomically rename two files simultaneously.  It assumes that the
+ * database is replaced only very infrequently in comparison to the time
+ * needed to do a database read operation.
+ *
+ * A third file is used as a "version" semaphore; the modification
+ * time of this file is the "version number" of the database.
+ * At the start of a read operation, the reader checks the version
+ * number; at the end of the read operation, it checks again.  If the
+ * version number changed, or if the semaphore was nonexistant at
+ * either time, the reader sleeps for a second to let things
+ * stabilize, and then tries again; if it does not succeed after
+ * KERB_DB_MAX_RETRY attempts, it gives up.
+ * 
+ * On update, the semaphore file is deleted (if it exists) before any
+ * update takes place; at the end of the update, it is replaced, with
+ * a version number strictly greater than the version number which
+ * existed at the start of the update.
+ * 
+ * If the system crashes in the middle of an update, the semaphore
+ * file is not automatically created on reboot; this is a feature, not
+ * a bug, since the database may be inconsistant.  Note that the
+ * absence of a semaphore file does not prevent another _update_ from
+ * taking place later.  Database replacements take place automatically
+ * only on slave servers; a crash in the middle of an update will be
+ * fixed by the next slave propagation.  A crash in the middle of an
+ * update on the master would be somewhat more serious, but this would
+ * likely be noticed by an administrator, who could fix the problem and
+ * retry the operation.
+ */
+
+/* Macros to convert ndbm names to dbm names.
+ * Note that dbm_nextkey() cannot be simply converted using a macro, since
+ * it is invoked giving the database, and nextkey() needs the previous key.
+ *
+ * Instead, all routines call "dbm_next" instead.
+ */
+
+#ifndef NDBM
+typedef char DBM;
+
+#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0))
+#define dbm_fetch(db, key) fetch(key)
+#define dbm_store(db, key, content, flag) store(key, content)
+#define dbm_firstkey(db) firstkey()
+#define dbm_next(db,key) nextkey(key)
+#define dbm_close(db) dbmclose()
+#else
+#define dbm_next(db,key) dbm_nextkey(db)
+#endif
+
+/*
+ * Utility routine: generate name of database file.
+ */
+
+static char *gen_dbsuffix(db_name, sfx)
+    char *db_name;
+    char *sfx;
+{
+    char *dbsuffix;
+    
+    if (sfx == NULL)
+	sfx = ".ok";
+
+    dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1);
+    strcpy(dbsuffix, db_name);
+    strcat(dbsuffix, sfx);
+    return dbsuffix;
+}
+
+/*
+ * initialization for data base routines.
+ */
+
+kerb_db_init()
+{
+    init = 1;
+    return (0);
+}
+
+/*
+ * gracefully shut down database--must be called by ANY program that does
+ * a kerb_db_init 
+ */
+
+kerb_db_fini()
+{
+}
+
+/*
+ * Set the "name" of the current database to some alternate value.
+ *
+ * Passing a null pointer as "name" will set back to the default.
+ * If the alternate database doesn't exist, nothing is changed.
+ */
+
+kerb_db_set_name(name)
+	char *name;
+{
+    DBM *db;
+
+    if (name == NULL)
+	name = default_db_name;
+    db = dbm_open(name, 0, 0);
+    if (db == NULL)
+	return errno;
+    dbm_close(db);
+    kerb_dbl_fini();
+    current_db_name = name;
+    return 0;
+}
+
+/*
+ * Return the last modification time of the database.
+ */
+
+long kerb_get_db_age()
+{
+    struct stat st;
+    char *okname;
+    long age;
+    
+    okname = gen_dbsuffix(current_db_name, ".ok");
+
+    if (stat (okname, &st) < 0)
+	age = 0;
+    else
+	age = st.st_mtime;
+
+    free (okname);
+    return age;
+}
+
+/*
+ * Remove the semaphore file; indicates that database is currently
+ * under renovation.
+ *
+ * This is only for use when moving the database out from underneath
+ * the server (for example, during slave updates).
+ */
+
+static long kerb_start_update(db_name)
+    char *db_name;
+{
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    long age = kerb_get_db_age();
+    
+    if (unlink(okname) < 0
+	&& errno != ENOENT) {
+	    age = -1;
+    }
+    free (okname);
+    return age;
+}
+
+static long kerb_end_update(db_name, age)
+    char *db_name;
+    long age;
+{
+    int fd;
+    int retval = 0;
+    char *new_okname = gen_dbsuffix(db_name, ".ok#");
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    
+    fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+    if (fd < 0)
+	retval = errno;
+    else {
+	struct stat st;
+	struct timeval tv[2];
+	/* make sure that semaphore is "after" previous value. */
+	if (fstat (fd, &st) == 0
+	    && st.st_mtime <= age) {
+	    tv[0].tv_sec = st.st_atime;
+	    tv[0].tv_usec = 0;
+	    tv[1].tv_sec = age;
+	    tv[1].tv_usec = 0;
+	    /* set times.. */
+	    utimes (new_okname, tv);
+	    fsync(fd);
+	}
+	close(fd);
+	if (rename (new_okname, okname) < 0)
+	    retval = errno;
+    }
+
+    free (new_okname);
+    free (okname);
+
+    return retval;
+}
+
+static long kerb_start_read()
+{
+    return kerb_get_db_age();
+}
+
+static long kerb_end_read(age)
+    u_long age;
+{
+    if (kerb_get_db_age() != age || age == -1) {
+	return -1;
+    }
+    return 0;
+}
+
+/*
+ * Create the database, assuming it's not there.
+ */
+
+kerb_db_create(db_name)
+    char *db_name;
+{
+    char *okname = gen_dbsuffix(db_name, ".ok");
+    int fd;
+    register int ret = 0;
+#ifdef NDBM
+    DBM *db;
+
+    db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600);
+    if (db == NULL)
+	ret = errno;
+    else
+	dbm_close(db);
+#else
+    char *dirname = gen_dbsuffix(db_name, ".dir");
+    char *pagname = gen_dbsuffix(db_name, ".pag");
+
+    fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600);
+    if (fd < 0)
+	ret = errno;
+    else {
+	close(fd);
+	fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600);
+	if (fd < 0)
+	    ret = errno;
+	else
+	    close(fd);
+    }
+    if (dbminit(db_name) < 0)
+	ret = errno;
+#endif
+    if (ret == 0) {
+	fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600);
+	if (fd < 0)
+	    ret = errno;
+	close(fd);
+    }
+    return ret;
+}
+
+/*
+ * "Atomically" rename the database in a way that locks out read
+ * access in the middle of the rename.
+ *
+ * Not perfect; if we crash in the middle of an update, we don't
+ * necessarily know to complete the transaction the rename, but...
+ */
+
+kerb_db_rename(from, to)
+    char *from;
+    char *to;
+{
+    char *fromdir = gen_dbsuffix (from, ".dir");
+    char *todir = gen_dbsuffix (to, ".dir");
+    char *frompag = gen_dbsuffix (from , ".pag");
+    char *topag = gen_dbsuffix (to, ".pag");
+    char *fromok = gen_dbsuffix(from, ".ok");
+    long trans = kerb_start_update(to);
+    int ok;
+    
+    if ((rename (fromdir, todir) == 0)
+	&& (rename (frompag, topag) == 0)) {
+	(void) unlink (fromok);
+	ok = 1;
+    }
+
+    free (fromok);
+    free (fromdir);
+    free (todir);
+    free (frompag);
+    free (topag);
+    if (ok)
+	return kerb_end_update(to, trans);
+    else
+	return -1;
+}
+
+/*
+ * look up a principal in the data base returns number of principals
+ * found , and whether there were more than requested. 
+ */
+
+kerb_db_get_principal(name, inst, principal, max, more)
+    char   *name;		/* could have wild card */
+    char   *inst;		/* could have wild card */
+    Principal *principal;
+    unsigned int max;		/* max number of name structs to return */
+    int    *more;		/* where there more than 'max' tuples? */
+
+{
+    int     found = 0, code;
+    extern int errorproc();
+    int     wildp, wildi;
+    datum   key, contents;
+    char    testname[ANAME_SZ], testinst[INST_SZ];
+    u_long trans;
+    int try;
+    DBM    *db;
+
+    if (!init)
+	kerb_db_init();		/* initialize database routines */
+
+    for (try = 0; try < KERB_DB_MAX_RETRY; try++) {
+	trans = kerb_start_read();
+
+	if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+	    return -1;
+
+	db = dbm_open(current_db_name, O_RDONLY, 0600);
+
+	*more = 0;
+
+#ifdef DEBUG
+	if (kerb_debug & 2)
+	    fprintf(stderr,
+		    "%s: db_get_principal for %s %s max = %d",
+		    progname, name, inst, max);
+#endif
+
+	wildp = !strcmp(name, "*");
+	wildi = !strcmp(inst, "*");
+
+	if (!wildi && !wildp) {	/* nothing's wild */
+	    encode_princ_key(&key, name, inst);
+	    contents = dbm_fetch(db, key);
+	    if (contents.dptr == NULL) {
+		found = 0;
+		goto done;
+	    }
+	    decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+	    if (kerb_debug & 1) {
+		fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n",
+			principal->name, principal->instance,
+			strlen(principal->name),
+			strlen(principal->instance));
+	    }
+#endif
+	    found = 1;
+	    goto done;
+	}
+	/* process wild cards by looping through entire database */
+
+	for (key = dbm_firstkey(db); key.dptr != NULL;
+	     key = dbm_next(db, key)) {
+	    decode_princ_key(&key, testname, testinst);
+	    if ((wildp || !strcmp(testname, name)) &&
+		(wildi || !strcmp(testinst, inst))) { /* have a match */
+		if (found >= max) {
+		    *more = 1;
+		    goto done;
+		} else {
+		    found++;
+		    contents = dbm_fetch(db, key);
+		    decode_princ_contents(&contents, principal);
+#ifdef DEBUG
+		    if (kerb_debug & 1) {
+			fprintf(stderr,
+				"\tfound %s %s p_n length %d t_n length %d\n",
+				principal->name, principal->instance,
+				strlen(principal->name),
+				strlen(principal->instance));
+		    }
+#endif
+		    principal++; /* point to next */
+		}
+	    }
+	}
+
+    done:
+	kerb_dbl_unlock();	/* unlock read lock */
+	dbm_close(db);
+	if (kerb_end_read(trans) == 0)
+	    break;
+	found = -1;
+	if (!non_blocking)
+	    sleep(1);
+    }
+    return (found);
+}
+
+/*
+ * Update a name in the data base.  Returns number of names
+ * successfully updated.
+ */
+
+kerb_db_put_principal(principal, max)
+    Principal *principal;
+    unsigned int max;		/* number of principal structs to
+				 * update */
+
+{
+    int     found = 0, code;
+    u_long  i;
+    extern int errorproc();
+    datum   key, contents;
+    DBM    *db;
+
+    gettimeofday(&timestamp, NULL);
+
+    if (!init)
+	kerb_db_init();
+
+    if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0)
+	return -1;
+
+    db = dbm_open(current_db_name, O_RDWR, 0600);
+
+#ifdef DEBUG
+    if (kerb_debug & 2)
+	fprintf(stderr, "%s: kerb_db_put_principal  max = %d",
+	    progname, max);
+#endif
+
+    /* for each one, stuff temps, and do replace/append */
+    for (i = 0; i < max; i++) {
+	encode_princ_contents(&contents, principal);
+	encode_princ_key(&key, principal->name, principal->instance);
+	dbm_store(db, key, contents, DBM_REPLACE);
+#ifdef DEBUG
+	if (kerb_debug & 1) {
+	    fprintf(stderr, "\n put %s %s\n",
+		principal->name, principal->instance);
+	}
+#endif
+	found++;
+	principal++;		/* bump to next struct			   */
+    }
+
+    dbm_close(db);
+    kerb_dbl_unlock();		/* unlock database */
+    return (found);
+}
+
+static void
+encode_princ_key(key, name, instance)
+    datum  *key;
+    char   *name, *instance;
+{
+    static char keystring[ANAME_SZ + INST_SZ];
+
+    bzero(keystring, ANAME_SZ + INST_SZ);
+    strncpy(keystring, name, ANAME_SZ);
+    strncpy(&keystring[ANAME_SZ], instance, INST_SZ);
+    key->dptr = keystring;
+    key->dsize = ANAME_SZ + INST_SZ;
+}
+
+static void
+decode_princ_key(key, name, instance)
+    datum  *key;
+    char   *name, *instance;
+{
+    strncpy(name, key->dptr, ANAME_SZ);
+    strncpy(instance, key->dptr + ANAME_SZ, INST_SZ);
+    name[ANAME_SZ - 1] = '\0';
+    instance[INST_SZ - 1] = '\0';
+}
+
+static void
+encode_princ_contents(contents, principal)
+    datum  *contents;
+    Principal *principal;
+{
+    contents->dsize = sizeof(*principal);
+    contents->dptr = (char *) principal;
+}
+
+static void
+decode_princ_contents(contents, principal)
+    datum  *contents;
+    Principal *principal;
+{
+    bcopy(contents->dptr, (char *) principal, sizeof(*principal));
+}
+
+kerb_db_get_stat(s)
+    DB_stat *s;
+{
+    gettimeofday(&timestamp, NULL);
+
+
+    s->cpu = 0;
+    s->elapsed = 0;
+    s->dio = 0;
+    s->pfault = 0;
+    s->t_stamp = timestamp.tv_sec;
+    s->n_retrieve = 0;
+    s->n_replace = 0;
+    s->n_append = 0;
+    s->n_get_stat = 0;
+    s->n_put_stat = 0;
+    /* update local copy too */
+}
+
+kerb_db_put_stat(s)
+    DB_stat *s;
+{
+}
+
+delta_stat(a, b, c)
+    DB_stat *a, *b, *c;
+{
+    /* c = a - b then b = a for the next time */
+
+    c->cpu = a->cpu - b->cpu;
+    c->elapsed = a->elapsed - b->elapsed;
+    c->dio = a->dio - b->dio;
+    c->pfault = a->pfault - b->pfault;
+    c->t_stamp = a->t_stamp - b->t_stamp;
+    c->n_retrieve = a->n_retrieve - b->n_retrieve;
+    c->n_replace = a->n_replace - b->n_replace;
+    c->n_append = a->n_append - b->n_append;
+    c->n_get_stat = a->n_get_stat - b->n_get_stat;
+    c->n_put_stat = a->n_put_stat - b->n_put_stat;
+
+    bcopy(a, b, sizeof(DB_stat));
+    return;
+}
+
+/*
+ * look up a dba in the data base returns number of dbas found , and
+ * whether there were more than requested. 
+ */
+
+kerb_db_get_dba(dba_name, dba_inst, dba, max, more)
+    char   *dba_name;		/* could have wild card */
+    char   *dba_inst;		/* could have wild card */
+    Dba    *dba;
+    unsigned int max;		/* max number of name structs to return */
+    int    *more;		/* where there more than 'max' tuples? */
+
+{
+    *more = 0;
+    return (0);
+}
+
+kerb_db_iterate (func, arg)
+    int (*func)();
+    char *arg;			/* void *, really */
+{
+    datum key, contents;
+    Principal *principal;
+    int code;
+    DBM *db;
+    
+    kerb_db_init();		/* initialize and open the database */
+    if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0)
+	return code;
+
+    db = dbm_open(current_db_name, O_RDONLY, 0600);
+
+    for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) {
+	contents = dbm_fetch (db, key);
+	/* XXX may not be properly aligned */
+	principal = (Principal *) contents.dptr;
+	if ((code = (*func)(arg, principal)) != 0)
+	    return code;
+    }
+    dbm_close(db);
+    kerb_dbl_unlock();
+    return 0;
+}
+
+static int dblfd = -1;
+static int mylock = 0;
+static int inited = 0;
+
+static kerb_dbl_init()
+{
+    if (!inited) {
+	char *filename = gen_dbsuffix (current_db_name, ".ok");
+	if ((dblfd = open(filename, 0)) < 0) {
+	    fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename);
+	    fflush(stderr);
+	    perror("open");
+	    exit(1);
+	}
+	free(filename);
+	inited++;
+    }
+    return (0);
+}
+
+static void kerb_dbl_fini()
+{
+    close(dblfd);
+    dblfd = -1;
+    inited = 0;
+    mylock = 0;
+}
+
+static int kerb_dbl_lock(mode)
+    int     mode;
+{
+    int flock_mode;
+    
+    if (!inited)
+	kerb_dbl_init();
+    if (mylock) {		/* Detect lock call when lock already
+				 * locked */
+	fprintf(stderr, "Kerberos locking error (mylock)\n");
+	fflush(stderr);
+	exit(1);
+    }
+    switch (mode) {
+    case KERB_DBL_EXCLUSIVE:
+	flock_mode = LOCK_EX;
+	break;
+    case KERB_DBL_SHARED:
+	flock_mode = LOCK_SH;
+	break;
+    default:
+	fprintf(stderr, "invalid lock mode %d\n", mode);
+	abort();
+    }
+    if (non_blocking)
+	flock_mode |= LOCK_NB;
+    
+    if (flock(dblfd, flock_mode) < 0) 
+	return errno;
+    mylock++;
+    return 0;
+}
+
+static void kerb_dbl_unlock()
+{
+    if (!mylock) {		/* lock already unlocked */
+	fprintf(stderr, "Kerberos database lock not locked when unlocking.\n");
+	fflush(stderr);
+	exit(1);
+    }
+    if (flock(dblfd, LOCK_UN) < 0) {
+	fprintf(stderr, "Kerberos database lock error. (unlocking)\n");
+	fflush(stderr);
+	perror("flock");
+	exit(1);
+    }
+    mylock = 0;
+}
+
+int kerb_db_set_lockmode(mode)
+    int mode;
+{
+    int old = non_blocking;
+    non_blocking = mode;
+    return old;
+}
diff --git a/eBones/kdb/krb_kdb_utils.c b/eBones/kdb/krb_kdb_utils.c
new file mode 100644
index 0000000..5fccc53
--- /dev/null
+++ b/eBones/kdb/krb_kdb_utils.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>.
+ *
+ * Utility routines for Kerberos programs which directly access
+ * the database.  This code was duplicated in too many places
+ * before I gathered it here.
+ *
+ * Jon Rochlis, MIT Telecom, March 1988
+ *
+ *	from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $
+ *	$Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $";
+#endif	lint
+
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+#include <kdc.h>
+#include <stdio.h>
+#include <sys/file.h>
+
+long kdb_get_master_key(prompt, master_key, master_key_sched)
+     int prompt;
+     C_Block master_key;
+     Key_schedule master_key_sched;
+{
+  int kfile;
+
+  if (prompt)  {
+#ifdef NOENCRYPTION
+      placebo_read_password(master_key,
+			    "\nEnter Kerberos master key: ", 0);
+#else
+      des_read_password(master_key,
+			     "\nEnter Kerberos master key: ", 0);
+#endif
+      printf ("\n");
+  }
+  else {
+    kfile = open(MKEYFILE, O_RDONLY, 0600);
+    if (kfile < 0) {
+      /* oh, for com_err_ */
+      return (-1);
+    }
+    if (read(kfile, (char *) master_key, 8) != 8) {
+      return (-1);
+    }
+    close(kfile);
+  }
+
+#ifndef NOENCRYPTION
+  key_sched(master_key,master_key_sched);
+#endif
+  return (0);
+}
+
+/* The caller is reasponsible for cleaning up the master key and sched,
+   even if we can't verify the master key */
+
+/* Returns master key version if successful, otherwise -1 */
+
+long kdb_verify_master_key (master_key, master_key_sched, out)
+     C_Block master_key;
+     Key_schedule master_key_sched;
+     FILE *out;  /* setting this to non-null be do output */
+{
+  C_Block key_from_db;
+  Principal principal_data[1];
+  int n, more = 0;
+  long master_key_version;
+
+  /* lookup the master key version */
+  n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
+			 1 /* only one please */, &more);
+  if ((n != 1) || more) {
+    if (out != (FILE *) NULL) 
+      fprintf(out,
+	      "verify_master_key: %s, %d found.\n",
+	      "Kerberos error on master key version lookup",
+	      n);
+    return (-1);
+  }
+
+  master_key_version = (long) principal_data[0].key_version;
+
+  /* set up the master key */
+  if (out != (FILE *) NULL)  /* should we punt this? */
+    fprintf(out, "Current Kerberos master key version is %d.\n",
+	    principal_data[0].kdc_key_ver);
+
+  /*
+   * now use the master key to decrypt the key in the db, had better
+   * be the same! 
+   */
+  bcopy(&principal_data[0].key_low, key_from_db, 4);
+  bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4);
+  kdb_encrypt_key (key_from_db, key_from_db, 
+		   master_key, master_key_sched, DECRYPT);
+
+  /* the decrypted database key had better equal the master key */
+  n = bcmp((char *) master_key, (char *) key_from_db,
+	   sizeof(master_key));
+  /* this used to zero the master key here! */
+  bzero(key_from_db, sizeof(key_from_db));
+  bzero(principal_data, sizeof (principal_data));
+
+  if (n && (out != (FILE *) NULL)) {
+    fprintf(out, "\n\07\07verify_master_key: Invalid master key; ");
+    fprintf(out, "does not match database.\n");
+    return (-1);
+  }
+  if (out != (FILE *) NULL) {
+    fprintf(out, "\nMaster key entered.  BEWARE!\07\07\n");
+    fflush(out);
+  }
+
+  return (master_key_version);
+}
+
+/* The old algorithm used the key schedule as the initial vector which
+   was byte order depedent ... */
+
+kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag)
+     C_Block in, out, master_key;
+     Key_schedule master_key_sched;
+     int e_d_flag;
+{
+
+#ifdef NOENCRYPTION
+  bcopy(in, out, sizeof(C_Block));
+#else
+  pcbc_encrypt(in,out,(long)sizeof(C_Block),master_key_sched,master_key,
+ 	e_d_flag);
+#endif
+}
diff --git a/eBones/kdb/krb_lib.c b/eBones/kdb/krb_lib.c
new file mode 100644
index 0000000..f0f1f6f
--- /dev/null
+++ b/eBones/kdb/krb_lib.c
@@ -0,0 +1,242 @@
+/*
+ * $Source: /home/CVS/src/eBones/kdb/krb_lib.c,v $
+ * $Author: g89r4222 $ 
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology. 
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>. 
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: krb_lib.c,v 1.2 1994/07/19 19:23:39 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/uio.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <strings.h>
+#include <des.h>
+#include <krb.h>
+#include <krb_db.h>
+
+#ifdef DEBUG
+extern int debug;
+extern char *progname;
+long    kerb_debug;
+#endif
+
+extern char *strncpy();
+extern char *ctime();
+extern char *getenv();
+
+static  init = 0;
+
+/*
+ * initialization routine for data base 
+ */
+
+int
+kerb_init()
+{
+#ifdef DEBUG
+    if (!init) {
+	char *dbg = getenv("KERB_DBG");
+	if (dbg)
+	    sscanf(dbg, "%d", &kerb_debug);
+	init = 1;
+    }
+#endif
+    kerb_db_init();
+
+#ifdef CACHE
+    kerb_cache_init();
+#endif
+
+    /* successful init, return 0, else errcode */
+    return (0);
+}
+
+/*
+ * finalization routine for database -- NOTE: MUST be called by any
+ * program using kerb_init.  ALSO will have to be modified to finalize
+ * caches, if they're ever really implemented. 
+ */
+
+int
+kerb_fini()
+{
+    kerb_db_fini();
+}
+
+/*
+ * look up a principal in the cache or data base returns number of
+ * principals found 
+ */
+
+int
+kerb_get_principal(name, inst, principal, max, more)
+    char   *name;		/* could have wild card */
+    char   *inst;		/* could have wild card */
+    Principal *principal;
+    unsigned int max;		/* max number of name structs to return */
+    int    *more;		/* more tuples than room for */
+
+{
+    int     found = 0;
+#ifdef CACHE
+    static int wild = 0;
+#endif
+    if (!init)
+	kerb_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 1)
+	fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n",
+	    progname, name, inst, max);
+#endif
+    
+    /*
+     * if this is a request including a wild card, have to go to db
+     * since the cache may not be exhaustive. 
+     */
+
+    /* clear the principal area */
+    bzero((char *) principal, max * sizeof(Principal));
+
+#ifdef CACHE
+    /*
+     * so check to see if the name contains a wildcard "*" or "?", not
+     * preceeded by a backslash. 
+     */
+    wild = 0;
+    if (index(name, '*') || index(name, '?') ||
+	index(inst, '*') || index(inst, '?'))
+	wild = 1;
+
+    if (!wild) {
+	/* try the cache first */
+	found = kerb_cache_get_principal(name, inst, principal, max, more);
+	if (found)
+	    return (found);
+    }
+#endif
+    /* If we didn't try cache, or it wasn't there, try db */
+    found = kerb_db_get_principal(name, inst, principal, max, more);
+    /* try to insert principal(s) into cache if it was found */
+#ifdef CACHE
+    if (found) {
+	kerb_cache_put_principal(principal, found);
+    }
+#endif
+    return (found);
+}
+
+/* principals */
+kerb_put_principal(principal, n)
+    Principal *principal;
+    unsigned int n;		/* number of principal structs to write */
+{
+    long time();
+    struct tm *tp, *localtime();
+
+    /* set mod date */
+    principal->mod_date = time((long *)0);
+    /* and mod date string */
+
+    tp = localtime(&principal->mod_date);
+    (void) sprintf(principal->mod_date_txt, "%4d-%2d-%2d",
+		   tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900,
+		   tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */
+#ifdef DEBUG
+    if (kerb_debug & 1) {
+	int i;
+	fprintf(stderr, "\nkerb_put_principal...");
+	for (i = 0; i < n; i++) {
+	    krb_print_principal(&principal[i]);
+	}
+    }
+#endif
+    /* write database */
+    if (kerb_db_put_principal(principal, n) < 0) {
+#ifdef DEBUG
+	if (kerb_debug & 1)
+	    fprintf(stderr, "\n%s: kerb_db_put_principal err", progname);
+	/* watch out for cache */
+#endif
+	return -1;
+    }
+#ifdef CACHE
+    /* write cache */
+    if (!kerb_cache_put_principal(principal, n)) {
+#ifdef DEBUG
+	if (kerb_debug & 1)
+	    fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname);
+#endif
+	return -1;
+    }
+#endif
+    return 0;
+}
+
+int
+kerb_get_dba(name, inst, dba, max, more)
+    char   *name;		/* could have wild card */
+    char   *inst;		/* could have wild card */
+    Dba    *dba;
+    unsigned int max;		/* max number of name structs to return */
+    int    *more;		/* more tuples than room for */
+
+{
+    int     found = 0;
+#ifdef CACHE
+    static int wild = 0;
+#endif
+    if (!init)
+	kerb_init();
+
+#ifdef DEBUG
+    if (kerb_debug & 1)
+	fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n",
+	    progname, name, inst, max);
+#endif
+    /*
+     * if this is a request including a wild card, have to go to db
+     * since the cache may not be exhaustive. 
+     */
+
+    /* clear the dba area */
+    bzero((char *) dba, max * sizeof(Dba));
+
+#ifdef CACHE
+    /*
+     * so check to see if the name contains a wildcard "*" or "?", not
+     * preceeded by a backslash. 
+     */
+
+    wild = 0;
+    if (index(name, '*') || index(name, '?') ||
+	index(inst, '*') || index(inst, '?'))
+	wild = 1;
+
+    if (!wild) {
+	/* try the cache first */
+	found = kerb_cache_get_dba(name, inst, dba, max, more);
+	if (found)
+	    return (found);
+    }
+#endif
+    /* If we didn't try cache, or it wasn't there, try db */
+    found = kerb_db_get_dba(name, inst, dba, max, more);
+#ifdef CACHE
+    /* try to insert dba(s) into cache if it was found */
+    if (found) {
+	kerb_cache_put_dba(dba, found);
+    }
+#endif
+    return (found);
+}
diff --git a/eBones/kdb/print_princ.c b/eBones/kdb/print_princ.c
new file mode 100644
index 0000000..730cfb7
--- /dev/null
+++ b/eBones/kdb/print_princ.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1988 by the Massachusetts Institute of Technology. 
+ * For copying and distribution information, please see the file
+ * <Copyright.MIT>. 
+ *
+ *	from: $Header: /home/CVS/src/eBones/kdb/print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $
+ *	$Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $
+ */
+
+#ifndef	lint
+static char rcsid[] =
+"$Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $";
+#endif	lint
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <strings.h>
+#include <krb.h>
+#include <krb_db.h>
+
+extern int debug;
+extern char *strncpy();
+extern char *ctime();
+extern struct tm *localtime();
+struct tm *time_p;
+
+long    kerb_debug;
+
+krb_print_principal(a_n)
+    Principal *a_n;
+{
+    /* run-time database does not contain string versions */
+    time_p = localtime(&(a_n->exp_date));
+
+    fprintf(stderr,
+    "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min  attr 0x%02x",
+    a_n->name, a_n->instance,
+    time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900,
+    time_p->tm_mon + 1, time_p->tm_mday,
+    time_p->tm_hour, time_p->tm_min,
+    a_n->max_life, 5 * a_n->max_life, a_n->attributes);
+
+    fprintf(stderr,
+    "\n\tkey_ver %d  k_low 0x%08x  k_high 0x%08x  akv %d  exists %d\n",
+    a_n->key_version, a_n->key_low, a_n->key_high,
+    a_n->kdc_key_ver, a_n->old);
+
+    fflush(stderr);
+}